AnsweredAssumed Answered

Questions - Inconsistencies with add-on/tile registration

Question asked by nilsheuer on Feb 17, 2014
Latest reply on Feb 20, 2014 by nilsheuer

Wrapping up packaging an Jive App, PP and Jive Anywhere Cartridge as an add-on, there are a few things I noticed, that maybe the Jive team could clarify or at least comment on:


Missing parameters during registration call

The Getting Started > Building a Jive Add-On (ric.goell,Ryan Rutan) document mentions the code and scope attribute parameters that should be part of the add on registration callback. On c1 (latest cloud release) these do not get sent.

Here is an example of a registration call from the latest Jive Cloud version:

"tenantId": "ec5ae235-7f05-4fe2dsafdasfasdfasfsdae",
"jiveSignatureURL": "",
"timestamp": "2014-02-17T14:09:29.435+0000",
"jiveUrl": "",
"jiveSignature": "3sKWp32kwdfsfsafdAGNy+EjpyoSPyTFUt/UhzOYwgdfsfdsFFdjcTKc=",
"clientSecret": "c3besdfaadkmcusfdssafasf00b9w47e3pmrrfglja4.s",
"clientId": "e1rwxd6xcuffdsfsaass39rxs25v58cs.i"

Do I assume correctly that we validate the signature without them?

The registration call does not seem to send user information

One thing I would like to do, is set up the person that installs the addon as an administrator for the app in our backend service. The user Id is not being sent as part of the request. It would make the process a lot easier

Determine whether the add-on is installed for all users or an individual

In relation to the previous post: Can I distinguish between the two ways an addon is installed. If somebody without admin permissions installs the addon for themselves I would not want to grant them global rights.

No signed fetch for Tile Configuration dialog

The get request for the HTML for the tile configuration dialog does not include a signature/user it. REST calls made from there are signed. Would rate this as an inconsistency/annoyance.

Extended properties not consistently available within Addon

No shared extended properties between JA cartridge and app that are part of the same addon. I haven't thoroughly tested this. Here is the scenario. I create Jive content from a Jive Anywhere cartridge and add some extended properties to it. Even though my App is part of the same addon (and this share the same client ID, I would assume), I cannot seem to access the extended properties for that content from my App.sagi.eliyahu mark.weitzel

Inconsistent use of client secret

Some operations require that the .s the client secret ends with is stripped out (signed fetch validation is one), other operations require the .s to be send (Oauth token retrieval).

Documentation for request signature validation

Yes, this is easily done by looking at the sdk source and Oauth documentation, but some more detailed information / samples would be nice.

Documentation for Webhooks

Webhooks seems to be awesome, but it's hard to figure out what they actually do, and how to use them from the existing documentation.