raucao
commented
3 years ago Thanks for the suggestion. The problem with this is that the idea of remoteStorage-enabled apps is that you can use the same data from different apps. However, Dropbox and Google Drive do not allow other apps to access Webmarks data when using the app access permission. This means no other app can access or write your bookmarks in that case.
With remoteStorage, which is what this app is mostly made for, there is a better permission model: Webmarks, and other apps wanting to access bookmarks, can request access (full or read-only) to only the bookmarks folder, without being able to access other data in your storage.
I'm wondering if I could create two different OAuth apps for the providers with insufficient permission models. One with global access, so that you can use different apps with the same data, and one with single-app access, for people who are not interested in accessing their bookmarks in any other app or browser extension. This would also need some changes in the widget and the remoteStorage.js configuration code.
The other option is to always use single-app access for Dropbox and GDrive, and tell people about the limitation. Then they can choose to switch to a remoteStorage account for a good reason.
Current implementation requires granting access to all files in your Dropbox.
If "app access" is used, application is restricted to a single Dropbox directory, without any access to files outside it.
Granting so much access might be a bit scary sometimes and app access gives users better peace of mind.
https://www.dropbox.com/developers/reference/developer-guide