New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support the "Code" Authorization flow #64

Closed
ChrisAlvares opened this Issue Aug 24, 2016 · 11 comments

Comments

Projects
None yet
7 participants
@ChrisAlvares

ChrisAlvares commented Aug 24, 2016

Currently, only the token authorization flow is working, which is fine for front end frameworks, but using nodejs, it is way more secure to use the code authorization flow so that the access token is not exposed to users or browser extensions.

I am guessing two things need to be supported here: the clientSecret parameter and a new method for converting a code to an access token.

@greg-db greg-db added the enhancement label Aug 25, 2016

@greg-db

This comment has been minimized.

Contributor

greg-db commented Aug 25, 2016

Thanks! We'll consider it a feature request.

@b-dur

This comment has been minimized.

b-dur commented Nov 11, 2016

I need this functionality as well.

But in the meantime I created an "extension" package that does the trick for me. Maybe it could be useful for others too.

It can be found here: https://www.npmjs.com/package/dropbox-client-oauth2

@sidhuko

This comment has been minimized.

Contributor

sidhuko commented May 19, 2017

@greg-db any news on this?

@greg-db

This comment has been minimized.

Contributor

greg-db commented May 19, 2017

No, I don't have an update on this.

@stevemao

This comment has been minimized.

stevemao commented Jun 17, 2017

@b-dur your module works well for me. Why don't you submit a PR to this one to add the functionality here? 😄

@greg-db

This comment has been minimized.

Contributor

greg-db commented Jan 23, 2018

The JavaScript SDK now supports the "code" flow as of v3.0.0, via the getAccessTokenFromCode method. There's a basic example of using it here, and instructions for running that here.

Make sure you set your app key and secret here, and set http://localhost:3000/auth as a redirect URI for your app to run that example.

@greg-db greg-db closed this Jan 23, 2018

js-kyle added a commit to joemccann/dillinger that referenced this issue Jan 31, 2018

@fadookie

This comment has been minimized.

fadookie commented May 29, 2018

@greg-db This is great, but what if you don't have a server to redirect to (i.e. running from a CLI script?)

EDIT: NVM, figured it out. You can call getAuthenticationUrl(null, null, 'code').

EDIT 2: Wait, nope, still stuck. Calling getAccessTokenFromCode(null, code) generates a request with &redirect_uri=null and results in a 400 with error description of redirect_uri mismatch. Passing empty string for redirect_uri also doesn't seem to work.

@sidhuko

This comment has been minimized.

Contributor

sidhuko commented May 29, 2018

@greg-db

This comment has been minimized.

Contributor

greg-db commented May 30, 2018

@fadookie It looks like getAccessTokenFromCode method wasn't written to properly support the case where no redirect URI was used. I'll ask the team to update that to support that.

@xeektech

This comment has been minimized.

xeektech commented Jun 21, 2018

Hi @greg-db any alternatives you might wanna suggest here? I have the same requirement as @fadookie. TIA

@greg-db

This comment has been minimized.

Contributor

greg-db commented Jun 21, 2018

@xeektech No, I don't have an update on this yet unfortunately.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment