Re: [w3c/webpayments-payment-apps-api] Add explicit permission call to allow payment app to handle payments (#94) from Marcos Cáceres on 2017-01-27 (public-webpayments-specs@w3.org from January 2017)

From: Marcos Cáceres <notifications@github.com>
Date: Thu, 26 Jan 2017 22:54:00 -0800
To: w3c/webpayments-payment-apps-api <webpayments-payment-apps-api@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/webpayments-payment-apps-api/issues/94/275600989@github.com>

Ok, so considering all feedback thus far, I want to avoid asking for permissions on multiple instances (because it leads to redundant code, like):

```JS
// Only the first one matters... so second third line is just code duplication.
Promise.all([
  sw1.paymentManager.requestPermission(),
  sw2.paymentManager.requestPermission(),
]).then()
```

Also, I don't know if the app should be allowed to revoke its permission (through some kind on `.unregister()`). That's been [really controversial](https://github.com/w3c/permissions/issues/46), and more of less rejected in permission API discussions (I had to pref that off in Gecko). 

So how about... 

### Permission can only be triggered via user interaction:

![screenshot 2017-01-27 17 20 55](https://cloud.githubusercontent.com/assets/870154/22362255/6c7daa20-e4b5-11e6-8325-73b2f0296693.png)

The user MUST activate the element, in this case a button.

### Getting permission
So, "Let's get permission"... but this this time, using `PaymentManager.requestPermission()` - similarly how Web Notifications does things.

```JS
button.addEventListener("click", async () => {
  let permCheck;
  try {
    permCheck = await navigator.permissions.query({ name: "payments" });
  } catch (err) {
    return; // not supported
  }
  const canProceed = await permissionsCheck(permCheck);
  if (!canProceed) {
    return; // we got denied.
  }
  weCanDoStuff(); // Yay!
}, { once: true });

async function permissionsCheck({ state }) {
  switch (state) {
    case "prompt":
      const result = await PaymentManager.requestPermission();
      return await permissionsCheck(Promise.resolve({ state: result }));
    case "granted":
      return true;
    default:
      return false;
  }
}
```

### Proposed IDL

```JS
interface PaymentManager {
  static Promise<PermissionState> requestPermission();
};
```


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments-payment-apps-api/issues/94#issuecomment-275600989

Received on Friday, 27 January 2017 06:54:32 UTC