![]() ![]() Once selected, there is nothing that prevents the SmartApp from accessing all of the commands that the device in question offers. I’m almost embarrassed at how speculative the above description is let’s say it is firmly only an untested, and certainly unproven, theory that I hope is easily, but thoroughly, disproven. The second case is slightly more likely to be a problem because a SmartApp could copy the Device reference (not just Device.id) into its own state map and possibly share or pass it around, even if the user subsequently de-authorizes (“un-checks”) a Device Instance by updating the Preferences in an existing installed SmartApp. Device.id alone would be a weak key / object reference. The former case would be really bad and unlikely and easy to verify. Access is via the Device Object Instances… But are those possibly accessible by unhashed global account level device.id or some other reference? I’m not certain that the authorized Devices are “secured”, however. Multiple instances of the same SmartApp each have their own storage for state and settings, so can’t directly “steal” it from any other SmartApp or SmartApp instance. ![]() I am going out on a limb here, but I want to see if someone corrects me if I’m wrong…įirstly… Yes… The Preferences screen (whether in the mobile App or presented during web authentication) is the “only” way that a SmartApp gets authorized to individual Device Instances (or Lists of Devices of the same Capability), and stored in settings Map variable of scope to the SmartApp instances. Is there is a screen for a regular smartapp that lets the user decide that the app only can talk to X and Y but not Z My second question is whether such a screen that enables user to authorize what a smartapp can do is presented during installation of a regular smartapp? For example, suppose a SmartApp asks for ability to talk to device X, Y and Z. ![]() Is there is a screen for a regular smartapp that lets the user decide that the app only can talk to X and Y but not Z or is it that the app gets permission to access everything it asks for (a la android) What happens when there are 2 different external entities that are using the same smartapp webservice but the user authorizes different permissions for each? Are there multiple copies of the smart app executing in different security contexts? Presumably, this set of authorized actions comes directly from the user interacting with the UI. The doc says that the smartapp executes in a “special security context” where only authorized actions are allowed to happen. I’m reading how a SmartApp is exposed as a web service and how the user must grant permission to the external entity that wants to communicate with the services offered by the SmartApp
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |