We validate the state checking that there was a session id for it and use the Dropbox JavaScript SDK to exchange the code for a token. If the user takes too long to validate credentials and authorize the app with Dropbox, the cache will expire, adding an extra layer of security.Īfter completing authentication and authorization with Dropbox, the user will be sent back to the redirect URL along with the state string we sent and a code. This will handle multiple users as each user will have a different state and session id. Then we use the Dropbox JavaScript SDK to obtain the authorization URL and redirect the user to that address.
To do that, we generate a random state using the crypto library and the node-cache library to save in cache for a few minutes with the state as key and the session id as value.
:no_upscale()/cdn.vox-cdn.com/uploads/chorus_asset/file/22489313/Screen_Shot_2021_05_03_at_3.13.49_PM__1_.png "dropbox developer app name is already taken")
When a request is received in the home route /, we check if the session for that user has already a token stored in it, if that is the case, we can use the token directly to get resources from Dropbox, if not, then we need to get a token.
0 kommentar(er)
