widget. First you have to anticipate a potentially hostile environment in which
of global classes (for example,
Array.prototype.toJSON), so you have to
program defensively and not assume that these functions will be available or
function as normal.
One area that the authors only briefly touch on but which is of interest to myself is that of a user authenticating with a third-party widget. With OAuth2 it should be possible for a third-party widget to redirect the user to a login page and then get an access token that can be used to make requests to a third-party service on the user’s behalf. This would allow embedding the user interface of a third-party service into any other website. For example, for Airavata, we could develop a widget for creating and monitoring computational experiments that other science gateway web applications could embed.