[aerogear-dev] Eating our own dog food, or TOTP demos for AeroGear

Bruno Oliveira bruno at abstractj.org
Fri Oct 10 10:15:01 EDT 2014 

It it will add an extra work, I see it as low priority. If we have,
cool, otherwise, best effort.

Thanks for the clarification Christos.

On 2014-10-10, Christos Vasilakis wrote:
> Hi,
>
> answers inline
>
> On Oct 9, 2014, at 11:42 PM, Bruno Oliveira <bruno at abstractj.org> wrote:
>
> > No way, Matthias. OTP must be always offline. To retrieve the shared
> > secret, we scan the QR Code.
> >
> > Maybe the iOS demo is doing it (have to revisit and confirm)[1].
> > On Android, I'm pretty much sure that QR Code scanning was already
> > implemented.
> >
>
> revisiting this, I can see indeed on iOS the shared secret is retrieved from the server and that is only the option offered. Our Android example offers both options, either from server, or using QR code scanning, so implementing the latter on our iOS demo need to be also done.
>
> created to track it :
>  https://issues.jboss.org/browse/AGIOS-289
>
> > We don't need to be perfect, get what is already done, improve if
> > possible or release what is already done.
>
> +1 for releasing on the app store. My fear is, as Matthias said earlier, the ‘demo’ aspect, but with a nice description/walkthrough submission details, maybe there is chance.. and tbh I have seen far far simplest apps accepted on their store.
>
>
> -
> Christos
>
>
>
> >
> > [1] -
> > https://github.com/aerogear/aerogear-otp-ios-demo/blob/5b23acbaf5c3cd74377efdd483b43a65befb11ee/AeroGear-OTP-Demo/AeroGear-OTP-Demo/Utilities/AGOTPClient.m#L63
> >
> >
> > On 2014-10-09, Matthias Wessendorf wrote:
> >
> >> On Thu, Oct 9, 2014 at 5:26 PM, Bruno Oliveira <bruno at abstractj.org> wrote:
> >>
> >>> On 2014-10-09, Matthias Wessendorf wrote:
> >>>> On Thu, Oct 9, 2014 at 4:57 AM, Bruno Oliveira <bruno at abstractj.org>
> >>> wrote:
> >>>>
> >>>>> Good morning,
> >>>>>
> >>>>> TOTP was implemented on AeroGear for iOS[1] and Android[2] two years
> >>>>> ago. On conferences most of the developers get amazed with our API.
> >>>>>
> >>>>
> >>>> It's always great feedback when I show the OTP demo. Attendees at
> >>>> conferences love it!
> >>>>
> >>>>
> >>>>>
> >>>>> Although we don't have any app published on Google Play or App Store. I
> >>>>> think it's time to release our demos and get some feedback from our
> >>>>> community.
> >>>>>
> >>>>
> >>>> with release, what do you mean? Submit to the stores?
> >>>> On Apple one reason we never submitted anything to their App Store is
> >>> their
> >>>> rules clearly indicate no demos are allowed in there.
> >>>
> >>> I understand, it can be a real and non paid app. Once it does not depends
> >>> on
> >>> internet connection at this moment.
> >>>
> >>
> >> isn't the iOS OTP "demo" connecting to a JAX-RS backend for the tokens?
> >>
> >>
> >>>
> >>>>
> >>>>
> >>>>>
> >>>>> Into this way we can exercise things like:
> >>>>>
> >>>>> - Properly store the shared secret
> >>>>> - Password protection with offline authentication
> >>>>> - If we are very confident, sync the TOTPs across authorized devices
> >>>>>
> >>>>> At the moment, we don't need to do so much once most of our demos are
> >>>>> already on GH.
> >>>>
> >>>>
> >>>> The only thing is perhaps making sure the backend part of our OTP demo is
> >>>> (always) up :)
> >>>>
> >>>>
> >>>>
> >>>>> I think it's just the matter of release it.
> >>>>>
> >>>>> Thoughts?
> >>>>>
> >>>>
> >>>> I like giving these nice demos, and their used AeroGear technology, some
> >>>> more love and visibility.
> >>>>
> >>>>
> >>>>>
> >>>>> [1] - https://github.com/aerogear/aerogear-otp-ios-demo
> >>>>> [2] - https://github.com/aerogear/aerogear-otp-android-demo
> >>>>>
> >>>>> --
> >>>>>
> >>>>> abstractj
> >>>>> PGP: 0x84DC9914
> >>>>> _______________________________________________
> >>>>> aerogear-dev mailing list
> >>>>> aerogear-dev at lists.jboss.org
> >>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>> --
> >>>> Matthias Wessendorf
> >>>>
> >>>> blog: http://matthiaswessendorf.wordpress.com/
> >>>> sessions: http://www.slideshare.net/mwessendorf
> >>>> twitter: http://twitter.com/mwessendorf
> >>>
> >>>> _______________________________________________
> >>>> aerogear-dev mailing list
> >>>> aerogear-dev at lists.jboss.org
> >>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>>
> >>>
> >>> --
> >>>
> >>> abstractj
> >>> PGP: 0x84DC9914
> >>> _______________________________________________
> >>> aerogear-dev mailing list
> >>> aerogear-dev at lists.jboss.org
> >>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>>
> >>
> >>
> >>
> >> --
> >> Matthias Wessendorf
> >>
> >> blog: http://matthiaswessendorf.wordpress.com/
> >> sessions: http://www.slideshare.net/mwessendorf
> >> twitter: http://twitter.com/mwessendorf
> >
> >> _______________________________________________
> >> aerogear-dev mailing list
> >> aerogear-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >
> >
> > --
> >
> > abstractj
> > PGP: 0x84DC9914
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev

--

abstractj
PGP: 0x84DC9914

More information about the aerogear-dev mailing list