Thanks for your answer!
I have this notebook (https://observablehq.com/@norswap/fitbit/2) which is a simple app that can transfer some data from your Fitbit account to a Google Sheet spreadsheet.
The idea is simply to share it, and let users enter their own API keys as secrets.
Some more context on my blog (https://norswap.com/fitbit-google-sheets/) but the part you might be interested in:
I found Observable to be particularly interesting. Of course I could have trivially built the same thing as a local webpage, but Observable makes it easier to share with people and easier to access from other devices (including phones). It’s also nice to be able to do good looking literate programming.
If public notebooks can’t use secrets, then I wonder - what’s the use case? Obviously, avoiding copy/pasting API keys everywhere, but I had thought it was about sharing notebooks where users could plug in their own data from their secrets.
If the latter is the case, I’d recommend creating a private notebook and importing cells from your public, reference notebook, instead of forking it. That should allow you to continue to upgrade the public version, while the private one receives the benefits.
I’m not sure this would work with this being an “app” — I want it ready to use, with the users needing only to input their API keys + some parameters (but at the same time I don’t want to use an input field for the keys, forcing users to input them on each use).
That being said, forking is fine. It’s just that if I make a change, I have to refork it, which is just a very minor annoyance, but I thought I would check to make sure.
I don’t expect this particular notebook will change a whole lot. But I can imagine cases where notebooks would be updated frequently, and it could be cool to let “users” (forkers) know that a newer version of the upstream notebook is available.
PS: I’m hijacking this thread to ask a small question I had — is there a better way to perform OAuth than a redirect to the notebook? I’m not an expert, but Fibit’s implem of Oauth redirects you to something like
<page of your choice>?session_key=XXXX. Is there a way to do that somewhere out of the main window to avoid a reload? (And without hosting a server elsewhere with the sole purpose of reading the URL!) I tried with popups, only to be defeated by CORS protection when tried to pipe to the result back to the main page. I tried to use an iFrame, but I can’t put ObservableHQ pages in a frame (which I suppose there are many good reasons for).