How am I supposed to work with APP_KEY and APP_SECRET (Dropbox API)
I wrote a simple piece of code using the Dropbox API, which implies using the APP_KEY and APP_SECRET of my application. Let's say someone wants to use my application too. I am creating a github repository, pushing code, etc., but of course I am not putting the APP_KEY and APP_SECRET values . Do I need to register my own instances of this application? Is there another way? Perhaps using APP_KEY and APP_SECRET together is safe enough for this to be the case?
In other words, Dropbox disallows the use of a username / password pair for authentication (while their own official app does exactly that), but I want to (for example) make a plugin for KDE Dolphin to get public links to files from a menu context, and the user shouldn't even know about all these SECRETS, KEYS and so on. What should I do?
source to share
You can encode your key using the Dropbox API Key Encoder and use dropbox.js to decode it. This way you don't need to reveal the secret key.
source to share
As I see it, the application key and secret should identify your application instance / release, not the code itself. So, if you want to release the code itself, for example to github, the app key and secret should not be included. (One way to do this is to store them in a config file that the application will read, but not include the config file in the public repo.)
Then, when you release your application (i.e. for end users for general use), it can include the application key and secret embedded inside, rather than being explicitly visible to users. Of course, the specifics here are a bit of a scenario based judgment. For example, non-compiled applications (such as shell scripts) make the source available in plain text by default even when "freed", so you probably don't want to include them.
But alternatively, if any other developers wanted to use the code and build the app themselves (from source), they must register and use their own app key / secret.
source to share
I am using Figaro Gem to hide my Dropbox private keys: https://github.com/laserlemon/figaro
source to share