In sharing a web plugin with a team, do we need to “wrap” Miro REST calls on our application server (e.g. within a Node.js server), sending the authorization in the header for each service call?
Or can our plugin code remain as it is? Currently, our test plugin makes use of code like this, using the Miro API that gets loaded automatically in the context of the plugin:
Without OAuth, this works for the user who created and installed the plugin. However, though other team members can invoke the plugin, they don’t have the authorization for this command to work.
Basically, I’m wondering whether, for “web plugins” specifically, the OAuth flow is meant for a one-time installation by each team member, or whether the authentication has to be managed for each user every time they are using the plugin and/or whenever a specific Miro API is called.
Best answer by Boris BorodyanskyView original