问题
I am learning to use dropbox APIs and got confused when came up with the token flow.
As guide indicates, the flow should be like this:
- the app redirect the user to a Dropbox webpage, i.e. .../oauth2/authorize
- user logs in and approves the app
- redirect back to the app. At this point, the app gets an access token.
However, when i requested the URL:
.../oauth2/authorize?client_id=xxx&response_type=token&redirect_uri=xxx
I was directly redirect to the destination with
REDIRECT_URI = "#access_token=xxx&token_type=bearer&uid=xxx"
And the "approve step" was skipped, i.e I got an access token without being allowed.
Is it a bug or my fault?
Any help would be appreciated :]
回答1:
In certain cases, when the user has already approved the app to access their account previously, they will be automatically redirected through the app authorization flow.
If you want, your app can prevent this behavior from happening by using the force_reapprove parameter, documented for the /oauth2/authorize page here:
https://www.dropbox.com/developers/core/docs#oa2-authorize
来源:https://stackoverflow.com/questions/35633222/dropbox-oauth-token-flow-redirect-without-needing-to-click-allow