Module Make.OAuth2

OAuth 2.0 authentication.

val authorize : ?⁠state:string -> ?⁠force_reapprove:bool -> ?⁠disable_signup:bool -> id:string -> [ `Token of Uri.t | `Code of Uri.t option ] -> Uri.t

authorize client_id response starts the OAuth 2.0 authorization flow. This isn't an API call—it's the web page that lets the user sign in to Dropbox and authorize your app. The client_id is the app's key, found in the App Console. After the user authorizes your app, they will be sent to your redirect URI. The type of response varies based on the response:

  • `Token redirect_uri (also called "implicit grant") returns the bearer token by redirecting the user to redirect_uri after the authorization has completed. Extract the token using token_of_uri. This is useful for pure client-side apps, such as mobile apps or JavaScript-based apps.
  • `Code u if u = Some redirect_uri, returns a code via by redirecting the user to redirect_uri (extract the code using code_of_uri) or, if u = None, presents the code to use user (on screen) who will be invited to copy it in your app. The code should then be converted into a bearer token using OAuth2.token. This is recommended for apps that are running on a server.

Note that the URI for `Token and `Code must be registered in the App Console; even 'localhost' must be listed if it is used for testing.

parameter state

Up to 200 bytes of arbitrary data that will be passed back to your redirect URI. This parameter should be used to protect against cross-site request forgery (CSRF). See Sections 4.4.1.8 and 4.4.2.5 of the OAuth 2.0 threat model spec.

parameter force_reapprove

Whether or not to force the user to approve the app again if they've already done so. If false (default), a user who has already approved the application may be automatically redirected to the URI specified by redirect_uri. If true, the user will not be automatically redirected and will have to approve the app again.

parameter disable_signup

When true (default is false) users will not be able to sign up for a Dropbox account via the authorization page. Instead, the authorization page will show a link to the Dropbox iOS app in the App Store. This is only intended for use when necessary for compliance with App Store policies.

type code = string

The authorization code, which can be used to attain a bearer token by calling token.

val code_of_uri : Uri.t -> (code * string) option

code_of_uri u return the code and state from the redirect URI u after a `Code authorization.

type token = string
val token_of_uri : Uri.t -> (token * string) option

token_of_uri u parse the URI coming from a `Token flow and extract the token and state.

val token : ?⁠redirect_uri:Uri.t -> code -> id:string -> secret:string -> token Lwt.t

token code id secret acquire a token once the user has authorized the app. Only applies to apps using the authorization `Code flow.

code is the code acquired by directing users to OAuth2.authorize ~response_type:`Code.

id this should be the app's key (found in the App Console).

secret this parameter should be present and should be the app's secret.

parameter redirect_uri

Only used to validate that it matches the original authorize, not used to redirect again.