WebAPI/WebSocketOverApps: Difference between revisions

Line 47: Line 47:


The tokenss must be some kind of opaque data that can not be passed to other Apps, only valid for the app it-self.  For security reason, the tokens should not be reversed to the server Apps, so the token holder can not tell what app it connect to by a token.
The tokenss must be some kind of opaque data that can not be passed to other Apps, only valid for the app it-self.  For security reason, the tokens should not be reversed to the server Apps, so the token holder can not tell what app it connect to by a token.
With tokens, the app can by-pass the permission checking that defined in the manifest.  But, with permission checking of application choosers, an App can access only limited Apps.


== Use Case ==
== Use Case ==
Confirmed users
398

edits