Deprecate authenticateWithCordova function (#691)

* Deprecate `authenticateWithCordova` function
dropbox · Jun 16, 2021 · 357c2dd · 357c2dd
1 parent 23d20e6
commit 357c2dd
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 62 deletions.
diff --git a/UPGRADING.md b/UPGRADING.md
@@ -2,6 +2,20 @@
 
 This document is designed to show you how to upgrade to the latest version of the SDK accomodating any breaking changes introduced by major version updates.  If you find any issues with either this guide on upgrading or the changes introduced in the new version, please see [CONTRIBUTING.md][contributing]
 
+# Upgrading from v9.X.X to v10.0.0 
+
+## 1. Deprecating the `authenticateWithCordova` function
+
+The `authenticateWithCordova` function used an in-app browser within the Cordova framework to authenticate users via OAuth. As a part of hardening security, we are following [Google’s recommendation](https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html) to remove support for authentication via a “web-view” or in-app browsers. Since the `authenticateWithCordova` function relies on running in an in-app browser, we have made the choice to deprecate this function.
+
+Instead, apps will need to implement logic to handle this use case. The high level logic would be as follows:
+
+1. getAuthenticationUrl with your app’s parameters. For Native Apps, we highly encourage using PKCE to increase your app’s security.
+2. Open the authentication URL in the default system browser
+3. Redirect back into your app upon completion of the OAuth flow. 
+
+We recommend using a custom URI for redirect to ensure you are redirecting directly back into your app. You can read up on this process more in detail on the [OAuth site](https://www.oauth.com/oauth2-servers/redirect-uris/redirect-uris-native-apps/).
+
 # Upgrading from v8.X.X to v9.0.0
 
 ## 1. Unblocking browser PKCE flow

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
     "name": "dropbox",
-    "version": "9.9.0",
+    "version": "10.0.0",
     "registry": "npm",
     "description": "The Dropbox JavaScript SDK is a lightweight, promise based interface to the Dropbox v2 API that works in both nodejs and browser environments.",
     "main": "cjs/index.js",
@@ -107,4 +107,4 @@
     "dependencies": {
         "node-fetch": "^2.6.1"
     }
-}
+}
diff --git a/src/auth.js b/src/auth.js
@@ -380,64 +380,4 @@ export default class DropboxAuth {
         this.setAccessTokenExpiresAt(getTokenExpiresAtDate(res.result.expires_in));
       });
   }
-
-  /**
-     * An authentication process that works with cordova applications.
-     * @param {successCallback} successCallback
-     * @param {errorCallback} errorCallback
-     */
-  authenticateWithCordova(successCallback, errorCallback) {
-    const redirectUrl = 'https://www.dropbox.com/1/oauth2/redirect_receiver';
-    this.getAuthenticationUrl(redirectUrl)
-      .then((url) => {
-        let removed = false;
-        const browser = window.open(url, '_blank');
-
-        function onLoadError(event) {
-          // Workaround to fix wrong behavior on cordova-plugin-inappbrowser
-          if (event.code !== -999) {
-            // Try to avoid a browser crash on browser.close().
-            window.setTimeout(() => { browser.close(); }, 10);
-            errorCallback();
-          }
-        }
-
-        function onLoadStop(event) {
-          const errorLabel = '&error=';
-          const errorIndex = event.url.indexOf(errorLabel);
-
-          if (errorIndex > -1) {
-            // Try to avoid a browser crash on browser.close().
-            window.setTimeout(() => { browser.close(); }, 10);
-            errorCallback();
-          } else {
-            const tokenLabel = '#access_token=';
-            let tokenIndex = event.url.indexOf(tokenLabel);
-            const tokenTypeIndex = event.url.indexOf('&token_type=');
-            if (tokenIndex > -1) {
-              tokenIndex += tokenLabel.length;
-              // Try to avoid a browser crash on browser.close().
-              window.setTimeout(() => { browser.close(); }, 10);
-
-              const accessToken = event.url.substring(tokenIndex, tokenTypeIndex);
-              successCallback(accessToken);
-            }
-          }
-        }
-
-        function onExit() {
-          if (removed) {
-            return;
-          }
-          browser.removeEventListener('loaderror', onLoadError);
-          browser.removeEventListener('loadstop', onLoadStop);
-          browser.removeEventListener('exit', onExit);
-          removed = true;
-        }
-
-        browser.addEventListener('loaderror', onLoadError);
-        browser.addEventListener('loadstop', onLoadStop);
-        browser.addEventListener('exit', onExit);
-      });
-  }
 }