[aerogear-dev] Suggestion for some OTP improvements

Corinne Krych corinnekrych at gmail.com
Tue Sep 22 08:48:33 EDT 2015


Hello Guys,

Revisiting OTP demo for iOS client, I've seen some improvements that could
be done in the OTP lib itself.

1. storage of secret is done at cordova- layer [1] and [2]. It would be
better to store them in a safe storage (ie: Keychain for iOS, KeyStore for
Android etc...) or at least leave the option for end user.

2. extracting secret from URL (read from QRCode) is done on each native
client demos or in Corodva layer. See [3] for iOS and [4] for Android and
[5] for Cordova. What about moving this code snippet in the library itself.
For ex, add a new initialiser of OTP which takes an URL.

Thoughts?

++
Corinne
[1]
https://github.com/aerogear/aerogear-cordova-otp/blob/master/www/aerogear-opt.js#L66
[2]
https://github.com/aerogear/aerogear-cordova-otp/blob/master/src/ios/CDVAeroGearPlugin.m#L48
[3]
https://github.com/corinnekrych/aerogear-ios-cookbook-1/blob/AGIOS-390.otp.demo/Two-Factor/TwoFactorOTP/QRcodeCaptureViewController.swift#L76-L103
[4]
https://github.com/aerogear/aerogear-android-cookbook/blob/master/Two-Factor%2Fapp%2Fsrc%2Fmain%2Fjava%2Forg%2Fjboss%2Faerogear%2Fandroid%2Fcookbook%2Ftwofactor%2FOTPDisplay.java#L69-L77
[5]
https://github.com/aerogear/aerogear-cordova-otp/blob/master/www/aerogear-opt.js#L106-L110
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20150922/c0e39826/attachment.html 


More information about the aerogear-dev mailing list