[aerogear-dev] Suggestion for some OTP improvements
Daniel Passos
dpassos at redhat.com
Wed Sep 23 09:29:02 EDT 2015
On Tue, Sep 22, 2015 at 9:48 AM, Corinne Krych <corinnekrych at gmail.com>
wrote:
> Hello Guys,
>
> Revisiting OTP demo for iOS client, I've seen some improvements that could
> be done in the OTP lib itself.
>
> 1. storage of secret is done at cordova- layer [1] and [2]. It would be
> better to store them in a safe storage (ie: Keychain for iOS, KeyStore for
> Android etc...) or at least leave the option for end user.
>
I'm not against to have a complete example and storing the secret in the
database, but I'd prefer only scan QRCode and show the code on screen. I
think it make the example easily to our community
debug/play/understand/focus on OTP
> 2. extracting secret from URL (read from QRCode) is done on each native
> client demos or in Corodva layer. See [3] for iOS and [4] for Android and
> [5] for Cordova. What about moving this code snippet in the library itself.
> For ex, add a new initialiser of OTP which takes an URL.
>
+1 I like it.
Thoughts?
>
> ++
> Corinne
> [1]
> https://github.com/aerogear/aerogear-cordova-otp/blob/master/www/aerogear-opt.js#L66
> [2]
> https://github.com/aerogear/aerogear-cordova-otp/blob/master/src/ios/CDVAeroGearPlugin.m#L48
> [3]
> https://github.com/corinnekrych/aerogear-ios-cookbook-1/blob/AGIOS-390.otp.demo/Two-Factor/TwoFactorOTP/QRcodeCaptureViewController.swift#L76-L103
> [4]
> https://github.com/aerogear/aerogear-android-cookbook/blob/master/Two-Factor%2Fapp%2Fsrc%2Fmain%2Fjava%2Forg%2Fjboss%2Faerogear%2Fandroid%2Fcookbook%2Ftwofactor%2FOTPDisplay.java#L69-L77
> [5]
> https://github.com/aerogear/aerogear-cordova-otp/blob/master/www/aerogear-opt.js#L106-L110
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
--
-- Passos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20150923/064a1d0b/attachment-0001.html
More information about the aerogear-dev
mailing list