ripple / ripple-client

A UI for the Ripple payment network built using web technologies
ISC License
1.34k stars 494 forks source link

Need documentation for 3rd parties to implement URI support. #531

Closed ahbritto closed 11 years ago

ahbritto commented 11 years ago

This documentation needs to be completed for gateway's to serve the client:

https://ripple.com/wiki/Ripple_URIs#Examples

justmoon commented 11 years ago

Third parties do not need to do anything special, but we need to define a way for users to define their preference which client ripple.com// should redirect to. Setting this preference would then be a feature built into the client.

The basic protocol is:

1) Client queries ripple.com// to find out what the user's default client is set to. 2) If the default client currently set does not match the client's base URL, it shows a "Would you like to make this client your default Ripple client?" "Yes/No/Don't ask again" - maybe as a bar across the top. Similar to the way that users are setting their default browser (which is also a URI handler preference.) 3) If the user chooses to set the client as default, the client will send the user to a URL (maybe in a popup or iframe) like ripple.com//set?base=http://acme.com/rippleclient which will show a confirmation dialog like "Do you want to make acme.com your default Ripple client?"

Currently ripple.com// is a static redirect. It would have to be replaced with a web app. My feeling is that a simple PHP script hosted on the same server as the website would hold us over until we can have a dedicated server for it.

Side note: I have a gut feeling that there should be a better way than URI schemes. URI schemes give too much power to the untrusted third party, which enables phishing. It also doesn't scale well to multiple users on one computer, using temporary computers (internet cafe) or using a wallet running on a smartphone or hardware wallet.

The direction I'm thinking in is that you could give the merchant your Ripple global nickname (once there is one) and the merchant would send you an invoice that you can confirm after logging in with any Ripple client anywhere. That way there is no setup, significantly less potential for phising and you can easily cross the device boundary. There are still a lot of details to work out though and we pretty much need global nicknames for this to work, so I reckon the Ripple URI will have to hold us a over for a while.