(Play video) (Note the name of BT4WA was another when the video was recorded)
Terminology
Controlled (web-) app, Controlled site or CONTROLLEDDOMAIN
The web app that the location is sent to.
App, BT4WA or RemoteControl
backgroundTracker4WebApps
How does the BT4WA work more exactly
BT4WA consists of a list of "uri+key". The user can add/delete entries of this list (see video).
The controlled site provides the "uri+key" which should look like this:
The querystring consist of one variable dataFromRemoteControl which in turn contains a json encoded object with the following variables:
keyRemoteControl
A 128 bit key in the form of 32 hex letters (0-f). It is used to recognize that the request comes from a valid sender (valid user of BT4WA).
iSeq
A sequence number that counts upwards. To prevent replay attacks. (not really needed since TLS prevents replay attacks (so it will be removed in the future))
boCheck
True: if the request is just to check the status.
False: for other cases (see below)
boShow
True: Make the user visible on the controlled site.
False: Make the user hidden on the controlled site.
lat
latitude
lng
longitude
hideTimer
Number of seconds till the user should be automatically hidden.
(will be renamed hideTimerResetValue in the future)
boSetTHide
True: The request comes as a result of the user hitting "On"
The controlled app should "push" the hide time forward (with the value hideTimerResetValue)
False: The request comes as a result of BT4WAs automatic (background) update
The controlled app should NOT push the hide time forward.
(will be renamed boSetHideTimer in the future)
What should the controlled site return
A string whose first 200 characters are displayed in BT4WA.
If the string starts with "Visible" the string is colored green.
If the string starts with "Hidden" the string is colored red.
Otherwise the string is colored black.
Other
One could say that BT4WA is a workaround for as long as geolocation (in web apps) doesn't work in service workers.