[aerogear-dev] Eating our own dog food, or TOTP demos for AeroGear

Daniel Passos daniel at passos.me
Fri Oct 10 10:48:40 EDT 2014


Jira created

On Fri, Oct 10, 2014 at 11:20 AM, Bruno Oliveira <bruno at abstractj.org>
wrote:

> On 2014-10-10, Daniel Passos wrote:
> > Hi guys,
> >
> > Yep, In Android land we have secret request and qrcode scan.
> >
> > 1) May be is a good idea remove the secret request?
>
> +1
>

https://issues.jboss.org/browse/AGDROID-299


> >
> > 2) In related news, today we not store the secret. I think store that
> > before publish is a good thing to do
>
> +1 Feel free to file jiras and assign to me if you want.
>

https://issues.jboss.org/browse/AGDROID-300


> > -- Passos
> >
> >
> > On Fri, Oct 10, 2014 at 4:47 AM, Matthias Wessendorf <matzew at apache.org>
> > wrote:
> >
> > >
> > >
> > > On Fri, Oct 10, 2014 at 9:00 AM, Corinne Krych <corinnekrych at gmail.com
> >
> > > wrote:
> > >
> > >> Same here Bruno I would like to publish Shoot, in its Swift version to
> > >> apple store.
> > >>
> > >
> > > +1 that is even useful :)
> > > so not a "demo" at all.
> > >
> > > Great idea!
> > >
> > >
> > >> We have a ticket to enhance it with an iOS photo sharing dialog. Once
> > >> this one is done, let's submit.
> > >> For the app store I might limit it to Facebook and Google+, to start
> with.
> > >>
> > >> ++
> > >> Corinne
> > >>
> > >> On 10 October 2014 08:48, Christos Vasilakis <cvasilak at gmail.com>
> wrote:
> > >>
> > >>> Hi,
> > >>>
> > >>> answers inline
> > >>>
> > >>> On Oct 9, 2014, at 11:42 PM, Bruno Oliveira <bruno at abstractj.org>
> wrote:
> > >>>
> > >>> > No way, Matthias. OTP must be always offline. To retrieve the
> shared
> > >>> > secret, we scan the QR Code.
> > >>> >
> > >>> > Maybe the iOS demo is doing it (have to revisit and confirm)[1].
> > >>> > On Android, I'm pretty much sure that QR Code scanning was already
> > >>> > implemented.
> > >>> >
> > >>>
> > >>> revisiting this, I can see indeed on iOS the shared secret is
> retrieved
> > >>> from the server and that is only the option offered. Our Android
> example
> > >>> offers both options, either from server, or using QR code scanning,
> so
> > >>> implementing the latter on our iOS demo need to be also done.
> > >>>
> > >>> created to track it :
> > >>>  https://issues.jboss.org/browse/AGIOS-289
> > >>>
> > >>> > We don't need to be perfect, get what is already done, improve if
> > >>> > possible or release what is already done.
> > >>>
> > >>> +1 for releasing on the app store. My fear is, as Matthias said
> earlier,
> > >>> the ‘demo’ aspect, but with a nice description/walkthrough submission
> > >>> details, maybe there is chance.. and tbh I have seen far far
> simplest apps
> > >>> accepted on their store.
> > >>>
> > >>>
> > >>> -
> > >>> Christos
> > >>>
> > >>>
> > >>>
> > >>> >
> > >>> > [1] -
> > >>> >
> > >>>
> https://github.com/aerogear/aerogear-otp-ios-demo/blob/5b23acbaf5c3cd74377efdd483b43a65befb11ee/AeroGear-OTP-Demo/AeroGear-OTP-Demo/Utilities/AGOTPClient.m#L63
> > >>> >
> > >>> >
> > >>> > On 2014-10-09, Matthias Wessendorf wrote:
> > >>> >
> > >>> >> On Thu, Oct 9, 2014 at 5:26 PM, Bruno Oliveira <
> bruno at abstractj.org>
> > >>> wrote:
> > >>> >>
> > >>> >>> On 2014-10-09, Matthias Wessendorf wrote:
> > >>> >>>> On Thu, Oct 9, 2014 at 4:57 AM, Bruno Oliveira <
> bruno at abstractj.org
> > >>> >
> > >>> >>> wrote:
> > >>> >>>>
> > >>> >>>>> Good morning,
> > >>> >>>>>
> > >>> >>>>> TOTP was implemented on AeroGear for iOS[1] and Android[2] two
> > >>> years
> > >>> >>>>> ago. On conferences most of the developers get amazed with our
> API.
> > >>> >>>>>
> > >>> >>>>
> > >>> >>>> It's always great feedback when I show the OTP demo. Attendees
> at
> > >>> >>>> conferences love it!
> > >>> >>>>
> > >>> >>>>
> > >>> >>>>>
> > >>> >>>>> Although we don't have any app published on Google Play or App
> > >>> Store. I
> > >>> >>>>> think it's time to release our demos and get some feedback
> from our
> > >>> >>>>> community.
> > >>> >>>>>
> > >>> >>>>
> > >>> >>>> with release, what do you mean? Submit to the stores?
> > >>> >>>> On Apple one reason we never submitted anything to their App
> Store
> > >>> is
> > >>> >>> their
> > >>> >>>> rules clearly indicate no demos are allowed in there.
> > >>> >>>
