[aerogear-dev] Eating our own dog food, or TOTP demos for AeroGear

Daniel Passos daniel at passos.me
Fri Oct 10 08:18:49 EDT 2014 

Hi guys,

Yep, In Android land we have secret request and qrcode scan.

1) May be is a good idea remove the secret request?

2) In related news, today we not store the secret. I think store that
before publish is a good thing to do

-- Passos


On Fri, Oct 10, 2014 at 4:47 AM, Matthias Wessendorf <matzew at apache.org>
wrote:

>
>
> On Fri, Oct 10, 2014 at 9:00 AM, Corinne Krych <corinnekrych at gmail.com>
> wrote:
>
>> Same here Bruno I would like to publish Shoot, in its Swift version to
>> apple store.
>>
>
> +1 that is even useful :)
> so not a "demo" at all.
>
> Great idea!
>
>
>> We have a ticket to enhance it with an iOS photo sharing dialog. Once
>> this one is done, let's submit.
>> For the app store I might limit it to Facebook and Google+, to start with.
>>
>> ++
>> Corinne
>>
>> On 10 October 2014 08:48, Christos Vasilakis <cvasilak at gmail.com> wrote:
>>
>>> Hi,
>>>
>>> answers inline
>>>
>>> On Oct 9, 2014, at 11:42 PM, Bruno Oliveira <bruno at abstractj.org> wrote:
>>>
>>> > No way, Matthias. OTP must be always offline. To retrieve the shared
>>> > secret, we scan the QR Code.
>>> >
>>> > Maybe the iOS demo is doing it (have to revisit and confirm)[1].
>>> > On Android, I'm pretty much sure that QR Code scanning was already
>>> > implemented.
>>> >
>>>
>>> revisiting this, I can see indeed on iOS the shared secret is retrieved
>>> from the server and that is only the option offered. Our Android example
>>> offers both options, either from server, or using QR code scanning, so
>>> implementing the latter on our iOS demo need to be also done.
>>>
>>> created to track it :
>>>  https://issues.jboss.org/browse/AGIOS-289
>>>
>>> > We don't need to be perfect, get what is already done, improve if
>>> > possible or release what is already done.
>>>
>>> +1 for releasing on the app store. My fear is, as Matthias said earlier,
>>> the ‘demo’ aspect, but with a nice description/walkthrough submission
>>> details, maybe there is chance.. and tbh I have seen far far simplest apps
>>> accepted on their store.
>>>
>>>
>>> -
>>> Christos
>>>
>>>
>>>
>>> >
>>> > [1] -
>>> >
>>> https://github.com/aerogear/aerogear-otp-ios-demo/blob/5b23acbaf5c3cd74377efdd483b43a65befb11ee/AeroGear-OTP-Demo/AeroGear-OTP-Demo/Utilities/AGOTPClient.m#L63
>>> >
>>> >
>>> > On 2014-10-09, Matthias Wessendorf wrote:
>>> >
>>> >> On Thu, Oct 9, 2014 at 5:26 PM, Bruno Oliveira <bruno at abstractj.org>
>>> wrote:
>>> >>
>>> >>> On 2014-10-09, Matthias Wessendorf wrote:
>>> >>>> On Thu, Oct 9, 2014 at 4:57 AM, Bruno Oliveira <bruno at abstractj.org
>>> >
>>> >>> wrote:
>>> >>>>
>>> >>>>> Good morning,
>>> >>>>>
>>> >>>>> TOTP was implemented on AeroGear for iOS[1] and Android[2] two
>>> years
>>> >>>>> ago. On conferences most of the developers get amazed with our API.
>>> >>>>>
>>> >>>>
>>> >>>> It's always great feedback when I show the OTP demo. Attendees at
>>> >>>> conferences love it!
>>> >>>>
>>> >>>>
>>> >>>>>
>>> >>>>> Although we don't have any app published on Google Play or App
>>> Store. I
>>> >>>>> think it's time to release our demos and get some feedback from our
>>> >>>>> community.
>>> >>>>>
>>> >>>>
