How to access Dropbox API via Oauth? - oauth

I have about a site with about 50 customers. They each have a user profile. They want to be able to automatically include their images which they store on DropBox in their profiles.
My idea is to make a Dropbox api that scans their folders (with their permission) and just include the images in their profile. I already know how to link directly to their images as long as I have the url.
I set up the Ruby API. Only question is : Do they have to authorize my app every time I try to access their images?
I want to somehow store authorization information for each client, then just reuse that info and access their images through the Ruby API. Is this possible? How is it done?
I think if I can just get past this authorization hurdle I can take care of the rest.

You can definitely do this. Just store the access token at the end of the OAuth flow and reuse it. From https://www.dropbox.com/developers/core/start/ruby:
The access token is all you'll need to make API requests on behalf of
this user, so you should store it away for safe-keeping (even though
we don't for this tutorial). By storing the access token, you won't
need to go through these steps again unless the user reinstalls your
app or revokes access via the Dropbox website.

Related

What Twitter access token should I use to automate tweets?

I would like to know what access token I require to achieve the following.
My Meteor app crawls various RSS feeds and makes a daily digest. I would like to automatically tweet about the daily digest when it is created, using the app's Twitter account.
As I see, in the doc, it seems that I need to use application owner access token and create my app using the app's Twitter account. Is this a correct approach?
Yes, that's correct. It's quite simple too.
Go to Twitter Apps and login with your regular twitter account
assuming you have one, if not you need to create one.
Once signed in click on Create New App button.
Fill out the application (Name, description, and whatever else it requires).
Create your key and access tokens. Share those with users that you trust as they'll be used to access the twitter API to read/write information.
Give the application you created a "Read and Write" permission based on what you asked in the question.
Then depending on the software/language you use there's a plenty of existing packages that can help you access and obtain the information from the API.

iOS: Upload multiple files using Dropbox

All that I have researched integrating Dropbox iOS SDK requires logging in to authenticate/authenticate a user.
But this is what I want to accomplish
Use only one user account. (Without authorization)
Create a random public folder(in same account) and upload files to that folder.
Get the folder link.
It's basically sending generated files from the app to an account.
How can I possibly do this?
The API was designed with the intention that each user would link their own Dropbox account, in order to interact with their own files. However, it is technically possible to connect to just one account. The SDKs don't offer explicit support for it and we don't recommend doing so, for various technical and security reasons.
For example, any user who extracts the access token from your app will be able to read every file in the Dropbox account, delete everything, replace it, etc.
However if you did want to go this route, instead of kicking off the authorization flow, you would manually use an existing access token for your app. (Just be careful not to revoke it, e.g. via https://www.dropbox.com/account/applications.)

Retrieving and displaying third party Facebook statuses in iOS app

I'm new to Facebook development and I'm running into trouble with what seems like it should be an easy task. I am building an iOS app for a client, and that client wants to display a number of their most recent status updates in the app, along with a link to their Facebook page. These statuses should be displayed to the user of the app even if they are not logged into Facebook or do not have a Facebook account saved on their device.
My research so far seems to indicate that I'll need to make a request to the Graph API using a user access token (which I can do successfully in the app using a token copied and pasted from the Graph API Explorer), but it seems that the only way to get a user access token from within the app is to log the user of the app into Facebook using their account credentials. This is not a good solution because I need to be able to display the client's statuses to the user whether they have are logged into a Facebook account or not. Is such a thing possible, and if so, how? I've been all over the docs and can't find a conclusive answer either way.
I know that we would approach it quite differently. We would have our own web service periodically pull what we needed off of google and store it on our own server, then we would use AFHTTPClient to pull this information down to our app. That way we wouldn't have to spoof anything with FaceBook or put any requirments on our users, such as logging into facebook. It would require that you have a service that your client maintains (or you could easily contract that for a cost).

Google Drive access without user login

I am making an app for the iPhone were all the users have access to the same google drive folder for uploading files. This google drive account is managed by the company and not by the users. There for I want to skip the google login form and just give the user access. Ideal the user does not even know he/she is using google drive.
I looked at the drEdit example and looked at oauth documentation. Is it possible to use one refresh_token for all the users to grand access? So I login once, grand access, somehow store the refresh_token and hard code that in the app for future use, so that all the users use that refresh_token for access. Or are there better ideas to do this?
Kind regards,
Stijn
Thought there was a similar question to this, but can't find the one I'm looking for. Short answer is you need to be very careful how you do this. Embedding the refresh token in your app like that is inviting abuse, particularly if it is authorized for write access. Once a clever user or attacker finds that value, they can use that token to call the API however they want. If authorized for the full drive scope, that means that can also maliciously modify or delete files, secretly store their own content, etc...
If you really need to have anonymous or shared access to content stored in Drive, you're better off proxying requests through your own servers so you can control the interaction with Drive.

How to get Google OAuth tokens manually?

I need to build a app that upload video youtube, my question is about logging in google. My app is for only one client, i don't want the user need to logging in youtube then before allow access to my app. I think if I can set tokens in a config file, is this possible? If yes, how i get manually the tokens to store in the config file?
Yes. You authorize the application on YouTube, get the tokens and store them. The application will then use the tokens that were stored. I've done it before (mainly for testing purposes) and it will work fine.

Resources