Maybe @joshuef can answer a couple of quick questions…
Is it feasible to create a third party plugin or extension for SAFE Browser that an end user could download and install much like a Firefox plugin?
Could such a plugin request SAFE authorisation, ideally upon login to SAFE?
is there a good place to start with learning how to make one, perhaps a code example you looked at? I have have only scratched the surface, so anything off the top of your head that might help me locate something. The beaker docs seem focussed on web APIs, p2p web/.dat apps, so its not obvious where to start looking for this.
I think such a thing is certainly feasible in electron in general. (And indeed, Brave has them)
I’m not sure how easy it would be to get the needed functionality / sandboxing into beaker. But I think it’s something that we should look to at some point down the line.
Could they request auth? I think so yep. Would be similar to any other JS/node process (as I understand chrome plugins), so could do a request in a similar fashion.
As we don’t have anything builtin/setup for this sort of third party code inclusion yet, not sure where to start to be honest. (Yeh, beaker is far too focussed there, IMO).
Maybe the most useful thing is to think what you’re prevented from doing as things stand? What do you need from a plugin? ( what you can’t do as a webapp?) And then we can start thinking about how such things might be implemented…
Thanks @joshuef, for me that’s a no then at least as things stand, but this is a good segway…
Let me describe what lead me to want a plugin. Pretty simple and I think a good case for a plugin, unless you know better
Let’s say I have several SAFE accounts. I use one for X, another for Y etc. so it’s helpful for me to be reminded which one I’m logged into. I can think of other things such a plugin might do, but let’s just say it does this:
it displays a toolbar button, by default it says “Logged out”, or “Logged in”
if you click on it (or edit preferences) you can specify a name for the account, and the plugin stores this within the account as part of its app specific data
when you log into an account, the plugin looks to see if there is a name stored, and if so, displays this on the button as “Logging into ‘name’”
The reason for using a plugin here is so it is available without visiting a URL or having a tab open, by default, unless you know another way
The uses for such a plugin could be more than just storing a name, but I think this illustrates a use case that could be handled by a plugin. Alternatively, this feature could be made part of the SAFE Browser instead, but there will no doubt be other things which won’t ever be built in, and better probably to keep the browser minimalist in general anyway.
The discussion he points to is worth reading, but in summary rather than allowing extensions which are hard to keep secure, they plan to build a couple of special cases into the browser (ad blocking and password management) and handle everything else with installable Web apps.
My impression is that the latter are easier to secure, needing less powerful API features, plus beaker will give the user control at install time by explicit granting API access in a granular fashion (a bit like SAFE Authenticator).
Here’s the spec for that:
So maybe we can use a similar approach for SAFE Browser? It goes further than plugins while eliminating many of their drawbacks, and although still a draft it looks well thought out as well as compatible with the philosophy of SAFEnetwork.
at least as things stand, but this is a good segway…