Dropbox authentication across sessions

Oct 9, 2010 at 7:20 PM

My understanding of the Dropbox API and OAuth usage in general (and as explictly stated in the Dropbox API guideline) apps should not store the username/password of a user, but should authenticate them and then store an OAuth token that is valid for 10yrs. However, I'm not seeing how to use SharpBox to get at this token that dropbox provides after username/password authentication and I'm not seeing how to create a new session from this token (if I did have it) without the username/password. This seems to mean that users will have to login everytime in the current SharpBox version. Am I missing something?

Coordinator
Oct 10, 2010 at 1:01 PM
Hi,
 
yes your are right. I added a first draft of this functionality and created an issue: http://sharpbox.codeplex.com/workitem/14422
 
You will find the code in the trunk branch. To test it use the login method to create a token and use this to perform a second login with a second cloud storage object. To realize this an object of type DropBoxCredentialsToken are needed and instead of the username and password a valid token will be passed.
Storing interface for tokens will follow :-)
 
Dirk

 
 
2010/10/9 feeling <notifications@codeplex.com>

From: feeling

My understanding of the Dropbox API and OAuth usage in general (and as explictly stated in the Dropbox API guideline) apps should not store the username/password of a user, but should authenticate them and then store an OAuth token that is valid for 10yrs. However, I'm not seeing how to use SharpBox to get at this token that dropbox provides after username/password authentication and I'm not seeing how to create a new session from this token (if I did have it) without the username/password. This seems to mean that users will have to login everytime in the current SharpBox version. Am I missing something?

Read the full discussion online.

To add a post to this discussion, reply to this email (sharpbox@discussions.codeplex.com)

To start a new discussion for this project, email sharpbox@discussions.codeplex.com

You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe or change your settings on codePlex.com.

Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at codeplex.com


Oct 10, 2010 at 3:03 PM
Wow, great, thanks for the fast turnaround. I'll take a look and see if I find anything awry and suggest a patch. On the surface storing the token is less important as different platforms and os's may choose to use different mechanisms. I would suggest a good, cross provider mechanism for getting access to the necessary data to persist outside of sharp box and a good way to recreate the token from the data elements. I would also submit that this is such an important feature that it should drive a stable release. I can't see how anyone could use SharpBox in production without this functionality (without violating the Dropbox API terms). The user experience would be severely lacking. I have implemented SharpBox in my iOS app that should be available before year end. My usage is simple and for backup/restore only. That's said it was a breeze to implement with SharpBox and this feature should complete this part of the app.
Coordinator
Oct 10, 2010 at 11:31 PM
Hi,

I added the adapted solution for monotouch as well, so this feature should also be usable on your mac with monodevelop.

I will add a stable version of this feature (with your help) in the upcoming maintenance release 1.0.2 which is planned in the end of october.

regards
Dirk


On Oct 10, 2010, at 4:03 PM, feeling wrote:

From: feeling

Wow, great, thanks for the fast turnaround. I'll take a look and see if I find anything awry and suggest a patch. On the surface storing the token is less important as different platforms and os's may choose to use different mechanisms. I would suggest a good, cross provider mechanism for getting access to the necessary data to persist outside of sharp box and a good way to recreate the token from the data elements. I would also submit that this is such an important feature that it should drive a stable release. I can't see how anyone could use SharpBox in production without this functionality (without violating the Dropbox API terms). The user experience would be severely lacking. I have implemented SharpBox in my iOS app that should be available before year end. My usage is simple and for backup/restore only. That's said it was a breeze to implement with SharpBox and this feature should complete this part of the app.

Read the full discussion online.

To add a post to this discussion, reply to this email (sharpbox@discussions.codeplex.com)

To start a new discussion for this project, email sharpbox@discussions.codeplex.com

You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe or change your settings on codePlex.com.

Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at codeplex.com


Oct 13, 2010 at 1:47 AM

Hi Dei, thanks again for the quick oAuth implementation. I noticed an issue and I have modified 2 files to implement a solution. Basically I didn't see any ways to recreate a credentials object from the token key and secret. I can send you those files if you'd like. Also, I still need to test this more because I was having an issue with opening the cloud service using the new credentials. Unfortunately monodevelop is somewhat subpar when it comes to debugging so i haven't been able to trace the route of the issue and whether it's me or sharpbox. I can send thefiles before or after I solve this just let me know, If you want them at all or just implement it yourself. My changes are basically to add a constructor to dropboxcredentials that takes the 4 secret/keys and creates the necessry internal objects.

Coordinator
Oct 13, 2010 at 7:41 AM
Hi,

if you want to and when you have time, I can add you as developer ans this feature would be yours.

Otherwise send me your files, I will merge them to the code.

Dirk

Sent from my iPhone

On 13.10.2010, at 02:47, "feeling"<notifications@codeplex.com> wrote:

From: feeling

Hi Dei, thanks again for the quick oAuth implementation. I noticed an issue and I have modified 2 files to implement a solution. Basically I didn't see any ways to recreate a credentials object from the token key and secret. I can send you those files if you'd like. Also, I still need to test this more because I was having an issue with opening the cloud service using the new credentials. Unfortunately monodevelop is somewhat subpar when it comes to debugging so i haven't been able to trace the route of the issue and whether it's me or sharpbox. I can send thefiles before or after I solve this just let me know, If you want them at all or just implement it yourself. My changes are basically to add a constructor to dropboxcredentials that takes the 4 secret/keys and creates the necessry internal objects.

Oct 18, 2010 at 2:29 PM
Hi Dirk, I've gotten the new OAuth stuff to work authenticating with the token. Turns out that my problems were my own fault as I had accidentally reveresed the key/secret in the call. Anyways, I believe I have 3 modified files that allow you to use the token/secret in place of u/p. I'll send them to you for inclusion. While I'm happy to contribute to the project I'm hesitant to really be a developer on it as I have so much going on between my app and my "real" job.
Coordinator
Oct 20, 2010 at 7:46 PM

Hi feeling,

I added your patch just a minute ago to the main branch. Thanks for your contribution, it will be part of 1.0.2 release of sharpbox which is planned for the end of this month. If you will find any issue let me know :-)

 

regards
Dirk