Reputation: 208
Use of Consumer Secret in Dropbox API
I'm was working on the Dropbox Web API and using the OAuth process. I am little bit confused here and was unable to find out exactly how things worked inspite of reading the OAuth 1.0 core. Dropbox returns to me a token key and secret key even though I do not pass my consumer secret in the Request Token call. I simply pass the consumer key/app key. Is this normal?
And I am able to get past the whole process of Request Token, Allow user to Authorize Access & Get Access Token without actually using the consumer secret key
Where do I use the consumer key in that case? I read some things about signing etc, but the fact that I'm able to get through makes me think I'm on the wrong path.
Thanks. It should be fairly simple for folks working heavily on OAuth 1.0
Upvotes: 1
Views: 1568
Answers (1)
Reputation: 16940
The secret is actually used to sign these requests, so you are in fact using the secret if these calls succeed. (If you're using a library, it is likely doing it for you, which is why you may not notice.)
Upvotes: 1
Related Questions
- Implementing OAuth on Dropbox API Python
- How to authenticate with Dropbox API from a desktop application?
- Basics about OAuth with Dropbox API
- Dropbox api "USER TOKEN", "USER SECRET"
- Is there a way to use DropBox for authentication without re-authorization?
- Dropbox token API returns "Missing client credentials" in Node.js
- How to access Dropbox API via Oauth?
- Access dropbox api without clientside authentication?
- OAUTH 1.0a without a consumer service
- OAuth and Dropbox api