How to Deal with App_Key and App_Secret (Dropbox API)

How should I deal with APP_KEY and APP_SECRET (Dropbox API)

You can encode your key using Dropbox API Key Encoder and use dropbox.js to decode it. That way you do not need to expose your secret key

Dropbox api USER TOKEN, USER SECRET

When you create your app on the dropbox web site, they give you an APP_KEY (identifies your app) and an APP_SECRET (like a password). You're essentially registering your app with drop box in order to integrate with their service.

Here's an overview:
http://www.dropbox.com/developers/start/core

Click the "my apps" link in that page. You'll have to create or login with your drop box account. After that, you can create an app. Give it a name and description, select access folder or full contents and click OK. They will give you the key and secret after registering your app.

EDIT:

Concerning the specific C# DropNetClient, you're supposed to replace "APP_KEY" and "APP_SECRET" with your appKey and appSecret strings from that site.

This link lays out the sequence pretty clearly:

https://github.com/dkarzon/DropNet

_client = new DropNetClient("API KEY", "API SECRET");

for example:

// replace with given app key and secret from site
_client = new DropNetClient("8oz68cz267t52fz", "mavm58321hrhejy");

Once you have a client object, you need to pop a browser and have the user login to drop box with their user account. that's covered in step 2 of that link by getting the url.

var url = _client.BuildAuthorizeUrl();

Now that the user has logged on, you can get a user access token via synchronous or asynchronous methods. the user token enables a "remember me" feature without having the user reauthenticating and especially from your app storing their account/pass which you should never do. It's a token that proves they've authenticated with drop box. From step 3 of that link:

// Sync
var accessToken = _client.GetAccessToken(); //Store this token for "remember me" function

// Async
_client.GetAccessTokenAsync((accessToken) =>
    {
        //Store this token for "remember me" function
    },
    (error) =>
    {
        //Handle error
    });

Note that var accessToken is really a DropNet.Models.UserLogin object. That object contains:

    public string Token { get; set; }
    public string Secret { get; set; }

Python Dropbox app, what should I do about app key and app secret?

To prevent casual misuse of your app secret (like someone who copy/pastes code not realizing they're supposed to create their own app key/secret pair), it's probably worth doing a little obfuscation, but as you point out, that won't prevent a determined individual from obtaining the app secret.

In a client-side app (like a mobile or desktop app), there's really nothing you can do to keep your OAuth app secret truly secret. That said, the consensus seems to be that this doesn't really matter. In fact, in OAuth 2, the recommended flow for client-side apps is the "token" or "implicit" flow, which doesn't use the app secret at all.

Problems with the Dropbox API

the error says you are not called the correct signature

private func application(application: UIApplication, openURL url: URL, sourceApplication: String?, annotation: AnyObject) -> Bool{

change your signature and try once in here use Any or [string:Any]

func application(_ application: UIApplication, open url: URL,
sourceApplication: String?, annotation: Any) -> Bool

How do I respond to successful login with Dropbox API on iOS?

You handle successful login from the Dropbox API in the

-(BOOL) application:(UIApplication *)application handleOpenURL:(NSURL *)url function

-(BOOL) application:(UIApplication *)application handleOpenURL:(NSURL *)url {

    if ([[DBSession sharedSession] handleOpenURL:url]) {
        //Successfully Logged in to Dropbox
        return YES;
    }

    return NO;

}

---

Related Topics