My *nix world

Dropbox OAuth authentication

In the last three days I worked to create a WordPress plugin that simply creates a multi-volume compressed backup for a specified directory (eg. entire website) and then uploads it on my Dropbox repository. Maybe I will write an article about the backup part someday but now I want only to explain the process of acquiring the authorization code for the Dropbox storage repository.

Dropbox provides the OAuth version 1 and 2 authorization model. The SDK I am using (v1.1.3 as of 2014.03.11) implements Dropbox OAuth authentication version 2.0 only.

You need only two things to know before everything else:

  1. To be able to connect your application to Dropbox (to download,upload,search and delete files from Dropbox storage repository) you must firstly create a Dropbox API application and then get the authorization code (token) which is necessary during the authentication session of your client application.
  1. In order to get that access token you must copy your Dropbox application App key and App secret from Dropbox App Console because you will need them later. Once you have this key-secret pair you can request the Dropbox access token by using one of the two methods described below.

Transparently request token with OAuth redirect URI

This method has the advantage that the whole process is quite transparently for the end-user. The user must, however, provide the app key and the app secret but then everything is done quite transparently.

The code below illustrates how to obtain the access token without user intervention (transparently). The code is using the Dropbox API SDK for PHP (see line 3).

Basically the code will check if you have entered the App key and App secret and if you didn't then it will provide a form for you that will simplify this process for you. When you submit the form (see /dropbox-save-key-secret) the key-secret is temporarly saved to disk and a two-step authentication process is started by sending a request to the Dropbox server. The request (see /dropbox-auth-start) includes, among other query parameters, a callback/redirect URI where the Dropbox response has to be redirected. The redirect URI is actually the same script but with a different action (namely /dropbox-auth-finish). The Dropbox response will include the access token that will be saved on the local disk for later use. You can use this token anytime you want.

The function that takes care of the 2-steps authentication is called authRun. The other functions are just helper functions the authRun function depends on.


Request token without OAuth redirect URI (requires user intervention)

This procedure is slightly similar with the previous one, it's also a two-step authorization process. The greatest difference is the method used to gain the authorization code. It is WebAuthNoRedirect (se line 12 below) while in the previous method we've used the WebAuth (see line 106 above).

This method has the advantage of simplicity: no redirection required since the end-user is involved in the authorization process. So if you cope with the fact that the end-user is involved three times (instead only once, see previous method) in the authorization process then I guess this method is preferable.

The code below illustrates how it works:


Now, if you think that this article was interesting don't forget to rate it. It shows me that you care and thus I will continue write about these things.

The following two tabs change content below.
Dropbox OAuth authentication

Eugen Mihailescu

Founder/programmer/one-man-show at Cubique Software
Always looking to learn more about *nix world, about the fundamental concepts of math, physics, electronics. I am also passionate about programming, database and systems administration. 16+ yrs experience in software development, designing enterprise systems, IT support and troubleshooting.
Tagged on: ,

Leave a Reply

Your email address will not be published. Required fields are marked *


Get every new post on this blog delivered to your Inbox.

Join other followers: