Android Tutorial Android Dropbox / OAuth Tutorial

Discussion in 'Tutorials & Examples' started by Erel, Aug 10, 2011.

  1. Erel

    Erel Administrator Staff Member Licensed User

    This tutorial is based on an old version of Dropbox API. For new projects it is recommended to use the Dropbox Sync library:

    Dropbox is a service that allows you to share and synchronize files. Dropbox offers an API which can be used to integrate Dropbox services in your own applications. The API is described here.
    OAuth standard allows users to share private information with a third party application or site without giving their credentials, and in a manageable way.

    This example project allows the user to browse their online Dropbox files, download files and upload files.

    Two steps are required in order to get access to the user private data. First we as the developers should register with Dropbox and get our personal developer key / secret.
    The second step is to get the access token. This is done by sending a request to Dropbox with the user credentials. The server should respond with the token key / secret. This token should be saved for future requests. You are not allowed to store the user credentials.

    When our application starts we check if we already have the token saved in an internal file. If not we ask the user for their username and password:


    Using the new OAuth library we are signing all the Http requests before sending them. Signing the request adds a header named "Authorization". The signature depends on the request values.
    Signing is done by calling:
    The OAuth object is initialized with the developer key and secret. Later when we acquire the access token we call OAuth.SetTokenWithSecret.
    Note that the OAuth library wraps the oauth-signpost open source project.

    Both the developer key/secret and the token are used during signing.

    In this example are using HttpUtils to manage the Http calls. HttpUtils was modified to support signing as well as the file uploading method which required special handling.

    Once we have the access token we call ChangePath.
    This sends a "metadata" call to Dropbox. The response contains a list with the files and folders:


    When the user presses on a folder we again call ChangePath and show the contents of the folder.
    Each time we open a folder, the server response is saved in a Map (FilesCache). Later when a folder is reopened the data is retrieved from this cache.

    Some characters must be encoded before they can be used in a Url. This is done with the help of StringUtils.EncodeUrl.

    We use FileDialog which is part of the Dialogs library to let the user choose a file to upload. Note that the current implementation stores the whole file in memory before uploading it. It will not work for very large files.

    Not all of the Dropbox API methods are implemented. However it should be pretty simple to add the other methods based on the existing implementation.

    As the communication done with a service, everything should work correctly even if the user closes the application in the middle of a file transfer. Check Sub Activity_Resume to see how the transfers are managed.

    In order to run the example you should first set developerKey and developerSecret variables (in the main activity).

    Attached Files:

    Last edited: Oct 22, 2014
    koaunglay likes this.
  2. hackhack

    hackhack Active Member Licensed User

    Yeah, I'm always weary of apps who does it that way - now i have to trust the programmer.

    However I have seen some apps use the android webbrowser to get the token, so they essentially only get the token, but not get to see the credentials.

    Would that be possible in b4a do you think?
  3. Erel

    Erel Administrator Staff Member Licensed User

    Are you sure that they are not using a WebView? I don't think that there is a standard way to get results from browsers (note that there are many browsers available).
  4. hackhack

    hackhack Active Member Licensed User

    Oh it may well be the webview, I don't know the technicals (can't remember the name of an app off hand). But when it gets time to login you see the whole website in the app, and can pinch zoom in and out etc, or navigate somewhere else etc, or just login.
    Would that make a security difference? I mean am I just kidding myself in thinking its more safe?

    Also, you say you modified http utils, is that just for this app, or should i download that module again?
  5. Erel

    Erel Administrator Staff Member Licensed User

    I believe that they are using WebView. It doesn't add any security as they can access all the values.
    The modified version of HttpUtils is included in this project. It doesn't replace the general HttpUtils module as it contains code specific for this project.
  6. hackhack

    hackhack Active Member Licensed User

    Hm, so using the webview is just to give the user a false sense of security?

    I mean you see a website, like say google or twitter, and the site displays their "This app wants to access, is that ok by you" and you click on the ok.

    Oh well.

    I'll be looking into your example in detail later, I could do with some drop box interaction :)
  7. thedesolatesoul

    thedesolatesoul Expert Licensed User

    u should have done this on monday!!! :( can you please add a progress listener to HttpUtils and the Dropbox version of it?

    i'll check this later today

  8. derez

    derez Expert Licensed User

    I installed both dropbox applications on my PC and device and I can see the file, download and upload from both.
    I don't understand - what is this different from the dropbox own application ?
  9. Brad

    Brad Active Member Licensed User

    You can integrate dropbox into your own app.
  10. hackhack

    hackhack Active Member Licensed User

    Hm, is the only way to access dropbox by becoming a registered developer? Seems a bit much if they approve each thing individually, just to see if you can figure out how to make an app.
  11. thedesolatesoul

    thedesolatesoul Expert Licensed User

    Yes. But its not really like they approve anything.
    They will just give you a consumer_key and consumer_secret and then you are on your own.
  12. hackhack

    hackhack Active Member Licensed User

    I don't understand that - you just say they won't approve anything - suggesting a real approval process. But then yous ay they'll just give you a consumer pair?
  13. Erel

    Erel Administrator Staff Member Licensed User

    They approve your request automatically. It should take less than 5 minutes to register.
    Did you try to register?
  14. hackhack

    hackhack Active Member Licensed User

    No, because they wrote that each request would be processed manually, and I didn't want to waste their time.
    (Though I can't seem to find that warning again)
    Last edited: Aug 12, 2011
  15. hackhack

    hackhack Active Member Licensed User

    If they have loaded a webpage in the webview - how can they access the values written on a page returned as a result of a cgi post/get function?
  16. vb1992

    vb1992 Well-Known Member Licensed User

    I ran this test today, and I got an error

    "you are using the older version of the dropbox api with a new api key. please use the latest version"

    Looks like they updated it on Oct-20th
  17. thedesolatesoul

    thedesolatesoul Expert Licensed User

    Yes, the URLs have probably changed as well.
    If you look in the code, search for URLs like:
    and replace to '0' with '1' since this is the new API version.
    Not guaranteed it will all work, you need to check the new Dropbox API since some things have changed.

    I had registered a long time ago, so my version '0' keys are still working.
  18. TommyE28

    TommyE28 Member Licensed User

    Error while testing DropBoxExample

    I have try the DropBoxExample, but i earn the message(copy from log) "Error. Url= Message=Bad Request"
    "Error: StatusCode=400, This app does not have permission for this operation.
    The API-version i have changed from 0 to 1.
    What wrong do I make?
  19. Erel

    Erel Administrator Staff Member Licensed User

    I've just tested it and it works fine with version 1 instead of 0.

    Did you set developerKey and developerSecret values?
  20. TommyE28

    TommyE28 Member Licensed User

    I've the keys from here "". From MyApp "App key" and "App secret". Are this the right?
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice