/// <summary>
/// Acquires a dropbox access token and saves it to the default settings for the app.
/// <para>
/// This fetches the access token from the applications settings, if it is not found there
/// (or if the user chooses to reset the settings) then the UI in <see cref="LoginForm"/> is
/// displayed to authorize the user.
/// </para>
/// </summary>
/// <returns>A valid uid if a token was acquired or null.</returns>
private async Task <string> AcquireAccessToken(string[] scopeList, IncludeGrantedScopes includeGrantedScopes)
{
Console.Write("Reset settings (Y/N) ");
if (Console.ReadKey().Key == ConsoleKey.Y)
{
Settings.Default.Reset();
}
Console.WriteLine();
var accessToken = Settings.Default.AccessToken;
var refreshToken = Settings.Default.RefreshToken;
if (string.IsNullOrEmpty(accessToken))
{
try
{
Console.WriteLine("Waiting for credentials.");
var state = Guid.NewGuid().ToString("N");
var OAuthFlow = new PKCEOAuthFlow();
var authorizeUri = OAuthFlow.GetAuthorizeUri(OAuthResponseType.Code, ApiKey, RedirectUri.ToString(), state: state, tokenAccessType: TokenAccessType.Offline, scopeList: scopeList, includeGrantedScopes: includeGrantedScopes);
var http = new HttpListener();
http.Prefixes.Add(LoopbackHost);
http.Start();
System.Diagnostics.Process.Start(authorizeUri.ToString());
// Handle OAuth redirect and send URL fragment to local server using JS.
await HandleOAuth2Redirect(http);
// Handle redirect from JS and process OAuth response.
var redirectUri = await HandleJSRedirect(http);
Console.WriteLine("Exchanging code for token");
var tokenResult = await OAuthFlow.ProcessCodeFlowAsync(redirectUri, ApiKey, RedirectUri.ToString(), state);
Console.WriteLine("Finished Exchanging Code for Token");
// Bring console window to the front.
SetForegroundWindow(GetConsoleWindow());
accessToken = tokenResult.AccessToken;
refreshToken = tokenResult.RefreshToken;
var uid = tokenResult.Uid;
Console.WriteLine("Uid: {0}", uid);
Console.WriteLine("AccessToken: {0}", accessToken);
if (tokenResult.RefreshToken != null)
{
Console.WriteLine("RefreshToken: {0}", refreshToken);
Settings.Default.RefreshToken = refreshToken;
}
if (tokenResult.ExpiresAt != null)
{
Console.WriteLine("ExpiresAt: {0}", tokenResult.ExpiresAt);
}
if (tokenResult.ScopeList != null)
{
Console.WriteLine("Scopes: {0}", String.Join(" ", tokenResult.ScopeList));
}
Settings.Default.AccessToken = accessToken;
Settings.Default.Uid = uid;
Settings.Default.Save();
http.Stop();
return(uid);
}
catch (Exception e)
{
Console.WriteLine("Error: {0}", e.Message);
return(null);
}
}
return(null);
}
/// <summary>
/// Gets the URI used to start the OAuth2.0 authorization flow.
/// </summary>
/// <param name="oauthResponseType">The grant type requested, either <c>Token</c> or <c>Code</c>.</param>
/// <param name="clientId">The apps key, found in the
/// <a href="https://www.dropbox.com/developers/apps">App Console</a>.</param>
/// <param name="redirectUri">Where to redirect the user after authorization has completed. This must be the exact URI
/// registered in the <a href="https://www.dropbox.com/developers/apps">App Console</a>; even <c>localhost</c>
/// must be listed if it is used for testing. A redirect URI is required for a token flow, but optional for code.
/// If the redirect URI is omitted, the code will be presented directly to the user and they will be invited to enter
/// the information in your app.</param>
/// <param name="state">Up to 500 bytes of arbitrary data that will be passed back to <paramref name="redirectUri"/>.
/// This parameter should be used to protect against cross-site request forgery (CSRF).</param>
/// <param name="forceReapprove">Whether or not to force the user to approve the app again if they've already done so.
/// If <c>false</c> (default), a user who has already approved the application may be automatically redirected to
/// <paramref name="redirectUri"/>If <c>true</c>, the user will not be automatically redirected and will have to approve
/// the app again.</param>
/// <param name="disableSignup">When <c>true</c> (default is <c>false</c>) users will not be able to sign up for a
/// Dropbox account via the authorization page. Instead, the authorization page will show a link to the Dropbox
/// iOS app in the App Store. This is only intended for use when necessary for compliance with App Store policies.</param>
/// <param name="requireRole">If this parameter is specified, the user will be asked to authorize with a particular
/// type of Dropbox account, either work for a team account or personal for a personal account. Your app should still
/// verify the type of Dropbox account after authorization since the user could modify or remove the require_role
/// parameter.</param>
/// <param name="forceReauthentication"> If <c>true</c>, users will be signed out if they are currently signed in.
