Wrapping up packaging an Jive App, PP and Jive Anywhere Cartridge as an add-on, there are a few things I noticed, that maybe the Jive team could clarify or at least comment on:
Missing parameters during registration call
The Getting Started > Building a Jive Add-On (ric.goell,Ryan Rutan) document mentions the code and scope attribute parameters that should be part of the add on registration callback. On 126.96.36.199 c1 (latest cloud release) these do not get sent.
Here is an example of a registration call from the latest Jive Cloud version:
Do I assume correctly that we validate the signature without them?
The registration call does not seem to send user information
One thing I would like to do, is set up the person that installs the addon as an administrator for the app in our backend service. The user Id is not being sent as part of the request. It would make the process a lot easier
Determine whether the add-on is installed for all users or an individual
In relation to the previous post: Can I distinguish between the two ways an addon is installed. If somebody without admin permissions installs the addon for themselves I would not want to grant them global rights.
No signed fetch for Tile Configuration dialog
The get request for the HTML for the tile configuration dialog does not include a signature/user it. REST calls made from there are signed. Would rate this as an inconsistency/annoyance.
Extended properties not consistently available within Addon
No shared extended properties between JA cartridge and app that are part of the same addon. I haven't thoroughly tested this. Here is the scenario. I create Jive content from a Jive Anywhere cartridge and add some extended properties to it. Even though my App is part of the same addon (and this share the same client ID, I would assume), I cannot seem to access the extended properties for that content from my App.sagi.eliyahu mark.weitzel
Inconsistent use of client secret
Some operations require that the .s the client secret ends with is stripped out (signed fetch validation is one), other operations require the .s to be send (Oauth token retrieval).
Documentation for request signature validation
Yes, this is easily done by looking at the sdk source and Oauth documentation, but some more detailed information / samples would be nice.
Documentation for Webhooks
Webhooks seems to be awesome, but it's hard to figure out what they actually do, and how to use them from the existing documentation.