Dropbox OAuth令牌流程:无需单击“允许”即可重定向? [英] dropbox oauth token flow: redirect without needing to click "allow"?
问题描述
我正在学习使用Dropbox API,并在想到令牌流时感到困惑。
I am learning to use dropbox APIs and got confused when came up with the token flow.
作为指南指出,流程应如下所示:
As guide indicates, the flow should be like this:
- 应用将用户重定向到Dropbox网页,即... / oauth2 / authorize
- 用户登录并批准应用
- 重定向回到应用程序。此时,应用程序将获得访问令牌。
但是,当我请求URL时:
However, when i requested the URL:
.../oauth2/authorize?client_id=xxx&response_type=token&redirect_uri=xxx
我被直接重定向到目的地,
I was directly redirect to the destination with
REDIRECT_URI = "#access_token=xxx&token_type=bearer&uid=xxx"
并且批准步骤被跳过,即我没有获得访问令牌。
And the "approve step" was skipped, i.e I got an access token without being allowed.
是错误还是我的错?
任何帮助将不胜感激:]
Any help would be appreciated :]
推荐答案
在某些情况下,如果用户已经批准了该应用先前访问其帐户,则他们将通过应用授权流程自动重定向。
In certain cases, when the user has already approved the app to access their account previously, they will be automatically redirected through the app authorization flow.
如果需要,您的应用可以通过使用 force_reapprove $ c来防止此行为的发生$ c>参数,记录在/ oauth2 / authorize页面h中地址:
If you want, your app can prevent this behavior from happening by using the force_reapprove
parameter, documented for the /oauth2/authorize page here:
https: //www.dropbox.com/developers/core/docs#oa2-authorize
这篇关于Dropbox OAuth令牌流程:无需单击“允许”即可重定向?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!