/// <summary> /// Acquires a dropbox access token and saves it to the default settings for the app. /// <para> /// This fetches the access token from the applications settings, if it is not found there /// (or if the user chooses to reset the settings) then the UI in <see cref="LoginForm"/> is /// displayed to authorize the user. /// </para> /// </summary> /// <returns>A valid uid if a token was acquired or null.</returns> private async Task <string> AcquireAccessToken(string[] scopeList, IncludeGrantedScopes includeGrantedScopes) { Console.Write("Reset settings (Y/N) "); if (Console.ReadKey().Key == ConsoleKey.Y) { Settings.Default.Reset(); } Console.WriteLine(); var accessToken = Settings.Default.AccessToken; var refreshToken = Settings.Default.RefreshToken; if (string.IsNullOrEmpty(accessToken)) { try { Console.WriteLine("Waiting for credentials."); var state = Guid.NewGuid().ToString("N"); var OAuthFlow = new PKCEOAuthFlow(); var authorizeUri = OAuthFlow.GetAuthorizeUri(OAuthResponseType.Code, ApiKey, RedirectUri.ToString(), state: state, tokenAccessType: TokenAccessType.Offline, scopeList: scopeList, includeGrantedScopes: includeGrantedScopes); var http = new HttpListener(); http.Prefixes.Add(LoopbackHost); http.Start(); System.Diagnostics.Process.Start(authorizeUri.ToString()); // Handle OAuth redirect and send URL fragment to local server using JS. await HandleOAuth2Redirect(http); // Handle redirect from JS and process OAuth response. var redirectUri = await HandleJSRedirect(http); Console.WriteLine("Exchanging code for token"); var tokenResult = await OAuthFlow.ProcessCodeFlowAsync(redirectUri, ApiKey, RedirectUri.ToString(), state); Console.WriteLine("Finished Exchanging Code for Token"); // Bring console window to the front. SetForegroundWindow(GetConsoleWindow()); accessToken = tokenResult.AccessToken; refreshToken = tokenResult.RefreshToken; var uid = tokenResult.Uid; Console.WriteLine("Uid: {0}", uid); Console.WriteLine("AccessToken: {0}", accessToken); if (tokenResult.RefreshToken != null) { Console.WriteLine("RefreshToken: {0}", refreshToken); Settings.Default.RefreshToken = refreshToken; } if (tokenResult.ExpiresAt != null) { Console.WriteLine("ExpiresAt: {0}", tokenResult.ExpiresAt); } if (tokenResult.ScopeList != null) { Console.WriteLine("Scopes: {0}", String.Join(" ", tokenResult.ScopeList)); } Settings.Default.AccessToken = accessToken; Settings.Default.Uid = uid; Settings.Default.Save(); http.Stop(); return(uid); } catch (Exception e) { Console.WriteLine("Error: {0}", e.Message); return(null); } } return(null); }
/// <summary> /// Gets the URI used to start the OAuth2.0 authorization flow. /// </summary> /// <param name="oauthResponseType">The grant type requested, either <c>Token</c> or <c>Code</c>.</param> /// <param name="clientId">The apps key, found in the /// <a href="https://www.dropbox.com/developers/apps">App Console</a>.</param> /// <param name="redirectUri">Where to redirect the user after authorization has completed. This must be the exact URI /// registered in the <a href="https://www.dropbox.com/developers/apps">App Console</a>; even <c>localhost</c> /// must be listed if it is used for testing. A redirect URI is required for a token flow, but optional for code. /// If the redirect URI is omitted, the code will be presented directly to the user and they will be invited to enter /// the information in your app.</param> /// <param name="state">Up to 500 bytes of arbitrary data that will be passed back to <paramref name="redirectUri"/>. /// This parameter should be used to protect against cross-site request forgery (CSRF).</param> /// <param name="forceReapprove">Whether or not to force the user to approve the app again if they've already done so. /// If <c>false</c> (default), a user who has already approved the application may be automatically redirected to /// <paramref name="redirectUri"/>If <c>true</c>, the user will not be automatically redirected and will have to approve /// the app again.</param> /// <param name="disableSignup">When <c>true</c> (default is <c>false</c>) users will not be able to sign up for a /// Dropbox account via the authorization page. Instead, the authorization page will show a link to the Dropbox /// iOS app in the App Store. This is only intended for use when necessary for compliance with App Store policies.</param> /// <param name="requireRole">If this parameter is specified, the user will be asked to authorize with a particular /// type of Dropbox account, either work for a team account or personal for a personal account. Your app should still /// verify the type of Dropbox account after authorization since the user could modify or remove the require_role /// parameter.</param> /// <param name="forceReauthentication"> If <c>true</c>, users will be signed out if they are currently signed in. /// This will make sure the user is brought to a page where they can create a new account or sign in to another account. /// This should only be used when there is a definite reason to believe that the user needs to sign in to a new or /// different account.