java DropBox SDK generate token with Redirect

Question

after reading the official Dropbox documentation, I managed to write this code to authenticate the user with DropBox and get his access token. The user has to copy and paste the token, I don't like this step and I noticed that some developer can use the withRedirect() method of the DbxWebAuth class. There is an example for using redirect, but it is for web applications and I was unable to adapt it to my desktop app. Have any of you had anything to do with this? This is currently my code

 public static void main(String[] args) throws Exception {

    String accessToken = "";
    String userLocale = null;
    DbxRequestConfig requestConfig = new DbxRequestConfig("text-edit/0.1", userLocale);
    DbxAppInfo appInfo = new DbxAppInfo("myString", "myString");
    DbxWebAuth auth = new DbxWebAuth(requestConfig, appInfo);
    DbxWebAuth.Request requestAuth = DbxWebAuth.newRequestBuilder().withNoRedirect().build();
    String authorizeUrl = auth.authorize(requestAuth);

    System.out.println("1. Go to " + authorizeUrl);
    System.out.println("2. Click \"Allow\" (you might have to log in first).");
    System.out.println("3. Copy the authorization code.");

    //Abrimos el enlace de autenticación del paciente en la carpeta de DropBox
    try {
        URL authenticationURL = new URL(authorizeUrl);
        Desktop.getDesktop().browse(authenticationURL.toURI());

    } catch (Exception e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }
    JFrame frame1 = new JFrame("InputDialog Example #2");
    frame1.setAlwaysOnTop(true);

    String code = JOptionPane.showInputDialog(frame1, "Insert verification code");

    System.out.println(code);
    code = code.trim();

    try {
        DbxAuthFinish authFinish = auth.finishFromCode(code);

        accessToken = authFinish.getAccessToken();

    } catch (Exception e) {

    }
}

Answer 1

I'm being lazy by not writing any code here but in a callback scheme where you provide a redirect URL to the auth server, that URL is loaded by your system browser via a 301 redirect, which means the Dropbox servers don't actually need to reach your callback URL, all they're doing is redirecting your client. A lot of times people use localhost as their callback URL when testing web apps because of this.

What this means is you don't actually need to run a web server in order to receive the parameters that were passed in the callback URL (i.e. your access token) because you already have the URL and its query parameters, provided to you in the 301 response from the server. Albeit there are small web servers such as nanohttpd that are very easy to embed in your code in case this all sounds a little too complicated.

Alternatives to embedding a web server in your code to listen for the callback:

Method 1: In cases like yours, if you don't want to set up a web server to listen at a port, then your native application just needs to claim some URL space, so that the system doesn't load it in the native browser but instead passes the URL to your native application. If this is going to be a Windows application you could register a custom protocol in order to intercept requests made to that endpoint using your app. You could also do this with iOS and Android.

Method 2: MY CHOICE An alternative approach would be to use a client like Unirest or httpclient to make your initial contact with the Dropbox auth server instead of the desktop browser as you do in your try block above. This would allow you to get the response from the Dropbox server and parse it. If however you absolutely need to go to the Dropbox webpage for the user to enter their credentials (i.e. you can't determine how to pass the credentials via httpclient) then you might be stuck using the system browser and using method 1.

Here's an example of making a request with httpclient, choosing to not follow the 301/302 redirect, and then parsing the redirect location (the URL with your access token) from the headers returned.