1Password Dropbox

XnCelt
XnCelt
Community Member

I changed my password on Dropbox for routine “Good security” purpose. Since 1Password needs my access to my Dropbox account to get access to my “1Password.agilekeychain” data directory, should 1Password require that new Dropbox password? I disabled my Dropbox sync and Re-enabled it, but it only asked me for my 1Password password.

Comments

  • ag_tommy
    edited December 2019

    @XnCelt

    What happens is when you initially set up the sync using Dropbox, the Dropbox servers issue the app, such as 1Password, a security token when you successfully authenticate. This token is valid unless you revoke it, and it allows the app to communicate with your Dropbox account without needing the password. You have already said yes, it's ok for this app to have access.
    If you revoke the token, you would need to re-authenticate with their servers, which would again create a new security token.

    I think Dropbox best said it themselves here https://www.dropbox.com/developers/reference/oauth-guide

    Dropbox:

    OAuth guide

    When working with the Dropbox APIs, your app will access the Dropbox service on behalf of your users. You'll need to have each user of your app authenticate with Dropbox to both verify their identity and give your app permission to access their data on Dropbox.
    Dropbox uses OAuth 2, an open specification, for this purpose. Once completed by a user, the OAuth process returns an access token to your app. The access token is a string generated by Dropbox that you'll need to send with each subsequent API request to uniquely identify both your app and the end user.

    There are several reasons we use OAuth. Most importantly, your app doesn't need to store or transmit the user's Dropbox password. OAuth also allows the user to authorize only a limited set of permissions and the user may revoke access at any time. This makes OAuth a safer and more secure form of API authorization for your users.

    I hope that helps, answer any questions you may have, and thanks for visiting.

This discussion has been closed.