>>> >>>> with release, what do you mean? Submit to the stores?
>>> >>>> On Apple one reason we never submitted anything to their App Store
>>> is
>>> >>> their
>>> >>>> rules clearly indicate no demos are allowed in there.
>>> >>>
>>> >>> I understand, it can be a real and non paid app. Once it does not
>>> depends
>>> >>> on
>>> >>> internet connection at this moment.
>>> >>>
>>> >>
>>> >> isn't the iOS OTP "demo" connecting to a JAX-RS backend for the
>>> tokens?
>>> >>
>>> >>
>>> >>>
>>> >>>>
>>> >>>>
>>> >>>>>
>>> >>>>> Into this way we can exercise things like:
>>> >>>>>
>>> >>>>> - Properly store the shared secret
>>> >>>>> - Password protection with offline authentication
>>> >>>>> - If we are very confident, sync the TOTPs across authorized
>>> devices
>>> >>>>>
>>> >>>>> At the moment, we don't need to do so much once most of our demos
>>> are
>>> >>>>> already on GH.
>>> >>>>
>>> >>>>
>>> >>>> The only thing is perhaps making sure the backend part of our OTP
>>> demo is
>>> >>>> (always) up :)
>>> >>>>
>>> >>>>
>>> >>>>
>>> >>>>> I think it's just the matter of release it.
>>> >>>>>
>>> >>>>> Thoughts?
>>> >>>>>
>>> >>>>
>>> >>>> I like giving these nice demos, and their used AeroGear technology,
>>> some
>>> >>>> more love and visibility.
>>> >>>>
>>> >>>>
>>> >>>>>
>>> >>>>> [1] - https://github.com/aerogear/aerogear-otp-ios-demo
>>> >>>>> [2] - https://github.com/aerogear/aerogear-otp-android-demo
>>> >>>>>
>>> >>>>> --
>>> >>>>>
>>> >>>>> abstractj
>>> >>>>> PGP: 0x84DC9914
>>> >>>>> _______________________________________________
>>> >>>>> aerogear-dev mailing list
>>> >>>>> aerogear-dev at lists.jboss.org
>>> >>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>> >>>>>
>>> >>>>
>>> >>>>
>>> >>>>
>>> >>>> --
>>> >>>> Matthias Wessendorf
>>> >>>>
>>> >>>> blog: http://matthiaswessendorf.wordpress.com/
>>> >>>> sessions: http://www.slideshare.net/mwessendorf
>>> >>>> twitter: http://twitter.com/mwessendorf
>>> >>>
>>> >>>> _______________________________________________
>>> >>>> aerogear-dev mailing list
>>> >>>> aerogear-dev at lists.jboss.org
>>> >>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>> >>>
>>> >>>
>>> >>> --
>>> >>>
>>> >>> abstractj
>>> >>> PGP: 0x84DC9914
>>> >>> _______________________________________________
>>> >>> aerogear-dev mailing list
>>> >>> aerogear-dev at lists.jboss.org
>>> >>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>> >>>
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >> Matthias Wessendorf
>>> >>
>>> >> blog: http://matthiaswessendorf.wordpress.com/
>>> >> sessions: http://www.slideshare.net/mwessendorf
>>> >> twitter: http://twitter.com/mwessendorf
>>> >
>>> >> _______________________________________________
>>> >> aerogear-dev mailing list
>>> >> aerogear-dev at lists.jboss.org
>>> >> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>> >
>>> >
>>> > --
>>> >
>>> > abstractj
>>> > PGP: 0x84DC9914
>>> > _______________________________________________
>>> > aerogear-dev mailing list
>>> > aerogear-dev at lists.jboss.org
>>> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>>
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>
>
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20141010/a192321a/attachment.html

More information about the aerogear-dev mailing list