Raw deeplinks
grctest opened this issue · comments
Is your feature request related to a problem? Please describe.
Currently the TOTP deeplinks which use the beet://
protocol require the user handle a pass code which is used to encrypt the deeplink, providing protection against click-jacking.
If however you wish to parse the contents of the URL prior to clicking it, its' payload is encrypted so you cannot easily do so.
Describe the solution you'd like
Create a 'Raw beetlink' page, identical to TOTP minus the need for a timed passcode and without payload encryption. This would enable the manual construction of deeplinks without the use of a 3rd party app as well as enable interrogation of deeplink payload prior to clicking it.
The click-jacking risk would still be offset somewhat by the necessity of having the raw beetlink page open, otherwise the request is rejected, similar to the TOTP page, so it's not irresponsible to implement this feature.
We could either include an unencrypted field in the deeplink like ?raw=true
to indicate it's unencrypted raw beetlink instead of a TOTP clicked link, or we could use a new protocol like rawbeet://
Describe alternatives you've considered
Use QR codes if timed codes are annoying
Check console logs in 3rd party app for request contents prior to clicking deeplinks
Additional context
Implementation would be a copy/paste of TOTP with fewer lines of code.
merged into develop branch