Use OAuth 2.0 tokens from your site for authorization in dialog

If you have integration with the one of social networks or cloud services through OAuth 2, and want to reuse user’s token in the Uploadcare widget, you can use API for that:

  1. First, you need to check that you request all permissions required for Uploadcare widget’s normal work. You can find the full list in the Required Permissions section of this document.
  2. It is only possible to set token from the client. If you are using tokens only on the server side, you’ll need to temporary transfer them to the client and send requests from the browser. Please, make sure that your site is served via HTTPS, otherwise, this is a huge security vulnerability.
  3. If you are using custom OAuth apps, it will take some extra work to make everything work together.
  4. You will need to send GET request to the following URL: https://social.uploadcare.com/[storage_key]/set_keys. For what is [storage_key], see the Storage Key section of this document.

You’ll need to send the following information through query string:

  • public_keyrequired. The public key of your Uploadcare project.
  • access_tokenrequired. The access token issued by the authorization server.
  • token_typerequired. The type of the token issued by the authorization server. In most cases it is Bearer.
  • refresh_tokenoptional. The refresh token, which can be used to get new access tokens using the same authorization grant.

The request can be sent any time. The best time is when the user is logged in to your site through OAuth 2.0. But if you already have a lot of logged in users, you may need to send this request on a page load.

Keep in mind, that for security reasons it is not possible to use tokens from the widget in your apps. You can only expose your keys to Uploadcare.

Storage Key Explanation

The storage key is a part of URL, which you (and Uploadcare widget) uses for communication with social services. In simple cases, this is the service name. For example: box, huddle, flickr, evernote, instagram, vk, skydrive, facebook, dropbox, and gdrive.

But if you are useing custom OAuth apps for your project, these keys will be different. The easiest way to find out the right storage key is to look for it in browser’s developer tools. Open the widget on the tab you are interested in and find the request to social.uploadcare.com

Storage Key

Required Permissions

Some of the services need extra permissions to work with Uploadcare. Here is the full list of them:

  • Facebook: user_photos, user_videos, user_likes, user_friends
  • Google Drive: https://www.googleapis.com/auth/drive.readonly
  • OneDrive: wl.offline_access, wl.skydrive
  • VK: friends, photos,docs, offline