Task t5713m/add documentation for the oauth iframe feature

[sivanel97]

User description

Description

Add documentation for the new toggle for pop-up when OAuth needed for protected URLs.

Updated docs pages

• https://docs.port.io/customize-pages-dashboards-and-plugins/dashboards/#iframe-visualization

---

PR Type

Documentation

---

Description

• Add documentation for OAuth iframe pop-up authentication toggle

• Explain URL type configuration (public vs protected)

• Document pop-up behavior and browser requirements

• Improve table formatting and styling

---

Diagram Walkthrough

flowchart LR
  A["Iframe Widget Docs"] --> B["URL Type Section"]
  B --> C["Public URL"]
  B --> D["Protected URL"]
  D --> E["Pop-up Toggle"]
  E --> F["Toggle Off: OAuth in Iframe"]
  E --> G["Toggle On: OAuth in Pop-up"]
  G --> H["Browser Pop-up Settings Info"]

Loading

File Walkthrough

Relevant files

Documentation

dashboards.md Add OAuth iframe pop-up authentication documentation          docs/customize-pages-dashboards-and-plugins/dashboards/dashboards.md Added new "URL type" section explaining public vs protected URL configuration Documented "Use pop-up for authentication URL" toggle behavior for protected URLs Added browser pop-up settings info box with requirements Enhanced iframe image styling with border and border-radius Reformatted widget properties table with improved formatting and line breaks +25/-12

---

[qodo-merge-pro]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
⚪	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Documentation Only: The PR adds documentation changes only, with no application logic to evaluate audit logging of critical actions. Referred Code <img src="/img/software-catalog/widgets/iframeWidget.png" border='1px' style={{borderRadius:'6x'}} /> #### URL type When configuring an **Iframe widget**, you can specify whether the URL is `public` or `protected`. For the `protected` URL type, you can configure how the OAuth authentication flow is handled using the **"Use pop-up for authentication URL"** toggle: - **Toggle off (default)**: The OAuth login flow runs inside the Iframe. - **Toggle on**: The OAuth login flow opens in a separate pop-up window. :::info Browser pop-up settings If you enable the pop-up option, ensure your browser allows pop-ups for the Port app’s domain. If pop-ups are blocked at the browser level, the authentication window will not open and the Iframe widget will fail to load. ::: #### Widget properties | Field | Type |Description | Default | Required | | ------- | -------------- | ---------------- | ------- | -------- | | `Title` | `String` | Iframe widget title | `null` | `true` | | `Icon` | `String` | Iframe widget icon. | `null` | `false` | ... (clipped 8 lines)
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Not Code Changes: The changes are prose and markdown tables; there are no identifiers or code constructs to assess for naming conventions. Referred Code <img src="/img/software-catalog/widgets/iframeWidget.png" border='1px' style={{borderRadius:'6x'}} /> #### URL type When configuring an **Iframe widget**, you can specify whether the URL is `public` or `protected`. For the `protected` URL type, you can configure how the OAuth authentication flow is handled using the **"Use pop-up for authentication URL"** toggle: - **Toggle off (default)**: The OAuth login flow runs inside the Iframe. - **Toggle on**: The OAuth login flow opens in a separate pop-up window. :::info Browser pop-up settings If you enable the pop-up option, ensure your browser allows pop-ups for the Port app’s domain. If pop-ups are blocked at the browser level, the authentication window will not open and the Iframe widget will fail to load. ::: #### Widget properties | Field | Type |Description | Default | Required | | ------- | -------------- | ---------------- | ------- | -------- | | `Title` | `String` | Iframe widget title | `null` | `true` | | `Icon` | `String` | Iframe widget icon. | `null` | `false` | ... (clipped 8 lines)
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: No Executable Code: The PR modifies documentation only; no error handling logic is present to evaluate robustness or edge case management. Referred Code <img src="/img/software-catalog/widgets/iframeWidget.png" border='1px' style={{borderRadius:'6x'}} /> #### URL type When configuring an **Iframe widget**, you can specify whether the URL is `public` or `protected`. For the `protected` URL type, you can configure how the OAuth authentication flow is handled using the **"Use pop-up for authentication URL"** toggle: - **Toggle off (default)**: The OAuth login flow runs inside the Iframe. - **Toggle on**: The OAuth login flow opens in a separate pop-up window. :::info Browser pop-up settings If you enable the pop-up option, ensure your browser allows pop-ups for the Port app’s domain. If pop-ups are blocked at the browser level, the authentication window will not open and the Iframe widget will fail to load. ::: #### Widget properties | Field | Type |Description | Default | Required | | ------- | -------------- | ---------------- | ------- | -------- | | `Title` | `String` | Iframe widget title | `null` | `true` | | `Icon` | `String` | Iframe widget icon. | `null` | `false` | ... (clipped 8 lines)
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Documentation Scope: Only documentation text was updated; there are no user-facing error messages or code paths to assess for secure error handling. Referred Code <img src="/img/software-catalog/widgets/iframeWidget.png" border='1px' style={{borderRadius:'6x'}} /> #### URL type When configuring an **Iframe widget**, you can specify whether the URL is `public` or `protected`. For the `protected` URL type, you can configure how the OAuth authentication flow is handled using the **"Use pop-up for authentication URL"** toggle: - **Toggle off (default)**: The OAuth login flow runs inside the Iframe. - **Toggle on**: The OAuth login flow opens in a separate pop-up window. :::info Browser pop-up settings If you enable the pop-up option, ensure your browser allows pop-ups for the Port app’s domain. If pop-ups are blocked at the browser level, the authentication window will not open and the Iframe widget will fail to load. ::: #### Widget properties | Field | Type |Description | Default | Required | | ------- | -------------- | ---------------- | ------- | -------- | | `Title` | `String` | Iframe widget title | `null` | `true` | | `Icon` | `String` | Iframe widget icon. | `null` | `false` | ... (clipped 8 lines)
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: No Logging Code: The PR adds no logging-related code; secure logging practices cannot be evaluated from documentation changes. Referred Code <img src="/img/software-catalog/widgets/iframeWidget.png" border='1px' style={{borderRadius:'6x'}} /> #### URL type When configuring an **Iframe widget**, you can specify whether the URL is `public` or `protected`. For the `protected` URL type, you can configure how the OAuth authentication flow is handled using the **"Use pop-up for authentication URL"** toggle: - **Toggle off (default)**: The OAuth login flow runs inside the Iframe. - **Toggle on**: The OAuth login flow opens in a separate pop-up window. :::info Browser pop-up settings If you enable the pop-up option, ensure your browser allows pop-ups for the Port app’s domain. If pop-ups are blocked at the browser level, the authentication window will not open and the Iframe widget will fail to load. ::: #### Widget properties | Field | Type |Description | Default | Required | | ------- | -------------- | ---------------- | ------- | -------- | | `Title` | `String` | Iframe widget title | `null` | `true` | | `Icon` | `String` | Iframe widget icon. | `null` | `false` | ... (clipped 8 lines)
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Not Applicable Here: The update is purely to documentation about an OAuth pop-up toggle; there is no input handling or data processing code to evaluate. Referred Code <img src="/img/software-catalog/widgets/iframeWidget.png" border='1px' style={{borderRadius:'6x'}} /> #### URL type When configuring an **Iframe widget**, you can specify whether the URL is `public` or `protected`. For the `protected` URL type, you can configure how the OAuth authentication flow is handled using the **"Use pop-up for authentication URL"** toggle: - **Toggle off (default)**: The OAuth login flow runs inside the Iframe. - **Toggle on**: The OAuth login flow opens in a separate pop-up window. :::info Browser pop-up settings If you enable the pop-up option, ensure your browser allows pop-ups for the Port app’s domain. If pop-ups are blocked at the browser level, the authentication window will not open and the Iframe widget will fail to load. ::: #### Widget properties | Field | Type |Description | Default | Required | | ------- | -------------- | ---------------- | ------- | -------- | | `Title` | `String` | Iframe widget title | `null` | `true` | | `Icon` | `String` | Iframe widget icon. | `null` | `false` | ... (clipped 8 lines)
Update

