Reputation: 1008
Dropbox. Storing access tokens in web storage
I am developing SPA with AngularJs that will work with Dropbox API. I need to save dropbox access token in web storage or cookies, but I'm not sure that it is safe.
Are there any mechanisms for secure storage of access tokens?
Thanks.
Upvotes: 0
Views: 512
Answers (1)
Reputation: 54821
The token that DropBox gives you when you start an oAuth session can be stored safely in the browser's local storage or cookies. It is a hash token that will only work with your applications API key.
It's your secret application key that should not be stored in the browser. That key is associated with your DropBox API account, and should only be used on the server-end.
The secret key is supposed to be kept secret. I'm sure you'll validate DropBox's terms of use by storing it any browser JavaScript. Secondly, there is no such thing as secure browser-side storage.
If you want to continue anyway. There are open source encrypto libraries for JavaScript.
https://code.google.com/p/crypto-js/
It's a futile effort, because at the end of it you are just basically replacing one secret key with another secret key. At some point your SPA needs to start decrypting something using a secret key and where is it going to get that from?
Upvotes: -1
Related Questions
- Storing API access token server-side
- Dropbox Http API - get files/folders for current token's account
- Utilize Dropbox in Web API
- Dropbox api: how to save access token to reuse later?
- How to get access token from Dropbox using JavaScript?
- Dropbox api "USER TOKEN", "USER SECRET"
- Store user token from Dropbox using DropNet
- Signin to Dropbox using access token
- How to use auth token generated on Dropbox App Console with dropbox-api (rails)
- How to use dropbox.js with OAuth 1