[aerogear-dev] Eating our own dog food, or TOTP demos for AeroGear

Bruno Oliveira bruno at abstractj.org
Fri Oct 10 10:20:43 EDT 2014 

On 2014-10-10, Daniel Passos wrote:
> Hi guys,
>
> Yep, In Android land we have secret request and qrcode scan.
>
> 1) May be is a good idea remove the secret request?

+1

>
> 2) In related news, today we not store the secret. I think store that
> before publish is a good thing to do

+1 Feel free to file jiras and assign to me if you want.
>
> -- Passos
>
>
> On Fri, Oct 10, 2014 at 4:47 AM, Matthias Wessendorf <matzew at apache.org>
> wrote:
>
> >
> >
> > On Fri, Oct 10, 2014 at 9:00 AM, Corinne Krych <corinnekrych at gmail.com>
> > wrote:
> >
> >> Same here Bruno I would like to publish Shoot, in its Swift version to
> >> apple store.
> >>
> >
> > +1 that is even useful :)
> > so not a "demo" at all.
> >
> > Great idea!
> >
> >
> >> We have a ticket to enhance it with an iOS photo sharing dialog. Once
> >> this one is done, let's submit.
> >> For the app store I might limit it to Facebook and Google+, to start with.
> >>
> >> ++
> >> Corinne
> >>
> >> On 10 October 2014 08:48, Christos Vasilakis <cvasilak at gmail.com> wrote:
> >>
> >>> Hi,
> >>>
> >>> answers inline
> >>>
> >>> On Oct 9, 2014, at 11:42 PM, Bruno Oliveira <bruno at abstractj.org> wrote:
> >>>
> >>> > No way, Matthias. OTP must be always offline. To retrieve the shared
> >>> > secret, we scan the QR Code.
> >>> >
> >>> > Maybe the iOS demo is doing it (have to revisit and confirm)[1].
> >>> > On Android, I'm pretty much sure that QR Code scanning was already
> >>> > implemented.
> >>> >
> >>>
> >>> revisiting this, I can see indeed on iOS the shared secret is retrieved
> >>> from the server and that is only the option offered. Our Android example
> >>> offers both options, either from server, or using QR code scanning, so
> >>> implementing the latter on our iOS demo need to be also done.
> >>>
> >>> created to track it :
> >>>  https://issues.jboss.org/browse/AGIOS-289
> >>>
> >>> > We don't need to be perfect, get what is already done, improve if
> >>> > possible or release what is already done.
> >>>
> >>> +1 for releasing on the app store. My fear is, as Matthias said earlier,
> >>> the ‘demo’ aspect, but with a nice description/walkthrough submission
> >>> details, maybe there is chance.. and tbh I have seen far far simplest apps
> >>> accepted on their store.
> >>>
> >>>
> >>> -
> >>> Christos
> >>>
> >>>
> >>>
> >>> >
> >>> > [1] -
> >>> >
> >>> https://github.com/aerogear/aerogear-otp-ios-demo/blob/5b23acbaf5c3cd74377efdd483b43a65befb11ee/AeroGear-OTP-Demo/AeroGear-OTP-Demo/Utilities/AGOTPClient.m#L63
> >>> >
> >>> >
> >>> > On 2014-10-09, Matthias Wessendorf wrote:
> >>> >
> >>> >> On Thu, Oct 9, 2014 at 5:26 PM, Bruno Oliveira <bruno at abstractj.org>
> >>> wrote:
> >>> >>
> >>> >>> On 2014-10-09, Matthias Wessendorf wrote:
> >>> >>>> On Thu, Oct 9, 2014 at 4:57 AM, Bruno Oliveira <bruno at abstractj.org
> >>> >
> >>> >>> wrote:
> >>> >>>>
> >>> >>>>> Good morning,
> >>> >>>>>
> >>> >>>>> TOTP was implemented on AeroGear for iOS[1] and Android[2] two
> >>> years
> >>> >>>>> ago. On conferences most of the developers get amazed with our API.
> >>> >>>>>
> >>> >>>>
> >>> >>>> It's always great feedback when I show the OTP demo. Attendees at
> >>> >>>> conferences love it!
> >>> >>>>
> >>> >>>>
> >>> >>>>>
> >>> >>>>> Although we don't have any app published on Google Play or App
> >>> Store. I
> >>> >>>>> think it's time to release our demos and get some feedback from our
> >>> >>>>> community.
> >>> >>>>>
> >>> >>>>
> >>> >>>> with release, what do you mean? Submit to the stores?
> >>> >>>> On Apple one reason we never submitted anything to their App Store
> >>> is
> >>> >>> their
> >>> >>>> rules clearly indicate no demos are allowed in there.
