Accessing the sandstorm "shareable link" from within the App

[rosatolen]

Hi!

We're interested in having functionality in our application to send a link to others. Is there a way to access shareable links? Our usability tests show it would be helpful to serve the link in the workflow of our application.

Thanks, Rosalie

[kentonv]

Hi Rosalie,

Unfortunately, this is more complicated than it may at first appear. We need Sandstorm to be involved in the sharing UX in order to achieve our security guarantees, in particular the guarantee of confinement (which says an app cannot talk to the outside world without the user's permission). If an app can share itself without user interaction, it could create a back door, e.g. to give its developers secret access to the user's data.

(Note that Sandstorm apps currently are intentionally not fully confined -- e.g. we allow apps to send email without explicit permission -- but these holes were added as a short-term hack and we're getting close to removing them.)

So, in order to solve the problem securely, we'll need to improve Sandstorm's sharing UX so that it can fit more smoothly into your app workflow while still being controlled by Sandstorm. We have a lot of ideas for how to this.

But first, could you describe in more detail what about the existing sharing UX did not work well in testing? What kind of UX do you want to offer?

[paulproteus]

Hi all,

A few remarks, hopefully quick.

First of all, @kentonv thanks for writing about confinement as a Sandstorm goal. To be clear, though, I don't know that this app needs to send sharing links automatically, maybe merely display them.

If so -- one possible avenue for you @rosatolen -- if the Sandforms app needs to merely display sharing links (rather than actively send them out), you can use "offer templates". To summarize, it's a way for your app to show a sharing link to the user without the app being able to see the contents of the link. (Interestingly, since your app can't see the link, it can't leak it, which addresses @kentonv 's concerns about confinement.)

Take a look at https://docs.sandstorm.io/en/latest/developing/http-apis/#creating-an-offer-template (and make sure to set the forSharing flag) and let me know if that is something you could use.

One other thing -- I know @kentonv will be at tonight's SF meetup so @rosatolen if you happen to be there too, perhaps it's a good topic to discuss IRL. I don't see you on the RSVP list, so maybe you can't make it, in which case, of course we can discuss here on GitHub issues.

[paulproteus]

OK, so I just re-read those docs. One subtlety is there is no clear way to reliably generate a https://sandstorm.example.com/shared/{{token}} link because there's no template variable for https://sandstorm.example.com as far as I can tell. You can work around this by copying the X-Sandstorm-Base-Path HTTP header into the offer template.

Two other paths forward to consider:

• Offer templates can change so that they do provide a template variable for the Sandstorm base URL (https://sandstorm.example.com)
• Sandstorm can grow a new Javascript API function allows an app to specify what kind of sharing link to make, and then drop-down the existing Sandstorm share dialog, to let the user copy-paste a sharing link as usual. (I actually prefer this option.)

Of course I am also interested in learning more about the UX feedback you have. I'm writing these things in an attempt to minimize round-trips by front-loading all the useful information I have for y'all.