Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p>At the end of the authentication process, you have an access token, which is what's used to make calls to the API. If both the client and the server need to make calls to the API, then both will need to have the access token.</p> <p>If you're doing the authentication client-side today, you could pull the access token out somehow (not sure if/how it's exposed from the library, but it's in there somewhere and also storaged in local storage) and pass it to the server. The server can then use it to call <a href="https://www.dropbox.com/developers/core/docs#account-info"><code>/account/info</code></a> and get the Dropbox user ID of the authenticated user.</p> <p>An alternative is to do it the other way around. Authenticate the user with the "code flow" (rather than "token flow") and get the access token on the server in the first place. Then you could pass it down to the client and pass it as an option in the <a href="https://www.dropbox.com/developers/datastore/docs/js#Dropbox.Client"><code>Dropbox.Client</code> constructor</a>. I think that <code>dropbox-js</code> supports this itself, but it's also not hard to do yourself. Here's some raw Express code that logs in a user and displays his or her name:</p> <pre><code>var crypto = require('crypto'), express = require('express'), request = require('request'), url = require('url'); var app = express(); app.use(express.cookieParser()); // insert your app key and secret here var appkey = '&lt;your app key&gt;'; var appsecret = '&lt;your app secret&gt;'; function generateCSRFToken() { return crypto.randomBytes(18).toString('base64') .replace(/\//g, '-').replace(/\+/g, '_'); } function generateRedirectURI(req) { return url.format({ protocol: req.protocol, host: req.headers.host, pathname: app.path() + '/callback' }); } app.get('/', function (req, res) { var csrfToken = generateCSRFToken(); res.cookie('csrf', csrfToken); res.redirect(url.format({ protocol: 'https', hostname: 'www.dropbox.com', pathname: '1/oauth2/authorize', query: { client_id: appkey, response_type: 'code', state: csrfToken, redirect_uri: generateRedirectURI(req) } })); }); app.get('/callback', function (req, res) { if (req.query.error) { return res.send('ERROR ' + req.query.error + ': ' + req.query.error_description); } // check CSRF token if (req.query.state !== req.cookies.csrf) { return res.status(401).send( 'CSRF token mismatch, possible cross-site request forgery attempt.' ); } else { // exchange access code for bearer token request.post('https://api.dropbox.com/1/oauth2/token', { form: { code: req.query.code, grant_type: 'authorization_code', redirect_uri: generateRedirectURI(req) }, auth: { user: appkey, pass: appsecret } }, function (error, response, body) { var data = JSON.parse(body); if (data.error) { return res.send('ERROR: ' + data.error); } // extract bearer token var token = data.access_token; // use the bearer token to make API calls request.get('https://api.dropbox.com/1/account/info', { headers: { Authorization: 'Bearer ' + token } }, function (error, response, body) { res.send('Logged in successfully as ' + JSON.parse(body).display_name + '.'); }); // write a file // request.put('https://api-content.dropbox.com/1/files_put/auto/hello.txt', { // body: 'Hello, World!', // headers: { Authorization: 'Bearer ' + token } // }); }); } }); app.listen(8000); </code></pre>
    singulars
    1. This table or related slice is empty.
    1. POUsing dropboxjs to authenticate the client with oauth 2. What about the server?
      singulars
      1. PTQuestion
    1. PTAnswer
    1. This table or related slice is empty.
    1. USsmarx
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. POUsing dropboxjs to authenticate the client with oauth 2. What about the server?
      singulars
      1. PTQuestion
    1. This table or related slice is empty.
    1. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTAcceptedByOriginator
    3. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    1. COI'm going for the first option (I already have everything in place). Please note that the server does not need to use the Dropbox API, I only want to authenticate (aka I want to know, on the server, that I have a valid user with valid credentials). So the workflow 1) is send the token to the server -> 2) get the username on the server corresponding to the token -> 3) update the table entry corresponding to the username? If yes, does this workflow pose security holes?
      singulars
      1. PO
      1. USjanesconference
    2. COYou should use the user ID (`uid`) rather than the name, since names may collide. You get that back from `/account/info` too.
      singulars
      1. PO
      1. USsmarx
    3. CORegarding security, you have to send the access token to the server, and do an /account/info call there. You can't pass the uid from the client, and have the server trust it. You probably know this already, I'm adding it in just to make sure.
      singulars
      1. PO
      1. USpwnall
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload