CODEWITHSUNDEEP
androidauthenticationfile-uploaddropbox-api
Denizen
Denizen

Reputation: 335

Dropbox Api AccessToken Changed

I am developing an android application that has the potential to provide large amount of statistical information. I want to save this data on my dropbox to be analyzed later.

So I used the AuthActivity to get the key and secret for my own account, which I then hardcoded to get an AcessTokenPair instance:

    AcessTokenPair tokenPair = new AccessTokenPair("key", "secret");
    mDBApi.getSession().setAccessTokenPair(tokenPair);

I then send the file to my dropbox using the AsyncTask below:

    private class SendToDropbox extends AsyncTask<String, Void, String> {

        @SuppressWarnings("deprecation")
        @Override
        protected String doInBackground(String... arg0) {
            // TODO Auto-generated method stub

            String timestamp = new Date().toString();
            FileInputStream inputStream = null;
            DisplayMetrics dm = new DisplayMetrics();
            win.getDefaultDisplay().getMetrics(dm);
            double x = Math.pow(dm.widthPixels / dm.xdpi, 2);
            double y = Math.pow(dm.heightPixels / dm.ydpi, 2);
            double screenInches = Math.sqrt(x + y);
            File sdcard = new File(Environment.getExternalStorageDirectory()
                .getPath());
            File session = null;

            try {
                 session = File.createTempFile("analytics_" + timestamp, ".txt", sdcard);

                if (session.exists()) {
                    PrintStream ps = new PrintStream(session);
                    ps.println("Screen Size: " + screenInches);
                    ps.println("Device: " + android.os.Build.MODEL);
                    ps.println("Carrier: " + android.os.Build.BRAND);
                    ps.println("Locale: " + Locale.getDefault().toString());
                    ps.println("OS: " + android.os.Build.VERSION.SDK);
                    ps.println("${EOF}");

                    ps.checkError();
                    ps.close();

                    inputStream = new FileInputStream(session);
                    com.dropbox.client2.DropboxAPI.Entry newEntry = mDBApi
                        .putFile("Analytics" + File.separator
                                + session.getName(), inputStream,
                                session.length(), null, null);
                    if (session.delete()) {
                    } else {
                        session.deleteOnExit();
                    }
                    Log.i("DbExampleLog", "The uploaded file's rev is: "
                        + newEntry.rev);
                } else {
                Log.e("DropBoxFile", "SD NOT MOUNTED!!");
                }

            } catch (DropboxUnlinkedException e) {
                // User has unlinked, ask them to link again here.
                Log.e("DbExampleLog", "User has unlinked.");
            } catch (DropboxException e) {
                Log.e("DbExampleLog", "Something went wrong while uploading.");
            } catch (FileNotFoundException e) {
                Log.e("DbExampleLog", "File not found.");
            } catch (IOException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            } finally {
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e) {
                    }
                }
            }

          return null;
    }

The only problem with this code is that it only works a few weeks, maybe a month before the access token changes. This means I would have to manually update the apk every few weeks, which isn't very feasible. Instead I would like to store the keys on a website or online file that I can access via http.

Are there any free programs that DO NOT require account access and allow you to upload and edit .txt files on the web?

Upvotes: 0

Views: 1449

Answers (2)

Andrew
Andrew

Reputation: 1073

Access tokens do not currently expire, though that may change in future. You'd need to be very careful never to unlink your app from the account used to generate the token, though, since that would invalidate the token which is hard-coded into your app.

I can't recommend this, though, for security reasons. A token embedded into your app can be discovered by someone reverse-engineering the app. And anyone with that token can not only read, but also write to the Dropbox (or App folder) to which the token has access, and by doing so they might screw up the other users of your app.

Upvotes: 1

snrlx
snrlx

Reputation: 5107

From the Dropbox Best Practices: Best Practices

Your app should take precautions in case of revoked access. Access tokens may be disabled by the user (from the account page), revoked by Dropbox administrators in cases of abuse, or simply expire over time.

In the case where a token is no longer authorized, the REST API will return an HTTP Error 401 Unauthorized response. The iOS SDK detects 401s for you and will call the sessionDidReceiveAuthorizationFailure: method on the session's delegate to notify you that the authorization was revoked. The Android, Python, Ruby, and Java SDKs will all raise an exception on server errors that you can catch and inspect. Re-authenticating is typically all that is necessary to regain access.

So the Access Token can surely change over time. You just must be flexible enough to deal with that.

Upvotes: 0

Related Questions