Dropbox refresh token support now in master

DougReeder · November 1, 2022, 1:57am

The master branch of remotestorage.js now contains code to support the refresh tokens of Dropbox (OAuth2 PKCE) – so users can stay logged in for days, not hours.

The docs are not currently building, so here’s the updated info for app developers:

An app key can be obtained by registering your app
https://www.dropbox.com/developers/apps.

Create a new “scoped” app for the “Dropbox API” (or change an existing app to use scopes), with these scopes:
- account_info.read
- files.metadata.read
- files.metadata.write
- files.content.read
- files.content.write
You need to set one or more OAuth2 redirect URIs for all routes a user can
connect from, for example http://localhost:8000 for an app you are
developing locally. If the path is ‘/’, rs.js drops it.

github.com/remotestorage/remotestorage.js

Dropbox: Retrieves & uses refresh token to obtain new access token

remotestorage:master ← remotestorage:feature/1267-dropbox_refresh_tokens

opened 04:06AM - 01 Oct 22 UTC

DougReeder

+9356 -4290

Fixes #1267 It may prove helpful to examine each commit separately. The fi…rst commit adds Mocha tests for every scenario that jaribu tests, but re-arranged more logically. Some tests are pending, and some expectations are commented out (such as returning proper MIME types), because the current Dropbox backend is not compliant. The second commit adds Content-Length & Last-Modified to Dropbox folder listings, correctly encodes Dropbox-API-Arg header and fixes some other bugs. The Dropbox-API-Arg header must be JSON-encoded, not URL-encoded: https://www.dropbox.com/developers/reference/json-encoding The third commit refactors the function that calls either fetch or XHR into its own class. Authorize needs to call this as part of OAuth2 PKCE, and it was poor architecture for Dropbox and Google Drive to be using a function in wireclient. The fourth commit refactors WireClient, GoogleDrive & Dropbox to have a common ancestor & Typescript interface. The common ancestor reduces duplication of code. The interface surfaces the complexity of interaction between the backends and other modules. The fifth commit avoids the user needing to log in every four hours (what Dropbox calls "offline access" and OAuth2 calls the PKCE flow). OAuth2 PKCE is standardized, so I've placed as much code as possible in authorize.ts for future re-use. It also sends the scopes required for Scoped apps, which Dropbox requires all new apps to be. It also handles the 503 and 429 status codes and their Retry-After header that Dropbox sends. The sixth commit removes the jaribu tests of new functionality that were superseded by better mocha tests.