You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* Refine plugin system documentation for clarity and consistency
* Enhance authentication section in plugin documentation for clarity
* Refine plugin documentation for clarity and completeness, including YAML configuration and token handling details.
* Added code snippets from Frontend side
---------
Co-authored-by: Emanuel <[email protected]>
The plugin system enables services to expose an embedded UI inside Deployment Details (rendered as an iframe), and optionally add a shortcut in the environment’s left sidebar. Managed services populate these fields automatically via the Managed Framework; Non‑managed services can be configured in the yaml.
3
+
The plugin system enables services to expose an embedded UI inside Deployment Details (rendered as an iframe), and optionally add a shortcut in the environment’s left sidebar.
4
+
5
+
Managed services may populate these plugin properties automatically via the Managed Framework, and you can always override them explicitly in YAML.
6
+
7
+
Non-managed services can also define these properties in YAML, making any deployment behave like a plugin without being a managed service.
* Provide basic authentication integration with Quix Cloud so publicly exposed services don’t require a separate login
20
+
21
+
## YAML configuration
16
22
17
23
In your deployment YAML, you can enable the embedded UI and, optionally, a sidebar item:
18
24
@@ -28,14 +34,117 @@ plugin:
28
34
29
35
Notes
30
36
31
-
- plugin.embeddedView: boolean. true → FE renders embedded UI.
32
-
- plugin.sidebarItem: optional object configuring the Environment’s left sidebar item.
37
+
* plugin.embeddedView: boolean. true → FE renders embedded UI.
38
+
* plugin.sidebarItem: optional object configuring the Environment’s left sidebar item.
39
+
40
+
## Embedded view URL
41
+
42
+
When the plugin feature is enabled, the deployment exposes a public URL dedicated to the embedded UI. The Portal uses this URL to load the embedded view inside the iframe when `embeddedView` is enabled. This URL is not set in YAML; it’s exposed by the API.
43
+
44
+
Population rules:
45
+
46
+
* Managed service → Derived from Managed Services conventions.
47
+
* Non-managed service → Requires `publicAccess` to be enabled; resolves from the deployment’s public URL.
48
+
49
+
## Authentication and authorization
50
+
51
+
The embedded view inherits authentication and authorization from the Quix platform: no separate login is required, and the same user/environment permissions apply.
52
+
When an embedded view loads, the Plugin system injects the Quix user token into the iframe. The UI uses this token to call the backend securely.
33
53
34
-
## Public Url
54
+
### How the token is injected in the embedded view
35
55
36
-
- Managed service → derived from Managed Services internal conventions.
37
-
- Non‑managed service → uses the deployment’s publicUrl.
56
+
On initial load of the embedded view (and on reload), the Portal provides the user token to the iframe so the UI can authenticate calls to the backend.
57
+
58
+
#### Frontend token exchange (postMessage)
59
+
60
+
The token is passed via `window.postMessage` between the parent (Portal) and the embedded iframe.
61
+
62
+
**Message types**
63
+
64
+
* `REQUEST_AUTH_TOKEN` — sent by the iframe to ask the parent for a token
65
+
* `AUTH_TOKEN` — sent by the parent with `{ token: string }`
The embedded view inherits authentication and authorization from the main platform. No separate login is required, and the same user/environment permissions apply to the emmbedded view.
89
+
```ts
90
+
// Listen for requests from the target iframe
91
+
function messageHandler(event: MessageEvent) {
92
+
const { origin, data } = event;
93
+
94
+
// Ensure the origin matches the iframe URL you expect
0 commit comments