Working on an iOS app that will use Dropbox as a server side ( just a place to store documents that the app needs to access). Most work I see around Dropbox API is asking the user to go and login from the iOS app into Dropbox, and then get the user token and save it, But I don;t ant that, I want to have a token stored within the app at all times. How can I achieve that? is that possible or a good practice.
Asked
Active
Viewed 142 times
1
-
This is possible but not recommended. You can find a similar question here: https://stackoverflow.com/questions/27834922/auto-login-dropbox-account-on-core-api-without-login-prompt/27845255#27845255 – Greg Mar 16 '15 at 22:20
-
Hi Greg, why is this not recommended? I have a business account with dropbox and want to shoe some files in the app? its read only and no one will be able to access it! – Huang Mar 16 '15 at 22:24
-
If you embed an access token in your app, someone could extract that access token and use it directly to access, edit, or delete files, bypassing any restrictions your app itself attempted to enforce. – Greg Mar 16 '15 at 23:37
-
What if I encrypt that token? – Huang Mar 16 '15 at 23:41
-
There are various ways you can make it difficult to extract, but you can't make it impossible to extract. – Greg Mar 17 '15 at 00:10
-
ok will keep that in mind, on another note, is the cocapod for dropbox sanctioned by you guys? pod "Dropbox-iOS-SDK", I found it but found no mention of it in your API documentation. – Huang Mar 17 '15 at 01:02
-
The Dropbox SDK CocoaPods are not currently officially maintained by Dropbox, but rather by the community. – Greg Mar 17 '15 at 17:03