一段时间以来,我一直在 Meteor 应用程序中使用 dropbopx-sdk-js ,没有任何麻烦。
我的 Meteor 应用程序仅使用 Dropbox 来获取要在产品卡中使用的图像。这些文件时不时会同步,仅此而已。我所说的同步是指它们被扫描、创建或获取共享链接,然后将一些信息保存在 Mongo 中(名称、扩展名、路径、公共链接)。
最终用户不会删除或添加文件,这些文件也不会与某个文件相关。最终用户特定帐户。
为了实现这一目标,我(在很久以前)在 Dropbox 应用控制台中创建了一个应用程序,生成了一个永久令牌,并在我的 Meteor 应用程序中使用该令牌来处理所有同步。
现在,我尝试在新的类似项目中复制同样的事情,但发现永久令牌最近已被弃用,不再是一种选择。
现在,检查 Dropbox 的 身份验证类型 在我看来,它就像“应用程序身份验证”
“此类型仅使用应用程序自己的应用程序密钥和秘密,并且不使用
识别特定用户或团队”。
这就是我所追求的。我可以安全地在服务器中专门提供应用程序密钥和秘密,因为客户端永远不需要这些。问题是我如何实现这种身份验证?或者重要的是,我如何为我的应用程序实现相当于长期令牌的功能,最终意味着最终用户实际上不需要以任何方式知道 Dropbox 在幕后(并且他们肯定不需要 Dropbox 帐户来使用此应用程序也不应出现任何 Dropbox 身份验证页面提示)
在 js-sdk 示例存储库中,我只找到 这个示例使用应用程序密钥和秘密,但之后它会在浏览器中执行 oauth 过程,如果我不执行 oauth 部分,则会收到错误
"error": {
"name": "DropboxResponseError",
"status": 409,
"headers": {},
"error": {
"error_summary": "path/unsupported_content_type/...",
"error": {
".tag": "path",
"path": {
".tag": "unsupported_content_type"
}
}
}
}
。调用的结果
dbx.filesListFolders({ path: '', recursive: true }):
如果我用生成的令牌替换 dbx 对象的初始化,一切都会正常,但最终令牌会过期,我又回到了第一个方向。
有什么想法我可能会错过什么吗?
For a while now I've been using dropbopx-sdk-js in a Meteor application without any trouble.
My Meteor app simply uses Dropbox to fetch images to be used in product cards. These files are synced now and then and that's it. By synced what I mean is they are scanned, shared links created or obtained, and some info is then saved in Mongo (name, extension, path, public link)
End users do not remove nor add files, nor are the files related to an end user specific account.
To achieve this, I created (in the far past) an App in the Dropbox App Console, generated a permanent token, and used that token in my Meteor app to handle all the syncing.
Now I've tried to replicate that very same thing in a new similar project, but found that the permanent tokens have been recently deprecated and are no longer an option.
Now, checking Dropbox's Authentication Types it seems to me like "App Authentication"
"This type only uses the app's own app key and secret, and doesn't
identify a specific user or team".
is what I'm after. I can safely provide app key and secret in the server exclusively, as the client will never need those. The question is how do I achieve such kind of authentication? Or for that matter, how do I achieve an equivalent of the long-lived token for my app, ultimately meaning that end users don't actually need to know Dropbox is behind the scenes in any way (and they surely don't need dropbox accounts to use this app nor should be prompted with any Dropbox authentication page)
In the js-sdk examples repo, I only found this example using app key and secret. Yet afterwards it goes through the oauth process in the browser anyways. If I don't do the oauth part, I get an error
"error": {
"name": "DropboxResponseError",
"status": 409,
"headers": {},
"error": {
"error_summary": "path/unsupported_content_type/...",
"error": {
".tag": "path",
"path": {
".tag": "unsupported_content_type"
}
}
}
}
as a result of calling
dbx.filesListFolders({ path: '', recursive: true }):
If I replace the initialization of the dbx object with a generated token everything works out. However eventually the token expires and I'm back in square one.
Any ideas what may I be missing?
发布评论
评论(1)
简短的回答是:
您需要获取刷新令牌。然后,您可以根据需要使用该令牌。但为了获得它,需要在浏览器中至少经过一个 oauth 流程。然后在后端捕获生成的刷新令牌。然后存储它并使用它来初始化API。所以这有点“hacky”(IMO)。
例如,您可以使用提到的示例代码,并将获得的刷新令牌记录/存储在 这一行(根据 Greg 在论坛中接受的答案)。然后使用该值作为常量,在初始化时立即调用
setRefreshToken方法(如同一行中所做的那样)。长答案是:
更长的答案是:
查看我们在 dropbox 论坛中进行的对话
我建议替换“生成访问权限”控制台中的“生成刷新令牌”按钮改为“生成刷新令牌”按钮。至少根据我们的讨论,这对我来说是有意义的。也许如果它得到一些喜欢......;)。
The short answer is:
You need to obtain a refresh-token. You can then use this token for as long as you want. But in order to get it is necessary to go through at least one oauth flow in the browser. Then capturing the generated refresh-token in the backend. Then store it and use it to initialize the API. So it's kind of "hacky" (IMO).
For example, you can use the mentioned example code, and log/store the obtained refresh token in this line (as per Greg's accepted answer in the forum). Then use that value as a constant to immediately call the
setRefreshTokenmethod (as done in that very same line) upon initialization.The long answer is:
The longer answer is:
Check out the conversation we had in the dropbox forum
I suggested to replace the "Generate Access Token" button in the console for a "Generate Refresh Token" button instead. At least it made sense to me according to what we discussed. Maybe if it gets some likes... ;).