I’ve been playing with Sheets this afternoon, and the first thing which struck me is the use of an encrypted user payload, rather than a request signature like all the other flows.
It’s extra leg-work to decrypt and verify the user, especially when we already have a different mechanism for handling configuration/initialisation/canvases, which we now can’t reuse.
What’s the reasoning behind this? Are there specific benefits to doing it this way?
Look forward to learning more.