Hi! I am experimenting with creating an app that as part of its job shows the user some content from their Coda space. Say a table. The API for accessing that is clear, but the authentication piece is confusing to me. Ideally I would love to have an OAuth2 integration, where I register with Coda, get the user’s consent and access the document without storing any user secret. From what I’m reading, however, that is currently only available for packs, and the way it works is that Coda defers the authentication part to the vendor (say todoist).
Am I misunderstanding or is the only way for my use-case to work currently is for every user to store their secret key with me?
Your application would be to collect those tokens from your users and store them to later use. We don’t support OAuth2 currently, but even if we did you would need to store a user’s access tokens and refresh tokens, so the storage part is pretty similar.
When you write a Coda Pack you as the Pack maker don’t have to worry about the storing the credentials, but only because the Packs infrastructure does it for you. When you are writing your own application outside of Coda you’ll need to do it yourself.
