OAuth, dropbox api and multiple clients

E

emissarman2014-07-17 02:19:38

OAuth

emissarman, 2014-07-17 02:19:38

OAuth, dropbox api and multiple clients - is it safe?

Goodnight.
I'm scratching my head here. There is an application created in dropbox. There is a SDK with examples in php. There are client web scripts that should work with the dropbox API through the same application. Those. each client must have an instance of the script. Accordingly, for authorization and subsequent requests to the api, you will have to store app_key and app_secret for each client - what is the risk of this? Or have I misunderstood something?
What can be done in general, knowing the app_key and app_secret from the application? Can this threaten something to my account (on which this very application was created) or only to the client?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

D

Dmitry Entelis, 2014-07-17
@DmitriyEntelis

What do you mean by "dropbox built app" ?
If this is a web application, then the app_secret must be hardcoded in the php code, executed on the server and not available to the client, respectively.
PS
Since the api goes to dropbox under the client's account, the leakage of these parameters, in principle, does not threaten anything bad. Well, unless a playful user uses them to simulate a flow of requests to dropbox from your application and you run out of limits on requests, the application will break for everyone at once.