Dropbox: Retrieves & uses refresh token to obtain new access token #1274
Conversation
correctly encodes Dropbox-API-Arg header Fixes bug in put() and delete() when not connected Fixes response to failed info call.
Dropbox: sends scopes required for Scoped apps Dropbox: consults Retry-After header when re-running request
There was a problem hiding this comment.
Fantastic work! 👏
I left a few comments for minor questions and nitpicks.
There's a breaking change for app developers with existing, older Dropbox apps, which we need to document (perhaps in a how-to-upgrade post on the forums and/or extended release notes):
Dropbox only introduced scopes fairly recently, and this PR requires the Dropbox app/client id to be configured with the new scopes. Otherwise authorization will fail:
The developer needs to go to https://www.dropbox.com/developers/apps, where there is already a message waiting for apps not using scopes to migrate the permissions:
On the permissions/scopes screen, one should deselect the permissions for contacts and file requests, then hit the migrate button:
After doing this, I was able to test these changes successfully with the RS Widget (which will now fail to authorize Dropbox until the widget is updated to use this rs.js changeset as well).
Co-authored-by: Râu Cao <842+raucao@users.noreply.github.com>
|
I believe the |
DougReeder
force-pushed
the
feature/1267-dropbox_refresh_tokens
branch
from
a688512
to
66e92c4
Compare
Fixes #1267
It may prove helpful to examine each commit separately.
The first commit adds Mocha tests for every scenario that jaribu tests, but re-arranged more logically. Some tests are pending, and some expectations are commented out (such as returning proper MIME types), because the current Dropbox backend is not compliant.
The second commit adds Content-Length & Last-Modified to Dropbox folder listings, correctly encodes Dropbox-API-Arg header and fixes some other bugs. The Dropbox-API-Arg header must be JSON-encoded, not URL-encoded: https://www.dropbox.com/developers/reference/json-encoding
The third commit refactors the function that calls either fetch or XHR into its own class. Authorize needs to call this as part of OAuth2 PKCE, and it was poor architecture for Dropbox and Google Drive to be using a function in wireclient.
The fourth commit refactors WireClient, GoogleDrive & Dropbox to have a common ancestor & Typescript interface. The common ancestor reduces duplication of code. The interface surfaces the complexity of interaction between the backends and other modules.
The fifth commit avoids the user needing to log in every four hours (what Dropbox calls "offline access" and OAuth2 calls the PKCE flow). OAuth2 PKCE is standardized, so I've placed as much code as possible in authorize.ts for future re-use.
It also sends the scopes required for Scoped apps, which Dropbox requires all new apps to be.
It also handles the 503 and 429 status codes and their Retry-After header that Dropbox sends.
The sixth commit removes the jaribu tests of new functionality that were superseded by better mocha tests.