How to create the login token without writing the secret in your code?

Oct 31, 2011 at 2:06 PM

I know it´s not a problem of the api but if you write a local application that uses dropbox you need to store the secret to create the usertoken but if i write the secret into the code everyone can read it out so it´s not a secret anymore :-(

How do you solve this problem in your applications?

Coordinator
Oct 31, 2011 at 11:41 PM
Hi,

the application key and secret needs to be stored in your application. Desktop applications and mobile applications have the problem that it is no more a secret. If you want to improve it a little bit more, it's possible to send the app key and token as part of your license key to only registered user and then store the token as user only secret on the machine.

In WebApps it's not the issue because no body knows the secret.

Cheers
Dirk

Sent from my iPad

On 31.10.2011, at 14:06, willmer <notifications@codeplex.com> wrote:

From: willmer

I know it´s not a problem of the api but if you write a local application that uses dropbox you need to store the secret to create the usertoken but if i write the secret into the code everyone can read it out so it´s not a secret anymore :-(

How do you solve this problem in your applications?

Nov 1, 2011 at 5:56 PM
Edited Nov 1, 2011 at 6:05 PM

But it is correct that if we key/secret isn´t secret that dropbox will not approve the app? My interest is just about the approval ;-) 

Found a discussion about the topic: http://stackoverflow.com/questions/7121966/should-i-obfuscate-oauth-consumer-secret-stored-by-android-app

Coordinator
Nov 1, 2011 at 10:07 PM
Hi,

DropBox will approve as long as you use oAuth tokens.

Dirk

Sent from my iPhone

On 01.11.2011, at 17:56, Willmer <notifications@codeplex.com> wrote:

From: Willmer

But it is correct that if we key/secret isn´t secret that dropbox will not approve the app? My interest is just about the approval ;-)