I’m reading how a SmartApp is exposed as a web service and how the user must grant permission to the external entity that wants to communicate with the services offered by the SmartApp
the doc says that the smartapp executes in a “special security context” where only authorized actions are allowed to happen. Presumably, this set of authorized actions comes directly from the user interacting with the UI.
What happens when there are 2 different external entities that are using the same smartapp webservice but the user authorizes different permissions for each? Are there multiple copies of the smart app executing in different security contexts?
My second question is whether such a screen that enables user to authorize what a smartapp can do is presented during installation of a regular smartapp? For example, suppose a SmartApp asks for ability to talk to device X, Y and Z. Is there is a screen for a regular smartapp that lets the user decide that the app only can talk to X and Y but not Z or is it that the app gets permission to access everything it asks for (a la android)