Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support the "Code" Authorization flow #64

Closed
ChrisAlvares opened this issue Aug 24, 2016 · 12 comments · Fixed by #265
Closed

Support the "Code" Authorization flow #64

ChrisAlvares opened this issue Aug 24, 2016 · 12 comments · Fixed by #265

Comments

@ChrisAlvares
Copy link

ChrisAlvares commented Aug 24, 2016

Currently, only the token authorization flow is working, which is fine for front end frameworks, but using nodejs, it is way more secure to use the code authorization flow so that the access token is not exposed to users or browser extensions.

I am guessing two things need to be supported here: the clientSecret parameter and a new method for converting a code to an access token.

@greg-db
Copy link
Contributor

greg-db commented Aug 25, 2016

Thanks! We'll consider it a feature request.

@b-dur
Copy link

b-dur commented Nov 11, 2016

I need this functionality as well.

But in the meantime I created an "extension" package that does the trick for me. Maybe it could be useful for others too.

It can be found here: https://www.npmjs.com/package/dropbox-client-oauth2

@sidhuko
Copy link
Contributor

sidhuko commented May 19, 2017

@greg-db any news on this?

@greg-db
Copy link
Contributor

greg-db commented May 19, 2017

No, I don't have an update on this.

@stevemao
Copy link

@b-dur your module works well for me. Why don't you submit a PR to this one to add the functionality here? 😄

@greg-db
Copy link
Contributor

greg-db commented Jan 23, 2018

The JavaScript SDK now supports the "code" flow as of v3.0.0, via the getAccessTokenFromCode method. There's a basic example of using it here, and instructions for running that here.

Make sure you set your app key and secret here, and set http://localhost:3000/auth as a redirect URI for your app to run that example.

@greg-db greg-db closed this as completed Jan 23, 2018
js-kyle added a commit to joemccann/dillinger that referenced this issue Jan 31, 2018
@fadookie
Copy link

fadookie commented May 29, 2018

@greg-db This is great, but what if you don't have a server to redirect to (i.e. running from a CLI script?)

EDIT: NVM, figured it out. You can call getAuthenticationUrl(null, null, 'code').

EDIT 2: Wait, nope, still stuck. Calling getAccessTokenFromCode(null, code) generates a request with &redirect_uri=null and results in a 400 with error description of redirect_uri mismatch. Passing empty string for redirect_uri also doesn't seem to work.

@sidhuko
Copy link
Contributor

sidhuko commented May 29, 2018 via email

@greg-db
Copy link
Contributor

greg-db commented May 30, 2018

@fadookie It looks like getAccessTokenFromCode method wasn't written to properly support the case where no redirect URI was used. I'll ask the team to update that to support that.

@xeektech
Copy link

Hi @greg-db any alternatives you might wanna suggest here? I have the same requirement as @fadookie. TIA

@greg-db
Copy link
Contributor

greg-db commented Jun 21, 2018

@xeektech No, I don't have an update on this yet unfortunately.

@greg-db
Copy link
Contributor

greg-db commented Jun 8, 2020

@fadookie @xeektech The getAccessTokenFromCode method has been updated to support a null redirectUri as of v5.0.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

7 participants