When creating solutions to businesses, there is a need to do something called ‘Account Linking’ using some OAuth2 type of solution. An example is how Amazon Alexa skills can be linked from each person’s Amazon account to a skill created by another business. This is imperative in order to retrieve customer specific data, in a secure way, from another company’s platform. If Zapworks has a different method for account linking, please kindly provide reference to it.
I would like to add additional information as a possible (?) work around. I assume it is always possible to request a user to enter his/her account credentials that are stored on the device - as explained in the ‘Storing Persistent Data’ documentation section. This however does not sound very secure.
Hi!
Thanks for getting in touch. You’re correct - the persistent data storage (i.e. Z.device.store(…) Z.device.retrieve(…)) is not designed to store credentials, or other secrets. Its purpose is to remember small items of state related to the user experience, i.e. their current top score.
We’d currently recommend that any flow that requires user authentication take place in a web view, which you can launch using Z.device.launchUrl(…). The web view is provided by the operating system and comes with the usual security guarantees of a web environment.
Let us know if that answers your question! Worth saying that we can work on bespoke solutions with you where there’s a specific piece of functionality that requires integration with other services. If you’d like to discuss this further just drop us an email at support@zappar.com.
Cheers,
Connell