This module is responsible for authorization and token store in the system keyring.
OAuth2Session(config_name: str, app_key: str = DROPBOX_APP_KEY)¶
Provides Dropbox OAuth flow and key store interface
OAuth2Session provides OAuth 2 login and token store in the preferred system keyring. To authenticate with Dropbox, run
get_auth_url()first and direct the user to visit that URL and retrieve an auth token. Verify the provided auth token with
verify_auth_token()and save it in the system keyring together with the corresponding Dropbox ID by calling
save_creds(). Supported keyring backends are, in order of preference:
Any keyring implementing the SecretService Dbus specification
Plain text storage
When the auth flow is completed, a short-lived access token and a long-lived refresh token are generated. Only the long-lived refresh token will be saved in the system keychain for future sessions, it can be used to generate short-lived access tokens as needed.
If the auth flow was previously completed before Dropbox migrated to short-lived tokens, the
token_access_typewill be ‘legacy’ and only a long-lived access token will be available.
Once the token has been stored with a keyring backend, that backend will be saved in the config file and remembered until the user unlinks the account. This module will therefore never switch keyring backends while linked.
Unlike MacOS Keychain, Gnome Keyring and KWallet do not support app-specific access to passwords. If the user unlocks those keyrings, we and any other application in the same user session get access to all saved passwords.
config_name – Name of maestral config.
Trueif we have full auth credentials,
account_id(self) → Optional[str]¶
Returns the account ID (read only). This call may block until the keyring is unlocked.
token_access_type(self) → Optional[str]¶
Returns the type of access token. If ‘legacy’, we have a long-lived access token. If ‘offline’, we have a short-lived access token with an expiry time and a long-lived refresh token to generate new access tokens.
access_token(self) → Optional[str]¶
Returns the access token (read only). This will always be set for a ‘legacy’ token. For an ‘offline’ token, this will only be set if we completed the auth flow in the current session. In case of an ‘offline’ token, use the refresh token to retrieve a short-lived access token through the Dropbox API instead. The call may block until the keyring is unlocked.
refresh_token(self) → Optional[str]¶
Returns the refresh token (read only). This will only be set for an ‘offline’ token. The call may block until the keyring is unlocked.
access_token_expiration(self) → Optional[datetime]¶
Returns the expiry time for the short-lived access token. This will only be set for an ‘offline’ token and if we completed the flow during the current session.
load_token(self) → None¶
KeyringAccessError – If the system keyring is locked.
get_auth_url(self) → str¶
Gets the auth URL to start the OAuth2 implicit grant flow.
Dropbox auth URL.
verify_auth_token(self, token) → int¶
Verify the provided authorization token with Dropbox servers.
save_creds(self) → None¶
Saves the auth token to system keyring. Falls back to plain text storage if the user denies access to keyring.