- From: Adrian Hope-Bailie <notifications@github.com>
- Date: Wed, 25 Jan 2017 00:16:17 -0800
- To: w3c/webpayments-payment-apps-api <webpayments-payment-apps-api@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/webpayments-payment-apps-api/issues/95/275045445@github.com>
@marcoscaceres said: > Additionally, developers should be able to add, remove, etc. whatever payment methods they want in coordination with the end-user. I think this is the crux of the confusion. Let me attempt to unpack a bit and see if we can all get on the same page... I hear @marcoscaceres suggesting something like the following. A user, Bob, browses to his bank's website: https://bigbank.com. That website has a `<link rel='manifest'>` tag in the page he visits which is picked up by the browser which follows the steps to register a web app as defined in the app manifest spec. Part of that process is installing a Service Worker which, when it registers itself attempts to add event listeners for `canMakePayment` and `paymentRequest` events. When it does this the browser asks Bob if he grants permission for https://bigbank.com to `Handle Payment Requests` (or some more user friendly string). Bob grants permission and the Service Worker registration completes but has not registered any payment methods. Bob log's into https://bigbank.com so he now has an authenticated session. At this point the Service Worker is able to see that Bob has two visa cards linked to his account and it attempts to add `basic-card` as a supported payment methods by calling some method on the new API. **Q1: Does the Bob need to consent to this or is the fact that Bob gave https://bigbank.com permission to handle payments allow it to:** * **Install as many Service Workers as it wants that have event handlers for `canMakePayment` and `paymentRequest`** * **Add and remove supported payment methods at will** Bob is also a customer of Big Bank's business banking. He logs out of his personal online banking profile and logs into his business banking profile. (or he just goes to the other site and the banks SSO system keeps him logged in, it's not really relevant, the point is there are two different apps from the same origin) A **new** app manifest is linked in this new page which points to a **new** Service Worker with different scope to the first but still the origin https://bigbank.com. The browser installs this without prompting Bob because this origin already has the required permissions. This new Service Worker sees that Bob has a China Union Pay business banking card on his profile and also registers the fact that it can handle the `basic-card` payment method. Next Bob goes shopping online and when he checks out the website calls the `PaymentRequest` API with `basic-card` support listed in it's accepted methods. Our goal is that Bob is prompted with 3 options here, his two personal cards and his business card however his browser only processed two manifests and so only has icons and labels for the apps not for the instruments/options. **Q2: When the Service Worker adds or removes methods does it provide an icon and label? If so how can we do this without duplicating what is already in the manifest of the app.** -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/webpayments-payment-apps-api/issues/95#issuecomment-275045445
Received on Wednesday, 25 January 2017 08:17:24 UTC