How to authenticate user dropbox access in an Electron desktop app?

[dawnmist]

When making an Electron desktop app, the actual "website" is compiled to files that are bundled up inside the application bundle. As a result, there isn't a website url available as a redirect address to use for returning the authentication token back to the application (the app's urls are all "file://" types).

What is the right way to handle this situation? It's not a Cordova app, but should I be attempting to use the same redirect url & onLoad url token parsing logic as used in the dropbox authenticateWithCordova function in order to retrieve the token from a second browser window?

If not - how should this be handled properly?

[greg-db]

The SDK doesn't explicitly support Electron unfortunately, so I'm afraid I can't necessarily offer a good solution. I'll send this along as a feature request for official Electron support though.

That said, ideally, your app would send the user to their system browser to authorize the app, and have Dropbox send them back using a redirect URI.

That wouldn't work with the "response_type=token" flow if you can't use an https redirect URI though.

Instead, you can use the "response_type=code" flow (by setting authType='code' when calling getAuthenticationUrl), in which case you can use a non-https redirect URI.

[dawnmist]

The app can send them to the Dropbox site (it runs inside an embedded Chromium browser) - it's the lack of a redirect URI to send them back to that is the problem.

When the app is being run from local files instead of being hosted on the web somewhere, there is no http or https URL available to use for the redirect URI. Unless it's possible to use a file:// path as the redirect URI? That's why I was asking if I should use the URI that the Cordova authentication process used.

Edit: no, a file url won't work because it ends up being something like file:///tmp/.mount_LoominNwWLnV/resources/app.asar/build/index.html which cannot be pre-specified as a valid redirect url in the dropbox app console because the file path would be different for every machine/os/etc.

Edit 2: Looks like Electron is doing something nasty that breaks the dropbox auth page load anyway - possibly related to require as both functions that are throwing errors seem to start with arrays whose first value is 'require'. So I would definitely need to request Dropbox to investigate adding an Electron-compatible auth method. Thank you for putting in the request.

[greg-db]

Thanks for the information! I'm including this with the request.

[prasadkawthekar]

Hi @greg-db I am having similar use case. Is there any update on this? @dawnmist did you by chance figure out a workaround in the meanwhile? Thanks!

[TaylorKrusen]

Hi @prasadkawthekar, I just checked and we have no new updates on this. We'll be sure to update this issue as soon as we have new information. Thanks for checking in!

[johannesjo]

Any updates on this?

[greg-db]

@johannesjo No, unfortunately I don't have any news on this request.

[isaacsanders]

This should take care of half the problem, right? (the internal local server, that is)

https://stackoverflow.com/questions/37546656/handling-oauth2-redirect-from-electron-or-other-desktop-platforms

[johannesjo]

@isaacsanders I will test this and report back.

[johannesjo]

I ended up just prompting the user to get and insert the accessCode manually, by using this url: https://www.dropbox.com/oauth2/authorize?response_type=code&client_id=${DROPBOX_APP_KEY}

The other approach would have worked too, but as I also need to tend to android, this seemed to be the easiest way to do it.