/// This will make sure the user is brought to a page where they can create a new account or sign in to another account.
/// This should only be used when there is a definite reason to believe that the user needs to sign in to a new or
/// different account.</param>
/// <param name="tokenAccessType">Determines the type of token to request. See <see cref="TokenAccessType" />
/// for information on specific types available. If none is specified, this will use the legacy type.</param>
/// <param name="scopeList">list of scopes to request in base oauth flow. If left blank, will default to all scopes for app</param>
/// <param name="includeGrantedScopes">which scopes to include from previous grants. Note: if this user has never linked the app, include_granted_scopes must be None</param>
/// <returns>The uri of a web page which must be displayed to the user in order to authorize the app.</returns>
public static Uri GetAuthorizeUri(OAuthResponseType oauthResponseType, string clientId, string redirectUri = null, string state = null, bool forceReapprove = false, bool disableSignup = false, string requireRole = null, bool forceReauthentication = false, TokenAccessType tokenAccessType = TokenAccessType.Legacy, string[] scopeList = null, IncludeGrantedScopes includeGrantedScopes = IncludeGrantedScopes.None)
{
var uri = string.IsNullOrEmpty(redirectUri) ? null : new Uri(redirectUri);
return(GetAuthorizeUri(oauthResponseType, clientId, uri, state, forceReapprove, disableSignup, requireRole, forceReauthentication, tokenAccessType, scopeList, includeGrantedScopes));
}
/// <summary>
/// Gets the URI used to start the OAuth2.0 authorization flow.
/// </summary>
/// <param name="oauthResponseType">The grant type requested, either <c>Token</c> or <c>Code</c>.</param>
/// <param name="clientId">The apps key, found in the
/// <a href="https://www.dropbox.com/developers/apps">App Console</a>.</param>
/// <param name="redirectUri">Where to redirect the user after authorization has completed. This must be the exact URI
/// registered in the <a href="https://www.dropbox.com/developers/apps">App Console</a>; even <c>localhost</c>
/// must be listed if it is used for testing. A redirect URI is required for a token flow, but optional for code.
/// If the redirect URI is omitted, the code will be presented directly to the user and they will be invited to enter
/// the information in your app.</param>
/// <param name="state">Up to 500 bytes of arbitrary data that will be passed back to <paramref name="redirectUri"/>.
/// This parameter should be used to protect against cross-site request forgery (CSRF).</param>
/// <param name="forceReapprove">Whether or not to force the user to approve the app again if they've already done so.
/// If <c>false</c> (default), a user who has already approved the application may be automatically redirected to
/// <paramref name="redirectUri"/>If <c>true</c>, the user will not be automatically redirected and will have to approve
/// the app again.</param>
/// <param name="disableSignup">When <c>true</c> (default is <c>false</c>) users will not be able to sign up for a
/// Dropbox account via the authorization page. Instead, the authorization page will show a link to the Dropbox
/// iOS app in the App Store. This is only intended for use when necessary for compliance with App Store policies.</param>
/// <param name="requireRole">If this parameter is specified, the user will be asked to authorize with a particular
/// type of Dropbox account, either work for a team account or personal for a personal account. Your app should still
/// verify the type of Dropbox account after authorization since the user could modify or remove the require_role
/// parameter.</param>
/// <param name="forceReauthentication"> If <c>true</c>, users will be signed out if they are currently signed in.
/// This will make sure the user is brought to a page where they can create a new account or sign in to another account.
/// This should only be used when there is a definite reason to believe that the user needs to sign in to a new or
/// different account.</param>
/// <param name="tokenAccessType">Determines the type of token to request. See <see cref="TokenAccessType" />
/// for information on specific types available. If none is specified, this will use the legacy type.</param>
/// <param name="scopeList">list of scopes to request in base oauth flow. If left blank, will default to all scopes for app</param>
/// <param name="includeGrantedScopes">which scopes to include from previous grants. Note: if this user has never linked the app, include_granted_scopes must be None</param>
/// <returns>The uri of a web page which must be displayed to the user in order to authorize the app.</returns>
public static Uri GetAuthorizeUri(OAuthResponseType oauthResponseType, string clientId, Uri redirectUri = null, string state = null, bool forceReapprove = false, bool disableSignup = false, string requireRole = null, bool forceReauthentication = false, TokenAccessType tokenAccessType = TokenAccessType.Legacy, string[] scopeList = null, IncludeGrantedScopes includeGrantedScopes = IncludeGrantedScopes.None
)
{
if (string.IsNullOrWhiteSpace(clientId))
{
throw new ArgumentNullException("clientId");
}
if (redirectUri == null && oauthResponseType != OAuthResponseType.Code)
{
throw new ArgumentNullException("redirectUri");
