UNPKG

nebulab-dropbox

Version:

Client library for the Dropbox API

github.com/nebulab-io/dropbox-js

nebulab-io/dropbox-js

116 lines (87 loc) 4.85 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
# Authentication Drivers This document explains the structure and functionality of a `dropbox.js` OAuth driver, and is intended to help the development of custom OAuth drivers. [The built-in OAuth drivers](builtin_drivers.md) are a good starting point for new implementations. ## OAuth 2 Overview The bulk of OAuth 2 is a process by which Dropbox users authorize your application to access their Dropbox. At the end of the process, your applcation obtains an access token, which is an opaque string of 64-128 URL-safe characters. The access token identifies your application and the user who authorized it. The OAuth 2 authorization process has two slightly different variants, depending on whether the application developers control and trust the environment that runs the code using `dropbox.js` * If `dropbox.js` runs in an application server (for example, in a node.js application), the environment is considered trusted. The documentation refers to this as the _server-side application_ case. * If `dropbox.js` runs in a client-side environment, such as in a Web browser or mobile application, the environment is untrusted. The documentation refers to this as the _browser-side application_ case. The term "client-side" would be more accurate, but it is not used to avoid creating a confusion with the concept of client in OAuth-related documentation. ### Browser-Side Applications ### Server-Side Applications ## The OAuth Driver Interface The core logic of the OAuth 2 authorization process is implemented by the An OAuth driver is a JavaScript object that implements the methods documented in the [Dropbox.AuthDriver class](http://coffeedoc.info/github/dropbox/dropbox-js/master/classes/Dropbox/AuthDriver.html). This class exists solely for the purpose of documenting these methods. A simple driver can get away with implementing `authType`, `url`, and `doAuthorize`. The following example shows an awfully unusable node.js driver that asks the user to visit the authorization URL in a browser. ```javascript var readline = require("readline"); var simpleDriver = { authType: function() { return "code"; }, url: function() { return ""; }, doAuthorize: function(authUrl, stateParm, client, callback) { var interface = readline.createInterface({ input: process.stdin, output: process.stdout }); interface.write("Open the URL below in a browser and paste the " + "provided authentication code.\n" + authUrl + "\n"); interface.question("> ", function(authCode) { interface.close(); callback({code: authCode}); }); } }; ``` Complex drivers can take control of the OAuth 2 process by implementing `onAuthStepChange`. Implementations of this method should read the `authStep` field of the `Dropbox.Client` instance they are given to make decisions. Implementations should call the `credentials` and `setCredentials` methods on the client to control the OAuth 2 process. See the [Dropbox.AuthDriver.Chrome source](../src/auth_driver/chrome.coffee) for a sample implementation of `onAuthStepChange`. ### The OAuth 2.0 Process Steps The `authenticate` method in `Dropbox.Client` implements the OAuth process as a finite state machine (FSM). The current state is available in the `authStep` field. The authentication FSM has the following states. * `Dropbox.Client.RESET` is the initial state, where the client has no OAuth tokens; after `onAuthStepChange` is triggered, the client will attempt to obtain an OAuth request token * `Dropbox.Client.REQUEST` indicates that the client has obtained an OAuth request token; after `onAuthStepChange` is triggered, the client will call `doAuthorize` on the OAuth driver, to get the OAuth request token authorized by the user * `Dropbox.Client.AUTHORIZED` is reached after the `doAuthorize` calls its callback, indicating that the user has authorized the OAuth request token; after `onAuthStepChange` is triggered, the client will attempt to exchange the request token for an OAuth access token * `Dropbox.Client.DONE` indicates that the OAuth process has completed, and the client has an OAuth access token that can be used in API calls; after `onAuthStepChange` is triggered, `authorize` will call its callback function, and report success * `Dropbox.Client.SIGNED_OUT` is reached when the client's `signOut` method is called, after the API call succeeds; after `onAuthStepChange` is triggered, `signOut` will call its callback function, and report success * `Dropbox.Client.ERROR` is reached if any of the Dropbox API calls used by `authorize` or `signOut` results in an error; after `onAuthStepChange` is triggered, `authorize` or `signOut` will call its callback function and report the error