Custom ui resolver callback context element, licensing information

UdoHagemannDecadisAG · June 16, 2021, 2:26pm

According to https://developer.atlassian.com/platform/forge/runtime-reference/custom-ui-resolver/#arguments we can seem to expect licensing information for production environments in the context element of the callback argument, is that correct?
If so, will the licensing information appear as a property context.license.isActive of type boolean as well?

XavierCaron · June 16, 2021, 11:27pm

Hi @UdoHagemannDecadisAG

Thanks for reaching out.

Your assumption is correct, you should be able to write something like the following snippet:

import Resolver from "@forge/resolver";

const resolver = new Resolver();

resolver.define("checkLicense", ({ context }) => {
  return context.license && context.license.isActive;
});

export const handler = resolver.checkLicense();

Hope this helps.

nhac.tat.nguyen · April 28, 2022, 9:03am

Hi @XavierCaron,

I’m wondering if we can check the license directly from the client-side (Custom UI) instead of invoking a Backend Resolver. As I see in the example, the context variable is sent from the client-side.

It would be nicer if we can directly read it right in the Custom UI component using @forge/bridge.

import { view } from '@forge/bridge';

const context = await view.getContext();
const isLicensed = !!context.license?.isActive

XavierCaron · May 1, 2022, 11:41pm

Hi @nhac.tat.nguyen

You are correct, it is a nicer way to get it as it bypasses calling a backend function.

The context returned by the view.getContext() should already provide the license object and therefore, your above snippet should work.

Let me know if you face any issue.

Thanks,
Xavier

UdoHagemannDecadisAG · May 2, 2022, 10:17am

Hi @XavierCaron,

does this mean that the constraint imposed by app context security on forge is gone?
We understood that, for security reasons, one should not rely on the results of getContext, since it “is not guaranteed to be secure, unalterable, and valid to be used for authorization”.

Thanks for clarifying!
Cheers, Udo

XavierCaron · May 3, 2022, 11:36pm

Hi @UdoHagemannDecadisAG

You are correct, the constraint is still in place and one should not rely on the Custom UI view.getContext content for authorization purposes.

However, one should be able to use those fields for display purposes (ie, show / hide element based on license value).

Hope this clarifies it.

Cheers,
Xavier