Support the "Code" Authorization flow
See original GitHub issueCurrently, only the token
authorization flow is working, which is fine for front end frameworks, but using nodejs, it is way more secure to use the code
authorization flow so that the access token is not exposed to users or browser extensions.
I am guessing two things need to be supported here: the clientSecret parameter and a new method for converting a code to an access token.
Issue Analytics
- State:
- Created 7 years ago
- Reactions:2
- Comments:12 (8 by maintainers)
Top Results From Across the Web
Authorization Code Flow - Auth0
Because regular web apps are server-side apps where the source code is not publicly exposed, they can use the Authorization Code Flow (defined...
Read more >Microsoft identity platform and OAuth 2.0 authorization code flow
The OAuth 2.0 authorization code grant type, or auth code flow, enables a client application to obtain authorized access to protected resources ...
Read more >What is the OAuth 2.0 Authorization Code Grant Type?
The Authorization Code Flow · The application opens a browser to send the user to the OAuth server · The user sees the...
Read more >OAuth Code Flow | Curity Identity Server
It is split into two parts, the authorization flow that runs in the browser where the client redirects to the OAuth server and...
Read more >Guide to Authorization Code Flow for OAuth 2.0
In the Authorization Code flow, the server-side component of the web application can freely manage the user's session upon authenticating with the authorization...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
I need this functionality as well.
But in the meantime I created an “extension” package that does the trick for me. Maybe it could be useful for others too.
It can be found here: https://www.npmjs.com/package/dropbox-client-oauth2
@fadookie @xeektech The
getAccessTokenFromCode
method has been updated to support anull
redirectUri
as of v5.0.0.