Proposal for zApp communication #2750
Conversation
There was a problem hiding this comment.
I think this is a good approach. The manifest concept provides a good foundation for future expansion while addressing immediate needs for AURA.
The authentication approach makes sense as a starting point, though I agree a proper scopes/claims system would be better long-term. For now, passing the access token to trusted apps is pragmatic.
The full-viewport iframe feature will definitely help make integrated apps feel more native within zOS.
This reverts commit a9095ad.
|
I decided that it'd be best to keep the manifest inside of zOS for now instead of having the app pass it in. Things are still very coupled at this point so no reason to complicate it. There is one more change to make around getting the token and passing it, but getting close to having this ready |
What does this do?
Extend the capabilities of zApps so that we can have more complex interactions between zOS and zApps
Why are we making this change?
We have a new app being built outside of zOS that'll need new capabilities
How do I test this?
Key decisions and Risk Assessment:
Things to consider:
- Sharing the original access token across apps isn't an appropriate solution for apps that are written by third parties, so we'll need to use a strict white list for what apps can use this functionality. In the future we can implement a new token system where apps can request certain permissions and the user can agree to those permissions.