I'm integrating Dropbox support in my application, and to get an access token to a user's account I use their OAuth2 flow. After the user has granted the application access I need the user to be redirected to the same URL it came from. The problem is that a user may come from any of a number of subdomains, and I don't have full control over these subdomains, which means I can't add them all to the redirect URL list in my Dropbox app settings.
I thought I'd solve this by having a general redirect URL under the www subdomain, which in turn would redirect to the correct URL. However, there doesn't seem to be any way to send custom data that Dropbox will include in the redirect URL. I've expermiented with YouTube's OAuth2 API and they allow you to send custom data in a state query parameter, which it will include when redirecting back. But this does not seem to be allowed for Dropbox. Does anyone know whether there is any way to do this?
Thanks
If Dropbox doesn't honor the
stateparameter (and violates the spec doing so) the only alternative is to make sure the custom domains redirect to the general domain as well before kicking off authentication towards Dropbox, and then store the custom URL in a cookie that resides on the same general domain as the redirect URL. You can then pickup the state/custom URL from the cookie on return from Dropbox.