> >>> >>>
> >>> >>> I understand, it can be a real and non paid app. Once it does not
> >>> depends
> >>> >>> on
> >>> >>> internet connection at this moment.
> >>> >>>
> >>> >>
> >>> >> isn't the iOS OTP "demo" connecting to a JAX-RS backend for the
> >>> tokens?
> >>> >>
> >>> >>
> >>> >>>
> >>> >>>>
> >>> >>>>
> >>> >>>>>
> >>> >>>>> Into this way we can exercise things like:
> >>> >>>>>
> >>> >>>>> - Properly store the shared secret
> >>> >>>>> - Password protection with offline authentication
> >>> >>>>> - If we are very confident, sync the TOTPs across authorized
> >>> devices
> >>> >>>>>
> >>> >>>>> At the moment, we don't need to do so much once most of our demos
> >>> are
> >>> >>>>> already on GH.
> >>> >>>>
> >>> >>>>
> >>> >>>> The only thing is perhaps making sure the backend part of our OTP
> >>> demo is
> >>> >>>> (always) up :)
> >>> >>>>
> >>> >>>>
> >>> >>>>
> >>> >>>>> I think it's just the matter of release it.
> >>> >>>>>
> >>> >>>>> Thoughts?
> >>> >>>>>
> >>> >>>>
> >>> >>>> I like giving these nice demos, and their used AeroGear technology,
> >>> some
> >>> >>>> more love and visibility.
> >>> >>>>
> >>> >>>>
> >>> >>>>>
> >>> >>>>> [1] - https://github.com/aerogear/aerogear-otp-ios-demo
> >>> >>>>> [2] - https://github.com/aerogear/aerogear-otp-android-demo
> >>> >>>>>
> >>> >>>>> --
> >>> >>>>>
> >>> >>>>> abstractj
> >>> >>>>> PGP: 0x84DC9914
> >>> >>>>> _______________________________________________
> >>> >>>>> aerogear-dev mailing list
> >>> >>>>> aerogear-dev at lists.jboss.org
> >>> >>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>> >>>>>
> >>> >>>>
> >>> >>>>
> >>> >>>>
> >>> >>>> --
> >>> >>>> Matthias Wessendorf
> >>> >>>>
> >>> >>>> blog: http://matthiaswessendorf.wordpress.com/
> >>> >>>> sessions: http://www.slideshare.net/mwessendorf
> >>> >>>> twitter: http://twitter.com/mwessendorf
> >>> >>>
> >>> >>>> _______________________________________________
> >>> >>>> aerogear-dev mailing list
> >>> >>>> aerogear-dev at lists.jboss.org
> >>> >>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>> >>>
> >>> >>>
> >>> >>> --
> >>> >>>
> >>> >>> abstractj
> >>> >>> PGP: 0x84DC9914
> >>> >>> _______________________________________________
> >>> >>> aerogear-dev mailing list
> >>> >>> aerogear-dev at lists.jboss.org
> >>> >>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>> >>>
> >>> >>
> >>> >>
> >>> >>
> >>> >> --
> >>> >> Matthias Wessendorf
> >>> >>
> >>> >> blog: http://matthiaswessendorf.wordpress.com/
> >>> >> sessions: http://www.slideshare.net/mwessendorf
> >>> >> twitter: http://twitter.com/mwessendorf
> >>> >
> >>> >> _______________________________________________
> >>> >> aerogear-dev mailing list
> >>> >> aerogear-dev at lists.jboss.org
> >>> >> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>> >
> >>> >
> >>> > --
> >>> >
> >>> > abstractj
> >>> > PGP: 0x84DC9914
> >>> > _______________________________________________
> >>> > aerogear-dev mailing list
> >>> > aerogear-dev at lists.jboss.org
> >>> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>>
> >>>
> >>> _______________________________________________
> >>> aerogear-dev mailing list
> >>> aerogear-dev at lists.jboss.org
> >>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>>
> >>
> >>
> >> _______________________________________________
> >> aerogear-dev mailing list
> >> aerogear-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>
> >
> >
> >
> > --
> > Matthias Wessendorf
> >
> > blog: http://matthiaswessendorf.wordpress.com/
> > sessions: http://www.slideshare.net/mwessendorf
> > twitter: http://twitter.com/mwessendorf
> >
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >

> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev


--

abstractj
PGP: 0x84DC9914

More information about the aerogear-dev mailing list