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-merge-pro]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
best practice	Fix invalid image styling attributes Correct the tag by moving the deprecated border attribute into the style property and fixing the invalid borderRadius value from '6x' to '6px'. docs/customize-pages-dashboards-and-plugins/dashboards/dashboards.md [431] -<img src="/img/software-catalog/widgets/iframeWidget.png" border='1px' style={{borderRadius:'6x'}} /> +<img src="/img/software-catalog/widgets/iframeWidget.png" style={{borderRadius:'6px', border: '1px solid #DFE1E6'}} /> Apply / Chat Suggestion importance[1-10]: 6 __ Why: The suggestion correctly identifies and fixes invalid CSS (borderRadius:'6x') and a deprecated border attribute in the <img> tag, which would cause rendering issues.	Low
	Use standard line break tags Replace the non-standard tags with the standard tag for line breaks within the markdown table. docs/customize-pages-dashboards-and-plugins/dashboards/dashboards.md [455-458] -| `Authorization Url` | `URL String` | If the `URL type` is `protected` this will be required. <br></br>Read more about it [here](/build-your-software-catalog/customize-integrations/configure-data-model/setup-blueprint/properties/embedded-url/authentication/#authentication-code-flow--pkce). | `null` | `false` | -| `clientId` | `String` | If the `URL type` is `protected` this will be required. <br></br>Read more about it [here](/build-your-software-catalog/customize-integrations/configure-data-model/setup-blueprint/properties/embedded-url/authentication/#authentication-code-flow--pkce). | `null` | `false` | -| `Scopes` | `String Array` | If the `URL type` is `protected` this will be required. <br></br>Read more about it [here](/build-your-software-catalog/customize-integrations/configure-data-model/setup-blueprint/properties/embedded-url/authentication/#authentication-code-flow--pkce). | `null` | `false` | -| `Token URL` | `URL String` | If the `URL type` is `protected` this will be required. <br></br>Read more about it [here](/build-your-software-catalog/customize-integrations/configure-data-model/setup-blueprint/properties/embedded-url/authentication/#authentication-code-flow--pkce). | `null` | `false` | +| `Authorization Url` | `URL String` | If the `URL type` is `protected` this will be required. <br>Read more about it [here](/build-your-software-catalog/customize-integrations/configure-data-model/setup-blueprint/properties/embedded-url/authentication/#authentication-code-flow--pkce). | `null` | `false` | +| `clientId` | `String` | If the `URL type` is `protected` this will be required. <br>Read more about it [here](/build-your-software-catalog/customize-integrations/configure-data-model/setup-blueprint/properties/embedded-url/authentication/#authentication-code-flow--pkce). | `null` | `false` | +| `Scopes` | `String Array` | If the `URL type` is `protected` this will be required. <br>Read more about it [here](/build-your-software-catalog/customize-integrations/configure-data-model/setup-blueprint/properties/embedded-url/authentication/#authentication-code-flow--pkce). | `null` | `false` | +| `Token URL` | `URL String` | If the `URL type` is `protected` this will be required. <br>Read more about it [here](/build-your-software-catalog/customize-integrations/configure-data-model/setup-blueprint/properties/embedded-url/authentication/#authentication-code-flow--pkce). | `null` | `false` | Apply / Chat Suggestion importance[1-10]: 3 __ Why: The suggestion correctly points out that <br> is the standard HTML tag for a line break, while <br></br> is not, improving code quality and adherence to standards.	Low
Organization best practice	Standardize list punctuation and casing Keep list items consistent and add periods to the end; also use lowercase "iframe" in running text for consistency. docs/customize-pages-dashboards-and-plugins/dashboards/dashboards.md [439-440] #### URL type -- **Toggle off (default)**: The OAuth login flow runs inside the Iframe. -- **Toggle on**: The OAuth login flow opens in a separate pop-up window. +- Toggle off (default): The OAuth login flow runs inside the iframe. +- Toggle on: The OAuth login flow opens in a separate pop-up window. [To ensure code accuracy, apply this suggestion manually] Suggestion importance[1-10]: 6 __ Why: Relevant best practice - Pattern 2: Use sentence case for headers and end list items with periods.	Low
Maintainability	Improve markdown table formatting for readability Improve the source code readability of the markdown table by aligning its columns. docs/customize-pages-dashboards-and-plugins/dashboards/dashboards.md [448-458] -| Field | Type |Description | Default | Required | -| ------- | -------------- | ---------------- | ------- | -------- | -| `Title` | `String` | Iframe widget title | `null` | `true` | -| `Icon` | `String` | Iframe widget icon. | `null` | `false` | -| `Description` | `String` | Iframe widget description. | `null` | `false` | -| `URL` | `String` | Iframe widget url. | `null` | `false` | -| `URL type` | `String` | `public` or `protect`. | `null` | `false` | +| Field | Type | Description | Default | Required | +| ------------------- | -------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -------- | +| `Title` | `String` | Iframe widget title | `null` | `true` | +| `Icon` | `String` | Iframe widget icon. | `null` | `false` | +| `Description` | `String` | Iframe widget description. | `null` | `false` | +| `URL` | `String` | Iframe widget url. | `null` | `false` | +| `URL type` | `String` | `public` or `protect`. | `null` | `false` | | `Authorization Url` | `URL String` | If the `URL type` is `protected` this will be required. <br></br>Read more about it [here](/build-your-software-catalog/customize-integrations/configure-data-model/setup-blueprint/properties/embedded-url/authentication/#authentication-code-flow--pkce). | `null` | `false` | | `clientId` | `String` | If the `URL type` is `protected` this will be required. <br></br>Read more about it [here](/build-your-software-catalog/customize-integrations/configure-data-model/setup-blueprint/properties/embedded-url/authentication/#authentication-code-flow--pkce). | `null` | `false` | | `Scopes` | `String Array` | If the `URL type` is `protected` this will be required. <br></br>Read more about it [here](/build-your-software-catalog/customize-integrations/configure-data-model/setup-blueprint/properties/embedded-url/authentication/#authentication-code-flow--pkce). | `null` | `false` | | `Token URL` | `URL String` | If the `URL type` is `protected` this will be required. <br></br>Read more about it [here](/build-your-software-catalog/customize-integrations/configure-data-model/setup-blueprint/properties/embedded-url/authentication/#authentication-code-flow--pkce). | `null` | `false` | Apply / Chat Suggestion importance[1-10]: 2 __ Why: The suggestion proposes to reformat a markdown table for better readability in the source, which is a minor stylistic improvement with no effect on the rendered output.	Low
Update

[aws-amplify-eu-west-1]

This pull request is automatically being deployed by Amplify Hosting (learn more).

Access this pull request here: https://pr-2992.d2ngvl90zqbob8.amplifyapp.com