Open urakagi opened 7 years ago
Could you explain more precisely what you mean by “subscription”? Could your use case be handled with (perhaps some refinement of) notifications which go to email instead?
We made a piping app accessing another website, using Sandstorm's authorization mechanism. In this case, that site is not able to notify a Sandstorm user. Also, if I make a questionnaire app allowing anonymous users, this feature can let logged user save the action to input e-mail address.
We made a piping app accessing another website, using Sandstorm's authorization mechanism. In this case, that site is not able to notify a Sandstorm user.
For this use case, it sounds like what you really want is to be able to delegate the ability to send notifications to some external service that expects an email address. It would still be desirable to avoid needing to give the app access to the user's real email address. Here's an alternate solution: we could add the ability to generate capability email addresses, much like the URLs we already generate (e.g. share links). If you have some existing service that expects to send email, you could give it a capability email, and then have sandstorm forward those messages on to the user. Advantages of this approach:
Also, if I make a questionnaire app allowing anonymous users, this feature can let logged user save the action to input e-mail address.
I'm not entirely sure I follow on this one?
Sure, it sounds greater than just sending users' plain e-mail address. But it requires much more effort, I guess. For the second case, the point is "This app can be used anonymously on Sandstorm, but Sandstorm app still need a way to contact anonymous users". An easy way is to require user input their e-mail, and if the user is logged in, system can prefill the e-mail address automatically.
@urakagi Sandstorm is essentially designed with the assumption that apps might be malicious (or untrustworthy). So what you're proposing amounts to a pretty big privacy concern.
Security requires more effort, yes. But that isn't a bad thing.
I'm envisioning a flow like this:
@kentonv, how much work do you think that would actually be?
EDIT: Obviously, the only bit that actually needs to be done is the last bullet.
@urakagi has an usual use case where he's basically running a proxy that serves an app hosted on an external server. That external server already has the capability to send its own e-mail, so just getting addresses would be sufficient.
We already have an API by which apps can ask for the user's verified email address via the Powerbox -- the VerifiedEmail API.
It does require an extra click -- the app invokes the powerbox, from which the user can choose among their verified addresses. The address they choose is given to the app. The design is such that the app can check with Sandstorm that the e-mail really is verified.
It sounds like this functionality actually already exists, via the VerifiedEmail api. Should we close?
We can, though it probably should be documented in Docs somewhere at some point.
When building an app with subscription feature, we usually need every user's e-mail address. In this case, if the app is able to get the user's e-mail address automatically, user experience will be much better. A pure-web interface to do this will be great.