We're using the Dropbox API in our App but haven't found a way to succcessfully deauthenticate.
Currently we call the disable_access_token on logout, which works (i.e. subsequent calls using the token fail).
Unfortunately, the next time the OAuth2 login process is initiated the session gets completely revived without asking the user for their credentials, meaning that until the app is uninstalled, only one Dropbox user can be authenticated.
This seems to be a regression issue as everything was working a few weeks ago (that is, the session was not being revived automatically).
EDIT
To be clear, I'm looking for a way to deauthenticate the user in such a way that when the OAuth process is run again the user is presented with the login page. This is fairly compulsory behaviour, so I'm hoping somebody has found a way.
For those interested, I have found the solution.
Send a request to: http://www.dropbox.com/logout?access_token=XXXXX
This will disable the access token and prevent the OAuth process from automatically reviving.
I think the behavior you're objecting to is that the user gets auto-redirected without having to "allow" your app again. This happens if the user has at least one usable access token for your app.
/disable_access_token only disables a single access token, so if the user has others, they'll continue to get immediately redirected.
So you can either be careful to always revoke every token for a user (not always possible, e.g. if they don't use the logout functionality in your app), or you'll have to disable auto-redirection altogether. You can do that by setting the force_reapprove parameter to true when you redirect the user to /oauth2/authorize.
Out of curiosity, why do you need this?
来源:https://stackoverflow.com/questions/24133536/deauthentication-through-dropbox-json-api-webhooks