1

I'm writing a simple Dropbox program in Java that uploads files. Here is the particular piece of code that I am working with that creates a connection to a Dropbox account. The code below only runs the first time a user runs the app. After that the AccessTokenPair is saved for use on subsequent runs. 

AppKeyPair appKeys = new AppKeyPair(APP_KEY, APP_SECRET);
WebAuthSession session = new WebAuthSession(appKeys, ACCESS_TYPE);
dropbox = new DropboxAPI<WebAuthSession>(session);    

try {
  if (!STATE_FILE.exists()) {
    STATE_FILE.createNewFile();
    WebAuthInfo authInfo = session.getAuthInfo();
    RequestTokenPair pair = authInfo.requestTokenPair;
    String url = authInfo.url;
    URI confirmAddress = new URI(url);
    Desktop desktop = Desktop.getDesktop();
    desktop.browse(confirmAddress);
    boolean authenticated = false;
    while (!authenticated) {
        try {
            session.retrieveWebAccessToken(pair);
            authenticated = true;          
        } catch (DropboxException dbe) {
            io.tellUser("Waiting for user authentication...");
            Thread.sleep(4000);

        }
    }

    AccessTokenPair tokens = session.getAccessTokenPair();
    State state = new State(STATE_FILE);
    state.save(tokens);

It seems to work fine, but I am wary of the way I am checking for authentication. The code above will open a link in the user's default browser to his/her Dropbox account to allow access to this app. session.retrieveWebAccessToken(pair) will throw the DropboxException if access has not been allowed. So the program basically checks and catches the Exception then sleeps over and over until access has been granted. I would like to find a way to accomplish this without waiting and checking. I have tried a spin-lock/busy-lock and asking the user to press a button after they have authorized this app in addition to the sleep() method implemented above. I would prefer to not ask the user for intervention. After reading some of the Dropbox API, I learned that you can use a callback url when constructing the WebAuthInfo object, but I am not sure how to make that work because my app is not a web app. Does anyone have any idea how to use that callback for my purposes or any other ideas?

Guy
  • 101
  • 9
  • 1
    http://stackoverflow.com/questions/1359689/how-to-send-http-request-in-java Does it do you any good to use HTTP connections from you java code? If the dropbox logon page can be predicted, then you could just have your user enter the details in your app and then you could forward them to dropbox. Is this the dropbox url you're referring to? https://www.dropbox.com/developers/blog/20 – KyleM Mar 23 '13 at 05:57
  • I am open to using HTTP connections in my code. This is a good dropbox link. I may be able to route it through my site. Yes, the format for the url is the same as it is on the link. The user must click on a button once they reach the url to authorize. This will take a bit of research before I fully understand how it could work, but thanks for the tip. – Guy Mar 23 '13 at 06:44
  • Note that you should never be handling the user's login/password information: https://www.dropbox.com/developers/reference/bestpractice – Greg Mar 23 '13 at 19:08

1 Answers1

0

There are a few other ways to handle this flow, other than the try/wait scheme shown.

The best, but most difficult: Use the oauth_callback parameter on /authorize along with a custom URL scheme registered for your app. This will automatically redirect the user to your app after authorizing it, which your app can detect and then resume the flow.

Otherwise, you can just wait until the user returns "focus" to your app, and either try automatically then, or just have them tell your app to try then manually.

Greg
  • 13,963
  • 2
  • 26
  • 42