i'm looking correct, secure way store credentials third party api in outlook add-in. this overview of different storage options says not store credentials in settings, not put them, assumed roamingsettings okay. ran this page information roamingsettings, says not right location either.
the question becomes: is right place? should build own storage solution , store/encrypt credentials in file or cookie? not feel secure either, since talking web app running in iframe.
i assume cannot implement authorization scheme (token based, cookies etc.) api , stuck basic authentication , its issues. if using asp.net, samples available easy add authentication scheme more adapted web clients (such office web add-ins).
having said that, me best option use html5 storage or cookie storage (if not implemented browser) store credentials.
the fact app iframed not big deal. storages (html5: sessionstorage/localstorage) rely on domains separation means storage slots put credentials not be visible other apps, living on parent iframe.
you may consider fact may serve web add-ins , apis same domain. both web applications!
Comments
Post a Comment