Skip to content

Dropbox: Add support for refresh tokens#9131

Closed
Baitinq wants to merge 2 commits into
koreader:masterfrom
Baitinq:master
Closed

Dropbox: Add support for refresh tokens#9131
Baitinq wants to merge 2 commits into
koreader:masterfrom
Baitinq:master

Conversation

@Baitinq

@Baitinq Baitinq commented May 25, 2022

Copy link
Copy Markdown

Dropbox dropped support for long-lived access tokens, keeping only
short-lived ones when you use the "Generate token" method, meaning that
the token only works for a few hours.

This commit introduces support for refresh tokens which allow for
generating short-lived tokens dynamically, essentially having the same
functionality as a long-lived token.

The downside is that in the "Dropbox token" field in the settings you
now have to both add a refresh token (which isn't trivial to generate https://dropbox.tech/developers/migrating-app-permissions-and-access-tokens),
as well as the app's key, a colon and the app's secret (all this in
base64 encoding).

In the future the refresh-token support would probably be better if it
didnt generate a new short-lived token for each request (which this
implementation does), and instead cached them and just generated new
ones when they expired.

Fixes #8571


This change is Reviewable

@Baitinq Baitinq force-pushed the master branch 2 times, most recently from bd6568b to 6d1647d Compare May 25, 2022 17:48
@Frenzie Frenzie added the Plugin label May 25, 2022
@Frenzie Frenzie added this to the 2022.06 milestone May 25, 2022
Comment thread frontend/apps/cloudstorage/dropboxapi.lua Outdated
@Frenzie Frenzie requested a review from hius07 May 25, 2022 19:22
Dropbox dropped support for long-lived access tokens, keeping only
short-lived ones when you use the "Generate token" method, meaning that
the token only works for a few hours.

This commit introduces support for refresh tokens which allow for
generating short-lived tokens dynamically, essentially having the same
functionality as a long-lived token.

The downside is that in the "Dropbox token" field in the settings you
now have to both add a refresh token (which isn't trivial to generate https://dropbox.tech/developers/migrating-app-permissions-and-access-tokens),
as well as the app's key, a colon and the app's secret (all this in
base64 encoding).

In the future the refresh-token support would probably be better if it
didnt generate a new short-lived token for each request (which this
implementation does), and instead cached them and just generated new
ones when they expired.

Fixes koreader#8571
Comment thread frontend/apps/cloudstorage/dropbox.lua Outdated

function DropBox:config(item, callback)
local text_info = "How to generate Access Token:\n"..
local text_info = "How to link your Dropbox account:\n"..

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, I'd overlooked this untranslated string earlier but if you don't mind (since it's not really part of this PR per se), could you make this:

_([[multiline string]])

That should be the easiest for translators.

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think its done, let me know if I should change anything else

@hius07

hius07 commented May 26, 2022

Copy link
Copy Markdown
Member

What if a user has a long-lived token available?

@Baitinq

Baitinq commented May 26, 2022

Copy link
Copy Markdown
Author

What if a user has a long-lived token available?

I think we should drop the support for long-lived tokens as they have been unavailable for over 6 months but if you want we could also add a checkbox or something to add support for the deprecated long-lived tokens:)

@hius07

hius07 commented May 26, 2022

Copy link
Copy Markdown
Member

My old long-lived token works fine right now.

@Baitinq

Baitinq commented May 26, 2022

Copy link
Copy Markdown
Author

My old long-lived token works fine right now.

Yes, but new users cannot generate any new long-lived tokens, so that would only work for people who have generated a token before December 2021

@hius07

hius07 commented May 27, 2022

Copy link
Copy Markdown
Member

So we need a checkbox to allow using an old long-lived tokens and a new field in the server settings.

Secondly, can you consider the possibility to generate an access token once at the beginning of the current session, store it in self.dropbox_access_token, and clear upon closing the Dropbox or CloudStorage menu (as a compromised simpler solution, to avoid checking via 401 error if the token has expired).

For sure we shall need to write the clearer instruction how to generate a refresh token, including under Windows systems. I've used Postman for that. Are there any online services to make a POST request without registration?

@Frenzie

Frenzie commented May 27, 2022

Copy link
Copy Markdown
Member

I'm not sure about any online services, but there is something called Thunder Client that provides a GUI tool.

Note that curl is now shipped with Windows: https://curl.se/windows/microsoft.html

@Baitinq

Baitinq commented May 27, 2022

Copy link
Copy Markdown
Author

Secondly, can you consider the possibility to generate an access token once at the beginning of the current session, store it in self.dropbox_access_token, and clear upon closing the Dropbox or CloudStorage menu (as a compromised simpler solution, to avoid checking via 401 error if the token has expired).

That is a really good idea, i will certainly do that

So we need a checkbox to allow using an old long-lived tokens and a new field in the server settings.

I'm still unsure about why would keep support for long-lived tokens as they are not able to be generated anymore so it would kind of be just having support for a deprecated feature

For sure we shall need to write the clearer instruction how to generate a refresh token, including under Windows systems. I've used Postman for that. Are there any online services to make a POST request without registration?

Yes, we would definitely need better instructions. I used curl to generate the refresh token but there is probably a more user-friendly way:) (maybe we could create a bash script that generates it)

@hius07

hius07 commented May 29, 2022

Copy link
Copy Markdown
Member

I would propose to keep support of long-lived tokens at least for some transition period.
It can be designed smth like
1
and just check for empty app_key_colon_secret_b64.

@cramoisi

cramoisi commented Jun 9, 2022

Copy link
Copy Markdown
Contributor

Hi !
It would be nice to keep support of long-lived tokens alive. I don't know how people deal with this but in my case i generated a token 4 years ago and it's still ok. I use the feature on a daily basis :) Copying regulary the long dropbox token without typo seems really a pain to me .

@mergen3107

Copy link
Copy Markdown
Contributor

I also still have the old token :D

@Frenzie

Frenzie commented Jun 9, 2022

Copy link
Copy Markdown
Member

I think mine expired by not using it for a few months.

@cramoisi

cramoisi commented Jun 9, 2022

Copy link
Copy Markdown
Contributor

Mine is still ok and i can think of large periods of time i didn't use it (and didn't use my kobo at all). Is it because i generated it as mentionned here ?

To get standard Dropbox API access tokens, you should use your own API app registration. For instance, you can use the "Generate" button on your app's page on the App Console, or use the OAuth app authorization flow with your app.

https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/API-access-token-expired/td-p/363473

@Frenzie Frenzie modified the milestones: 2022.06, 2022.07 Jun 19, 2022
@Baitinq

Baitinq commented Jun 26, 2022

Copy link
Copy Markdown
Author

I would propose to keep support of long-lived tokens at least for some transition period. It can be designed smth like 1 and just check for empty app_key_colon_secret_b64.

@hius07 That could indeed work although I do see it as a bit of unnecessary work as the tokens are completely deprecated and we should switch sooner rather than later to the supported method. If you really feel this is necessary I will try and implement it over this next few days, as it would need a partial rewrite of the cloudstorage.lua interface.

@Frenzie Frenzie modified the milestones: 2022.07, 2022.08 Jul 31, 2022
@Frenzie Frenzie removed this from the 2022.08 milestone Aug 19, 2022
@poire-z

poire-z commented Oct 2, 2022

Copy link
Copy Markdown
Contributor

Is this superceded by #9496 ?

@hius07

hius07 commented Oct 2, 2022

Copy link
Copy Markdown
Member

Closed in favour of #9496.

@hius07 hius07 closed this Oct 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Cloud storage: deal with Dropbox short-lived token.

6 participants