TADVDropbox Logout - Does NOT Log Me Out

I am trying to use the TADVDropbox comment's Logout procedure. the is no (and I mean absolutely no) documentation on this issue. Wading through the code, I see that the procedure supposedly sends an HTTPS://www.Dropbox.com/Logout, that actually what I want.


To prove that works I:

  1. Logged in in a browser page as kevinoblack@gmail.com
  2. Verified I had access to FILES
  3. in the browser executed 'https://www.Dropbox.com/logout'
  4. The screen flashed 'logging out'
  5. The files were no longer available
  6. I then re-LOGIN as kevinoblack@gmail.com through the BROWSER
That worked.

So in my software I am logged in using TADVDropbox with the DoAuth / DoConnect constructs as kevinoblack@gmail.com. To verify that, here are details of the user account:

Account Details:
UID:    dbid:AACxNKFBwskEDI8hcocOTynDY7cgveF6c2M
Dispaly name :    Kevin Black
Given name:    Kevin
Surname:    Black
Familiar Name:    Kevin
Abbreviated Name:    KB
Email Verified:    true
Disabled:    false
Country:    AU

I then perform a ADVDropbox1.Logout, this SHOULD logout the current user (again, no documentation so I cannot confirm this is the intent) of kevinoblack@gmail.com.

According to the non-existent documentation:
  1. This should perform an 'https://www.dropbox.com/logout'
  2. Since technically I am logged in as kevinoblack@gmail.com, that account should be logged out
  3. I go to a browser and user kevinoblack@gmail is still logged in
  4. the files are accessible through the browser
So my question is, if ADVDropbox1.Logout sends 'https://www.dropbox.com/logout' WHY AM I STILL LOGGED IN?

Can you please explain how this is supposed to work?

Thank you,
Kevin

ADVDropbox.Logout works at the level of the component using the REST API to get access to DropBox files and this is unrelated to a login/logout scenario in a separate browser instance.

When you perform logout, it should forget about your access token and when you want to perform the AdvDropbox.Connect to get access to your files again, prompt again for authentication & authorization (and thus allow to login with a different acocunt to authorize a different user)

Bruno,

Thanks, that sort of clears up what is SUPPOSED to happen.

WRT the behaviour, the logout function supposedly send an https://www.dropbox.com/logout.

In my case it appears to do nothing at all. I would assume if I had an INI file with the tokens, then it should remove those tokens and / or revoke the tokens (I don't know if  https://www.dropbox.com/logout calls the API V2 Revoke endpoint). I can confidently say that after calling ADVDropbox1.Logout:
  1. The Access and Auth tokens are still in the INI File
  2. When I re-run the application I AM NOT PROMPTED FOR CREDENTIALS
  3. I can still access all of the properties of ADVDropbox1 for the user that was supposedly logged out
In the simplest test, if I perfumed a ADVDropbox.logout I should be forced to log back in at the next session?

For clarity, here is my sign-in code:

procedure TfTest.Button18Click(Sender: TObject);
var
  isConnected: boolean;

begin
  try
    try
      // Signin
      AdvDropBox1.ExternalBrowser := True;

      if AdvDropBox1.Connect then
        showmessage('Conncted is TRUE')
      else
        showmessage('Conncted is FALSE') ;

      isConnected := AdvDropBox1.TestTokens;
      if not(isConnected) then
      begin
        aNotification.Title := 'No INI file with Credentials';
        aNotification.AlertBody := 'You need to authorise Dropbox';
        aNotificationCentre.PresentNotification(aNotification);
      end
      else
      begin
        AdvDropBox1.GetAccountInfo;
      end;
    except
      on E: Exception do
      begin
        ShowMessage('Error trying to Connect: ' + E.Message);
      end;
    end;
  finally

  end;
end;

Here's the sign-out code:

procedure TfTest.Button19Click(Sender: TObject);
begin
   // Dropbox logout
  AdvDropbox1.Logout;

end;

And here's the INI File section that never gets edited by Logout, ie. those encrypted credentials remain.

[EMPSecure]
ACCESS_TOKEN=VF/XO1SFN+e6tO4kRjI3PqfZMzBoqtUZXxF4+dn77oaN0kfMoFjZsBP6Yl2qtf13RK74wsT+QYS39BLj392lWD
AUTH_TOKEN=VF/XO1SFN+e6tO4kRjI3PqfZMzBo28gQJqRcj0mdhtU3Gzp8isZWxRKpPD
ACCESS_TOKEN_SECRET=
AUTH_TOKEN_SECRET=
REFRESH_TOKEN=
EXTRA_DATA=

If I were to simply delete the INIFILE entries for ACCESS_TOKEN and AUTH_TOKEN, would that have the desired effect and / or how can I get ADVDropbox1.Logout to actually do as it is supposed to?

Thanks,
Kevin

Calling AdvDropBox.Logout does not clear stored tokens.

This is by design.
If you want to clear stored tokens, call AdvDropBox.ClearTokens;