Class DbxPKCEWebAuth

java.lang.Object
com.dropbox.core.DbxPKCEWebAuth

public class DbxPKCEWebAuth extends Object
This class does the OAuth2 "authorization code" flow with Proof Key for Code Exchange(PKCE). PKCE allows "authorization code" flow without "client_secret". It enables "native application", which is ensafe to hardcode client_secret in code, to use "authorization code". If you application has a server, please use regular DbxWebAuth instead. PKCE is more secure than "token" flow. If authorization code is compromised during transmission, it can't be used to exchange for access token without random generated code_verifier, which is stored inside SDK. DbxPKCEWebAuth and DbxWebAuth has the same interface and slightly different behavior:
  1. The constructor should take DbxAppInfo without app secret.
  2. Two step of OAuth2: authorize(DbxWebAuth.Request) and finishFromRedirect(String, DbxSessionStore, Map), should be called on the same object.
See Also: