Add explicit permission call to allow payment app to handle payments #94
Comments
|
A pattern more like marcoscaceres/payment-request-handler#2 would be in line with other service worker APIs. |
|
Ok, so considering all feedback thus far, I want to avoid asking for permissions on multiple instances (because it leads to redundant code, like): // Only the first one matters... so second line is just code duplication.
Promise.all([
sw1.paymentManager.requestPermission(),
sw2.paymentManager.requestPermission(),
]).then()Also, I don't know if the app should be allowed to revoke its permission (through some kind on So how about... Permission can only be triggered via user interaction:
The user MUST activate the element, in this case a button. Getting permissionSo, "Let's get permission"... but this this time, using button.addEventListener("click", async () => {
let permCheck;
try {
permCheck = await navigator.permissions.query({ name: "payments" });
} catch (err) {
return; // not supported
}
const canProceed = await permissionsCheck(permCheck);
if (!canProceed) {
return; // we got denied.
}
weCanDoStuff(); // Yay!
}, { once: true });
async function permissionsCheck({ state }) {
switch (state) {
case "prompt":
const result = await PaymentManager.requestPermission();
return await permissionsCheck(Promise.resolve({ state: result }));
case "granted":
return true;
default:
return false;
}
}Proposed IDLinterface PaymentManager {
static Promise<PermissionState> requestPermission();
}; |
|
Here is a solution using Permission API that works nicely with multiple tabs - so if one tab disables the permission, the other tab picks it up. The solution assumes a there is a (async () => {
let permissionObj;
try {
permissionObj = await navigator.permissions.query({ name: "payments" });
} catch (err) {
return; // not supported, bail out!
}
const button = document.getElementById("request-permission");
const clickListener = () => {
window.PaymentManager.requestPermission();
}
const changeListener = () => {
// Monitor other windows/in case the permission changes
if (permissionObj.state === "prompt") {
button.disabled = false;
button.addEventListener("click", clickListener, { once: true });
return;
}
button.disabled = true;
button.removeEventListener("click", clickListener, { once: true });
};
changeListener(); // Show/hid button, based on the state of the permission
permissionObj.addEventListener("change", changeListener);
})(); |
|
@travisleithead, would love to have some input from you on this! (Feel free to ping me for more background.) Ian |
|
@marcoscaceres can you explain where this code would run and what it does? I am confused about why there is a |
Not to speak for @marcoscaceres, but I would expect this code to run on a page on the site that wants to handle payments. It's not something that runs in a service worker from that site, if that's what you're getting at. As for The purpose of this code is so that when a user visits a website that can potentially handle payments, the website may call |
|
So, @dlongley gave a good summary of what I was thinking 👍 My code example would run in a normal Window/page (i.e., not in a service worker). The |
|
Okay, thanks for the confirmation at @marcoscaceres and @dlongley Would it still be possible to explicitly request permission from within a Service Worker registration? i.e. How does p.s. I think we should consider changing |
yeah, that should be ok, I think. My proposed model might not have had that, is all... I don't remember anymore :) |
I'm not sure how that would work, actually -- at least it's not the model other APIs follow. The It seems to me that the main (only?) use case for calling As the service worker runs in the background, when would it run |
|
@dlongley all good points. I was really just probing. I can imagine many use cases where a payment app has no UI but I think you re right that they registration of these would likely still require the user to browse to a page that would expose |
Agreed. It's not really the payment app asking for permission anyway, it's the origin asking for permission to provide payment apps to begin with. |
Exactly. The permission grant has to happen first through some visible tab/window. |
|
@adrianhopebailie asked: "p.s. I think we should consider changing PaymentAppManager to PaymentManager. WDYT? @adamroach , @tommythorsen , @ianbjacobs , @jnormore" Name harmonization sounds good...unless it would cause confusion. (I don't know here.) Ian |
|
Unless there are a lot of pending edits I'll make a quick pass over the whole doc to try and align with our latest thinking around terminology. |
|
That's fine, but if you could do that in the next 4 hours that would be preferred. I had planned to dive in later today with other edits. Ian |
|
@romandev cc |
|
We discussed this briefly on 20 June 2017 and are looking forward to a pull request from Samsung implementers who are experimenting with approaches. |
In the current spec, there is no definition of the requestPermission() method. This change is fixing w3c#94 issue.
* Define requestPermission() behavior. In the current spec, there is no definition of the requestPermission() method. This change is fixing #94 issue. * Addressed all review comments. * Fixed link error of NotAllowedError. * Addressed @ianbjcobs's comment.
|
Closed since PR 180 merged. |
In the current document, the request for permission to install an app occurs implicitly as part of the "setManifest()" processing. This is similar to the way permissions are handled in a host of existing web technologies, such as geolocation and getUserMedia.
The more recent pattern for these kinds of permissions requests (e.g., for push notifications) involves an explicit call to request permission before the action that requires permission is performed.
In @marcoscaceres' payment-request-handler doc, he proposes that the
paymentAppManagerobject include an explicitrequestPermission()method rather than this being an implicit step in setting up a payment app. I think this is an improvement, and would support adding it to the payment-app specification.The text was updated successfully, but these errors were encountered: