Description
While I was working on eclipse-thingweb/node-wot#201 I found that the oAuth2.0 code flow might require some structural changes to Scripts and Scripting API.
In particular, the flow expects that the client should redirect the user using a user-agent to a login/consent page and later obtain the access token with redirection. Consequently, a binding implementation that supports this flow should stop the current script, redirect the user, wait for the answer, and resume. Those operations could happen every time a Property/Action/Event with that security schema is used.
This means that:
-
A Script may be stopped/put in the background until the user consent giving the access to his resources. Therefore, it might be another use-case for the specification of script management.
-
A developer might want to trigger the security initialization at will using API so that it can provide a linear UX (i.e. create a login button and do not prompt the user only when it uses some underline property/action/event)
Further, details can be found on the PR page liked above.