Dropbox authorization in a Windows Forms app
Posted by Steve Marx on April 04, 2014
The first step to using the Dropbox API is to have a user authorize your app to access to their Dropbox. Dropbox uses OAuth in the browser for authorization. For web apps, the process involves redirecting the user or opening a pop-up window. In our mobile apps, our SDKs can open the default browser for you and redirect back to your app. For desktop platforms (like Windows), there are really two options:
- Set up a custom URI scheme and use that as your OAuth redirect URI. Then you can open the default browser to the authorization page and have the user be redirected back to your app. This is probably the most secure method from a user's perspective, since they enter their credentials directly on
dropbox.comand don't need to worry about a malicious app stealing their username and password. This method works similarly to what happens in our mobile SDKs. One downside of this approach is that browsers present a somewhat scary warning before redirecting to a custom URI scheme. - Embed a web browser within your app. In a Windows Forms app, this is done with the
WebBrowsercontrol. This method probably provides the smoothest user experience and is the easiest to implement.
In the code below, I've written a simple Windows Forms app that uses the second option. It navigates an embedded WebBrowser control to the Dropbox authorization page and then captures the access token when the user finishes the authorization process. Note that this code doesn't handle storing the user's access token and remembering it for subsequent runs of the app, and it also doesn't handle errors (like the user deciding to cancel authorization).
private void Form1_Load(object sender, EventArgs e)
{
// Be sure to replace this with your app key from dropbox.com/developers/apps.
var clientID = "<YOUR APP KEY>";
// The redirect URI you use doesn't really matter, so feel free to use something else,
// but this is one we've set up specifically for client-side apps to use.
var redirectUri = new Uri("https://www.dropbox.com/1/oauth2/redirect_receiver");
var uri = string.Format(
@"https://www.dropbox.com/1/oauth2/authorize?response_type=token&redirect_uri={0}&client_id={1}",
redirectUri, clientID);
webBrowser1.Navigate(uri);
}
// This method gets called when the WebBrowser control loads a new page.
private void webBrowser1_DocumentCompleted(object sender, WebBrowserDocumentCompletedEventArgs e)
{
// Make sure that this is our redirect page.
if (e.Url.AbsoluteUri.StartsWith(@"https://www.dropbox.com/1/oauth2/redirect_receiver"))
{
// Parse out the access token from the URL fragment.
var accessToken = HttpUtility.ParseQueryString(e.Url.Fragment.Substring(1))["access_token"];
// TODO: Save the access token somewhere so the user doesn't need to log in the next time!
// Make a call to /account/info to verify that the access token is working.
var client = new WebClient();
client.Headers["Authorization"] = "Bearer " + accessToken;
var accountInfo = client.DownloadString("https://www.dropbox.com/1/account/info");
MessageBox.Show("Account info: " + accountInfo);
}
}
Note that I'm using the OAuth 2 token flow, which is designed for client-side apps. Read the Core OAuth documentation to learn more about the authorization flow.
Up next
In an upcoming blog post, I'll show how to use a similar mechanism to perform Dropbox auth in a Windows Store app using the WebAuthenticationBroker.