I had to do some rewriting on the way that we handle dropbox authorization per their requirements. Hopefully the method I’ve gone to will suffice. We have a kind of strange relationship with Electron, so it’s not really straightforward for us to do things the way they want us to, but I think I found a compromise that I think will satisfy them as well as not require an entire overhaul on our part.
This should hopefully solve #63. I’ll report back when I heard from Dropbox.
Background
Dropbox development status allows for 200 users to be connected at once, however, once you go over 50 users a countdown starts after which your ability to link new users becomes frozen until you apply for production status. We hit that and so no new users have been able to link to Dropbox for a couple weeks now.
I applied for status shortly after this was brought to my attention, however we were rejected on account of the way that the encryptic electron app handles Dropbox authentication. We opened it up in a web view in the electron window rather than via the default browser, the latter of which is the preferred method for handling oauth2 interactions.
This has resulted in a weird situation to be in because we don’t actually use electron (or node even) as anything except a web server that just points a static page and an over-glorified web browser. The only reason we do that instead of simply pointing at the file is because “file://” URLs don’t provide a LocalStorage space, which is sort of a hard requirement as we store everything there. I also think that Dropbox doesn’t care much for redirect URLs beginning with “file://”.
I’m not sure of any way to have done what they wanted other than to bring the Dropbox authorization over into the electron code, which would have broken our app flow. We would have to have diverging code in that case for handling electron Dropbox interactions in the app as opposed to hosted at https://app.encryptic.org (or anywhere else for that matter).
A Tentative Solution
The settings -> sync page now looks like the following:
Opening that url in your browser will take you to the dropbox authorization page. After you put your username/password in and grant permission to encryptic, you will be redirected to a page hosted as part of encryptic that looks as follows:
This requires some manual effort, but on the other hand, it follows the letter of the law on their requirements, so I’m hoping it will be sufficient.
Needless to say, this is going to result in a new release after I’m done with testing.
You can check out encryptic at https://encryptic.org.