}
var queryBuilder = new StringBuilder();
queryBuilder.Append("response_type=");
switch (oauthResponseType)
{
case OAuthResponseType.Token:
queryBuilder.Append("token");
break;
case OAuthResponseType.Code:
queryBuilder.Append("code");
break;
default:
throw new ArgumentOutOfRangeException("oauthResponseType");
}
queryBuilder.Append("&client_id=").Append(Uri.EscapeDataString(clientId));
if (redirectUri != null)
{
queryBuilder.Append("&redirect_uri=").Append(Uri.EscapeDataString(redirectUri.ToString()));
}
if (!string.IsNullOrWhiteSpace(state))
{
queryBuilder.Append("&state=").Append(Uri.EscapeDataString(state));
}
if (forceReapprove)
{
queryBuilder.Append("&force_reapprove=true");
}
if (disableSignup)
{
queryBuilder.Append("&disable_signup=true");
}
if (!string.IsNullOrWhiteSpace(requireRole))
{
queryBuilder.Append("&require_role=").Append(requireRole);
}
if (forceReauthentication)
{
queryBuilder.Append("&force_reauthentication=true");
}
if (tokenAccessType != TokenAccessType.Legacy)
{
queryBuilder.Append("&token_access_type=").Append(tokenAccessType.ToString().ToLower());
}
if (scopeList != null)
{
queryBuilder.Append("&scope=").Append(String.Join(" ", scopeList));
}
if (includeGrantedScopes != IncludeGrantedScopes.None)
{
queryBuilder.Append("&include_granted_scopes=").Append(includeGrantedScopes.ToString().ToLower());
}
var uriBuilder = new UriBuilder("https://www.dropbox.com/oauth2/authorize")
{
Query = queryBuilder.ToString()
};
return(uriBuilder.Uri);
}
/// <summary>
/// Gets the URI used to start the OAuth2.0 authorization flow. Passes in codeChallenge generated in this class
/// </summary>
/// <param name="oauthResponseType">The grant type requested, either <c>Token</c> or <c>Code</c>.</param>
/// <param name="clientId">The apps key, found in the
/// <a href="https://www.dropbox.com/developers/apps">App Console</a>.</param>
/// <param name="redirectUri">Where to redirect the user after authorization has completed. This must be the exact URI
/// registered in the <a href="https://www.dropbox.com/developers/apps">App Console</a>; even <c>localhost</c>
/// must be listed if it is used for testing. A redirect URI is required for a token flow, but optional for code.
/// If the redirect URI is omitted, the code will be presented directly to the user and they will be invited to enter
/// the information in your app.</param>
/// <param name="state">Up to 500 bytes of arbitrary data that will be passed back to <paramref name="redirectUri"/>.
/// This parameter should be used to protect against cross-site request forgery (CSRF).</param>
/// <param name="forceReapprove">Whether or not to force the user to approve the app again if they've already done so.
/// If <c>false</c> (default), a user who has already approved the application may be automatically redirected to
/// <paramref name="redirectUri"/>If <c>true</c>, the user will not be automatically redirected and will have to approve
/// the app again.</param>
/// <param name="disableSignup">When <c>true</c> (default is <c>false</c>) users will not be able to sign up for a
/// Dropbox account via the authorization page. Instead, the authorization page will show a link to the Dropbox
/// iOS app in the App Store. This is only intended for use when necessary for compliance with App Store policies.</param>
/// <param name="requireRole">If this parameter is specified, the user will be asked to authorize with a particular
/// type of Dropbox account, either work for a team account or personal for a personal account. Your app should still
/// verify the type of Dropbox account after authorization since the user could modify or remove the require_role
/// parameter.</param>
/// <param name="forceReauthentication"> If <c>true</c>, users will be signed out if they are currently signed in.
/// This will make sure the user is brought to a page where they can create a new account or sign in to another account.
/// This should only be used when there is a definite reason to believe that the user needs to sign in to a new or
/// different account.</param>
/// <param name="tokenAccessType">Determines the type of token to request. See <see cref="TokenAccessType" />
/// for information on specific types available. If none is specified, this will use the legacy type.</param>
/// <param name="scopeList">list of scopes to request in base oauth flow. If left blank, will default to all scopes for app</param>
/// <param name="includeGrantedScopes">which scopes to include from previous grants. Note: if this user has never linked the app, include_granted_scopes must be None</param>
/// <returns>The uri of a web page which must be displayed to the user in order to authorize the app.</returns>
public Uri GetAuthorizeUri(OAuthResponseType oauthResponseType, string clientId, string redirectUri = null, string state = null, bool forceReapprove = false, bool disableSignup = false, string requireRole = null, bool forceReauthentication = false, TokenAccessType tokenAccessType = TokenAccessType.Legacy, string[] scopeList = null, IncludeGrantedScopes includeGrantedScopes = IncludeGrantedScopes.None)
{
return(DropboxOAuth2Helper.GetAuthorizeUri(oauthResponseType, clientId, redirectUri, state, forceReapprove, disableSignup, requireRole, forceReauthentication, tokenAccessType, scopeList, includeGrantedScopes, this.CodeChallenge));
}