</param> /// <param name="tokenAccessType">Determines the type of token to request. See <see cref="TokenAccessType" /> /// for information on specific types available. If none is specified, this will use the legacy type.</param> /// <param name="scopeList">list of scopes to request in base oauth flow. If left blank, will default to all scopes for app</param> /// <param name="includeGrantedScopes">which scopes to include from previous grants. Note: if this user has never linked the app, include_granted_scopes must be None</param> /// <returns>The uri of a web page which must be displayed to the user in order to authorize the app.</returns> public static Uri GetAuthorizeUri(OAuthResponseType oauthResponseType, string clientId, string redirectUri = null, string state = null, bool forceReapprove = false, bool disableSignup = false, string requireRole = null, bool forceReauthentication = false, TokenAccessType tokenAccessType = TokenAccessType.Legacy, string[] scopeList = null, IncludeGrantedScopes includeGrantedScopes = IncludeGrantedScopes.None) { var uri = string.IsNullOrEmpty(redirectUri) ? null : new Uri(redirectUri); return(GetAuthorizeUri(oauthResponseType, clientId, uri, state, forceReapprove, disableSignup, requireRole, forceReauthentication, tokenAccessType, scopeList, includeGrantedScopes)); }
/// <summary> /// Gets the URI used to start the OAuth2.0 authorization flow. /// </summary> /// <param name="oauthResponseType">The grant type requested, either <c>Token</c> or <c>Code</c>.</param> /// <param name="clientId">The apps key, found in the /// <a href="https://www.dropbox.com/developers/apps">App Console</a>.</param> /// <param name="redirectUri">Where to redirect the user after authorization has completed. This must be the exact URI /// registered in the <a href="https://www.dropbox.com/developers/apps">App Console</a>; even <c>localhost</c> /// must be listed if it is used for testing. A redirect URI is required for a token flow, but optional for code. /// If the redirect URI is omitted, the code will be presented directly to the user and they will be invited to enter /// the information in your app.</param> /// <param name="state">Up to 500 bytes of arbitrary data that will be passed back to <paramref name="redirectUri"/>. /// This parameter should be used to protect against cross-site request forgery (CSRF).</param> /// <param name="forceReapprove">Whether or not to force the user to approve the app again if they've already done so. /// If <c>false</c> (default), a user who has already approved the application may be automatically redirected to /// <paramref name="redirectUri"/>If <c>true</c>, the user will not be automatically redirected and will have to approve /// the app again.</param> /// <param name="disableSignup">When <c>true</c> (default is <c>false</c>) users will not be able to sign up for a /// Dropbox account via the authorization page. Instead, the authorization page will show a link to the Dropbox /// iOS app in the App Store. This is only intended for use when necessary for compliance with App Store policies.</param> /// <param name="requireRole">If this parameter is specified, the user will be asked to authorize with a particular /// type of Dropbox account, either work for a team account or personal for a personal account. Your app should still /// verify the type of Dropbox account after authorization since the user could modify or remove the require_role /// parameter.</param> /// <param name="forceReauthentication"> If <c>true</c>, users will be signed out if they are currently signed in. /// This will make sure the user is brought to a page where they can create a new account or sign in to another account. /// This should only be used when there is a definite reason to believe that the user needs to sign in to a new or /// different account.</param> /// <param name="tokenAccessType">Determines the type of token to request. See <see cref="TokenAccessType" /> /// for information on specific types available. If none is specified, this will use the legacy type.</param> /// <param name="scopeList">list of scopes to request in base oauth flow. If left blank, will default to all scopes for app</param> /// <param name="includeGrantedScopes">which scopes to include from previous grants. Note: if this user has never linked the app, include_granted_scopes must be None</param> /// <returns>The uri of a web page which must be displayed to the user in order to authorize the app.</returns> public static Uri GetAuthorizeUri(OAuthResponseType oauthResponseType, string clientId, Uri redirectUri = null, string state = null, bool forceReapprove = false, bool disableSignup = false, string requireRole = null, bool forceReauthentication = false, TokenAccessType tokenAccessType = TokenAccessType.Legacy, string[] scopeList = null, IncludeGrantedScopes includeGrantedScopes = IncludeGrantedScopes.None ) { if (string.IsNullOrWhiteSpace(clientId)) { throw new ArgumentNullException("clientId"); } if (redirectUri == null && oauthResponseType != OAuthResponseType.Code) { throw new ArgumentNullException("redirectUri"); } var queryBuilder = new StringBuilder(); queryBuilder.Append("response_type="); switch (oauthResponseType) { case OAuthResponseType.Token: queryBuilder.Append("token"); break; case OAuthResponseType.Code: queryBuilder.Append("code"); break; default: throw new ArgumentOutOfRangeException("oauthResponseType"); } queryBuilder.Append("&client_id=").Append(Uri.EscapeDataString(clientId)); if (redirectUri != null) { queryBuilder.Append("&redirect_uri=").Append(Uri.EscapeDataString(redirectUri.ToString())); } if (!string.IsNullOrWhiteSpace(state)) { queryBuilder.Append("&state=").Append(Uri.EscapeDataString(state)); } if (forceReapprove) { queryBuilder.Append("&force_reapprove=true"); } if (disableSignup) { queryBuilder.Append("&disable_signup=true"); } if (!string.IsNullOrWhiteSpace(requireRole)) { queryBuilder.Append("&require_role=").Append(requireRole); } if (forceReauthentication) { queryBuilder.Append("&force_reauthentication=true"); } if (tokenAccessType != TokenAccessType.Legacy) { queryBuilder.Append("&token_access_type=").Append(tokenAccessType.ToString().ToLower()); } if (scopeList != null) { queryBuilder.Append("&scope=").Append(String.Join(" ", scopeList)); } if (includeGrantedScopes != IncludeGrantedScopes.None) { queryBuilder.Append("&include_granted_scopes=").Append(includeGrantedScopes.ToString().ToLower()); } var uriBuilder = new UriBuilder("https://www.dropbox.com/oauth2/authorize") { Query = queryBuilder.ToString() }; return(uriBuilder.Uri); }
/// <summary> /// Gets the URI used to start the OAuth2.0 authorization flow. Passes in codeChallenge generated in this class /// </summary> /// <param name="oauthResponseType">The grant type requested, either <c>Token</c> or <c>Code</c>.</param> /// <param name="clientId">The apps key, found in the /// <a href="https://www.dropbox.com/developers/apps">App Console</a>.</param> /// <param name="redirectUri">Where to redirect the user after authorization has completed. This must be the exact URI /// registered in the <a href="https://www.dropbox.com/developers/apps">App Console</a>; even <c>localhost</c> /// must be listed if it is used for testing. A redirect URI is required for a token flow, but optional for code. /// If the redirect URI is omitted, the code will be presented directly to the user and they will be invited to enter /// the information in your app.</param> /// <param name="state">Up to 500 bytes of arbitrary data that will be passed back to <paramref name="redirectUri"/>. /// This parameter should be used to protect against cross-site request forgery (CSRF).</param> /// <param name="forceReapprove">Whether or not to force the user to approve the app again if they've already done so. /// If <c>false</c> (default), a user who has already approved the application may be automatically redirected to /// <paramref name="redirectUri"/>If <c>true</c>, the user will not be automatically redirected and will have to approve /// the app again.</param> /// <param name="disableSignup">When <c>true</c> (default is <c>false</c>) users will not be able to sign up for a /// Dropbox account via the authorization page. Instead, the authorization page will show a link to the Dropbox /// iOS app in the App Store. This is only intended for use when necessary for compliance with App Store policies.</param> /// <param name="requireRole">If this parameter is specified, the user will be asked to authorize with a particular /// type of Dropbox account, either work for a team account or personal for a personal account. Your app should still /// verify the type of Dropbox account after authorization since the user could modify or remove the require_role /// parameter.</param> /// <param name="forceReauthentication"> If <c>true</c>, users will be signed out if they are currently signed in. /// This will make sure the user is brought to a page where they can create a new account or sign in to another account. /// This should only be used when there is a definite reason to believe that the user needs to sign in to a new or /// different account.</param> /// <param name="tokenAccessType">Determines the type of token to request. See <see cref="TokenAccessType" /> /// for information on specific types available. If none is specified, this will use the legacy type.</param> /// <param name="scopeList">list of scopes to request in base oauth flow. If left blank, will default to all scopes for app</param> /// <param name="includeGrantedScopes">which scopes to include from previous grants. Note: if this user has never linked the app, include_granted_scopes must be None</param> /// <returns>The uri of a web page which must be displayed to the user in order to authorize the app.</returns> public Uri GetAuthorizeUri(OAuthResponseType oauthResponseType, string clientId, string redirectUri = null, string state = null, bool forceReapprove = false, bool disableSignup = false, string requireRole = null, bool forceReauthentication = false, TokenAccessType tokenAccessType = TokenAccessType.Legacy, string[] scopeList = null, IncludeGrantedScopes includeGrantedScopes = IncludeGrantedScopes.None) { return(DropboxOAuth2Helper.GetAuthorizeUri(oauthResponseType, clientId, redirectUri, state, forceReapprove, disableSignup, requireRole, forceReauthentication, tokenAccessType, scopeList, includeGrantedScopes, this.CodeChallenge)); }