> > >>> >>> I understand, it can be a real and non paid app. Once it does not
> > >>> depends
> > >>> >>> on
> > >>> >>> internet connection at this moment.
> > >>> >>>
> > >>> >>
> > >>> >> isn't the iOS OTP "demo" connecting to a JAX-RS backend for the
> > >>> tokens?
> > >>> >>
> > >>> >>
> > >>> >>>
> > >>> >>>>
> > >>> >>>>
> > >>> >>>>>
> > >>> >>>>> Into this way we can exercise things like:
> > >>> >>>>>
> > >>> >>>>> - Properly store the shared secret
> > >>> >>>>> - Password protection with offline authentication
> > >>> >>>>> - If we are very confident, sync the TOTPs across authorized
> > >>> devices
> > >>> >>>>>
> > >>> >>>>> At the moment, we don't need to do so much once most of our
> demos
> > >>> are
> > >>> >>>>> already on GH.
> > >>> >>>>
> > >>> >>>>
> > >>> >>>> The only thing is perhaps making sure the backend part of our
> OTP
> > >>> demo is
> > >>> >>>> (always) up :)
> > >>> >>>>
> > >>> >>>>
> > >>> >>>>
> > >>> >>>>> I think it's just the matter of release it.
> > >>> >>>>>
> > >>> >>>>> Thoughts?
> > >>> >>>>>
> > >>> >>>>
> > >>> >>>> I like giving these nice demos, and their used AeroGear
> technology,
> > >>> some
> > >>> >>>> more love and visibility.
> > >>> >>>>
> > >>> >>>>
> > >>> >>>>>
> > >>> >>>>> [1] - https://github.com/aerogear/aerogear-otp-ios-demo
> > >>> >>>>> [2] - https://github.com/aerogear/aerogear-otp-android-demo
> > >>> >>>>>
> > >>> >>>>> --
> > >>> >>>>>
> > >>> >>>>> abstractj
> > >>> >>>>> PGP: 0x84DC9914
> > >>> >>>>> _______________________________________________
> > >>> >>>>> aerogear-dev mailing list
> > >>> >>>>> aerogear-dev at lists.jboss.org
> > >>> >>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> > >>> >>>>>
> > >>> >>>>
> > >>> >>>>
> > >>> >>>>
> > >>> >>>> --
> > >>> >>>> Matthias Wessendorf
> > >>> >>>>
> > >>> >>>> blog: http://matthiaswessendorf.wordpress.com/
> > >>> >>>> sessions: http://www.slideshare.net/mwessendorf
> > >>> >>>> twitter: http://twitter.com/mwessendorf
> > >>> >>>
> > >>> >>>> _______________________________________________
> > >>> >>>> aerogear-dev mailing list
> > >>> >>>> aerogear-dev at lists.jboss.org
> > >>> >>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> > >>> >>>
> > >>> >>>
> > >>> >>> --
> > >>> >>>
> > >>> >>> abstractj
> > >>> >>> PGP: 0x84DC9914
> > >>> >>> _______________________________________________
> > >>> >>> aerogear-dev mailing list
> > >>> >>> aerogear-dev at lists.jboss.org
> > >>> >>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> > >>> >>>
> > >>> >>
> > >>> >>
> > >>> >>
> > >>> >> --
> > >>> >> Matthias Wessendorf
> > >>> >>
> > >>> >> blog: http://matthiaswessendorf.wordpress.com/
> > >>> >> sessions: http://www.slideshare.net/mwessendorf
> > >>> >> twitter: http://twitter.com/mwessendorf
> > >>> >
> > >>> >> _______________________________________________
> > >>> >> aerogear-dev mailing list
> > >>> >> aerogear-dev at lists.jboss.org
> > >>> >> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> > >>> >
> > >>> >
> > >>> > --
> > >>> >
> > >>> > abstractj
> > >>> > PGP: 0x84DC9914
> > >>> > _______________________________________________
> > >>> > aerogear-dev mailing list
> > >>> > aerogear-dev at lists.jboss.org
> > >>> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> > >>>
> > >>>
> > >>> _______________________________________________
> > >>> aerogear-dev mailing list
> > >>> aerogear-dev at lists.jboss.org
> > >>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> > >>>
> > >>
> > >>
> > >> _______________________________________________
> > >> aerogear-dev mailing list
> > >> aerogear-dev at lists.jboss.org
> > >> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> > >>
> > >
> > >
> > >
> > > --
> > > Matthias Wessendorf
> > >
> > > blog: http://matthiaswessendorf.wordpress.com/
> > > sessions: http://www.slideshare.net/mwessendorf
> > > twitter: http://twitter.com/mwessendorf
> > >
> > > _______________________________________________
> > > aerogear-dev mailing list
> > > aerogear-dev at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> > >
>
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
> --
>
> abstractj
> PGP: 0x84DC9914
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20141010/43a5fdf3/attachment-0001.html 


More information about the aerogear-dev mailing list