在没有登录提示的情况下自动登录 Core Api 上的 Dropbox 帐户 [英] Auto Login Dropbox account on Core Api without Login Prompt

问题描述

我是 iOs 开发的新手，我正在创建一个使用我自己的 Dropbox 帐户的应用程序.我希望我的应用程序自动登录到我的帐户以便能够修改 &在我的应用程序文件夹中添加文件.文档说我应该调用: [[DBSession sharedSession]linkFromController:viewController]; 才能登录.但我不想向用户显示登录提示，因为我只希望它自动登录我的 Dropbox 帐户.有什么方法可以在不违反 dropbox api 标准的情况下在后台登录.顺便说一下，我使用的是核心 API.请帮帮我.

I am new to iOs development and I'm creating an app that uses my own dropbox account. I want my app to automatically login to my account to be able to modify & add files in my App's folder. The documentation says that i should call: [[DBSession sharedSession]linkFromController:viewController]; to be able to login. But i dont want to show the login prompt to user's because i only want it to login to my Dropbox account automatically. Is there any way i could achieve login in the background without also violating the dropbox api standards. Im using the Core API by the way. Please help me.

推荐答案

Dropbox API 的设计初衷是让每个用户都可以链接自己的 Dropbox 帐户，以便与自己的文件进行交互.但是，技术上可以只连接到一个帐户.SDK 不提供明确的支持，出于各种技术和安全原因，我们不建议这样做.

The Dropbox API was designed with the intention that each user would link their own Dropbox account, in order to interact with their own files. However, it is technically possible to connect to just one account. The SDKs don't offer explicit support for it and we don't recommend doing so, for various technical and security reasons.

但是，如果您确实想走这条路线，您可以手动为您的应用使用现有的访问令牌，而不是启动授权流程.(注意不要撤销它，例如通过 https://www.dropbox.com/account/security .) 在 iOS Core SDK 中，您需要使用:

However if you did want to go this route, instead of kicking off the authorization flow, you would manually use an existing access token for your app. (Just be careful not to revoke it, e.g. via https://www.dropbox.com/account/security .) In the iOS Core SDK you'd need to use:

- (void)updateAccessToken:(NSString *)token accessTokenSecret:(NSString *)secret forUserId:(NSString *)userId;

再说一遍，这不是一个好主意.由于这将是一个客户端应用程序，因此您的应用程序的任何恶意用户都可以提取访问令牌并使用它来绕过您的应用程序试图实施的任何访问限制.例如，他们可以访问不应该访问的内容，或者使用其他用户会访问的恶意负载添加或替换内容.

Again though, this isn't a good idea. Since this would be a client-side app, any malicious user of your app could extract the access token and use it to bypass any access restrictions your app attempted to enforce. For example, they could access content they shouldn't or add or replace content with a malicious payload that other users would access.

这篇关于在没有登录提示的情况下自动登录 Core Api 上的 Dropbox 帐户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！