My local high school (secondary school) runs a website that the pupils and their parents can log into. It allows you to see the usual grades and so forth, but also their timetable.
That can be pretty important as they run a 6 day cycle - so if you have a long weekend or a holiday, if even a particularly busy week it can be difficult for some people (particularly my son) to remember what "day" it is at school.
In my case, the project was to allow students (including my son) to synchronize that school provided timetable (which is customized per pupil) with their Google Calendar - which is synchronized to their phone. Many of the kids turn off their data plan, as they are only allowed one device on the school network.
So in my case I wanted to let them log in with their Google Account - give me permission to their Calendar, tell me what their school username and password is (no OAuth there, I encrypt and store) and then I go off and create a calendar and push their timetable into it. And I do that every week, automatically.
Now this had a few challenges:
- I had never worked with OAuth before (or OAuth2 in this case). I had read the book, felt I understood it and then forgot it. +Mark Derricutt and I had done a short stint with the Google provided libraries and found some problems, but I couldn't even find that project.
- I hadn't worked with the Calendar API and that turns out to have some significant quirks
- I wanted to make a mobile first application, it had to look good and work - so I wanted to use Material Design components
- I wanted to run it against an https server
- I needed to see what parts of the start-up framework were "quirky" and needing of cleaning rough edges
Some lessons I learnt from the experience - stuff that will make it into the next +Code Lounge I run with +Irina Benediktovich .
- Busy logic - that there is one or more inflight XHR requests really need to be pulled out into a separate module and just included in every project. It is simply such a useful structural pattern that it simply has to be a module
- The OAuth2 stuff behaved in an unexpected fashion, every single time you go through the "login" process, you get a new token. And if you are starting and stopping your service, the session you get passed is different to the session your request.getSession().getId() provides you - so you have to make special concessions to try and track the user properly
- I still haven't found a way to track a user in an opaque fashion - if they change their primary email address, their account is hosed. I was pretty sure there was a way to do this, but I haven't worried about it too much yet.
- JAWR really hates CSS with embedded SVG images. That took me a while to figure out.
- Make sure your server is running on the correct time zone or ensure you provide a time zone to all constructed DateTime's in your Google APIs.
- It turns out that Chrome on some phones can only search - it ignores any URLs that you type in. It is bizarre and very frustrating!
I may add more to this post as I remember things!