<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Nov 24, 2014 at 10:02 AM, Erik Jan de Wit <span dir="ltr"><<a href="mailto:edewit@redhat.com" target="_blank">edewit@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word"><br><div><span class=""><div>On 24 Nov,2014, at 9:43 , Corinne Krych <<a href="mailto:corinnekrych@gmail.com" target="_blank">corinnekrych@gmail.com</a>> wrote:</div><br><blockquote type="cite">I think the best approach is to go external browser, one of the main issue with embedded view is that the user stills have to enter credentials in native app. Although it might offer a better UX experience not switching apps, it’s seen as less secure. My preference would be to go external. On iOS, the re-enter app is solved using URI schema. The same approach is used fro Cordova plugin, the schema is configured in the config.xml cordova file. <br></blockquote><div><br></div></span><div>Yes, because when using a WebView the app could override onKeyDown and get your password:</div><div><br></div><div><pre style="font-size:13px;margin-top:0px;color:rgb(0,102,0);line-height:1.5;padding:1em;overflow:auto;border:1px solid rgb(221,221,221);background-color:rgb(247,247,247);background-repeat:initial initial"><span style="color:rgb(0,102,102)">@Override</span><span style="color:rgb(0,0,0)"><br></span><span style="color:rgb(0,0,136)">public</span><span style="color:rgb(0,0,0)"> </span><span style="color:rgb(0,0,136)">boolean</span><span style="color:rgb(0,0,0)"> </span><code style="line-height:14px"><a href="http://developer.android.com/reference/android/app/Activity.html#onKeyDown(int,%20android.view.KeyEvent)" style="color:rgb(37,138,175);text-decoration:none" target="_blank"><span style="color:rgb(0,0,0)">onKeyDown</span></a></code><span style="color:rgb(102,102,0)">(</span><span style="color:rgb(0,0,136)">int</span><span style="color:rgb(0,0,0)"> keyCode</span><span style="color:rgb(102,102,0)">,</span><span style="color:rgb(0,0,0)"> </span><span style="color:rgb(102,0,102)">KeyEvent</span><span style="color:rgb(0,0,0)"> </span><span style="color:rgb(0,0,136)">event</span><span style="color:rgb(102,102,0)">)</span><span style="color:rgb(0,0,0)"> </span><span style="color:rgb(102,102,0)">{</span><span style="color:rgb(0,0,0)"><br> </span><span>// I’m getting your password here</span><span style="color:rgb(0,0,0)"><br></span><span style="color:rgb(0,0,0)"> </span><span style="color:rgb(0,0,136)">return</span><span style="color:rgb(0,0,0)"> </span><span style="color:rgb(0,0,136)">super</span><span style="color:rgb(102,102,0)">.</span><span style="color:rgb(0,0,0)">onKeyDown</span><span style="color:rgb(102,102,0)">(</span><span style="color:rgb(0,0,0)">keyCode</span><span style="color:rgb(102,102,0)">,</span><span style="color:rgb(0,0,0)"> </span><span style="color:rgb(0,0,136)">event</span><span style="color:rgb(102,102,0)">);</span><span style="color:rgb(0,0,0)"><br></span><span style="color:rgb(102,102,0)">}</span></pre></div><div><br></div><div>Obviously that it not what we do, but it could be done easy also by app that uses our oath2 library.</div></div></div></blockquote><div><br></div><div>ha! cool :) that's a 'nice' feature :))</div><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word"><div><span class=""><br><blockquote type="cite"><br>@summersp @passos do you have plan to move to external browser?<br><br>Erik started working on Oauth2 Android with embedded view, but if we’re planning to move to ext. browser maybe it's worth putting the plugin implementation on hold untill we got that?<br></blockquote><div><br></div></span><div>I guess because of the WebView I have to use the aar as a dependency for the plugin. </div></div></div></blockquote><div><br></div><div>sounds like using external browser will not only help overall security, it will also help our Cordova plugin.</div><div><br></div><div>one more reason, while the security one is a stronger argument ;-)</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word"><div><div>This is not supported by cordova, but it will be supported in version 4.0 So I hope that using the external browser will make using the aar no longer needed. As this will mean like for iOS a lot of manual steps needed to get the plugin to work and no JBDS support for this plugin.</div><div><br></div><div>Cheers,</div><div><span style="white-space:pre-wrap"> </span>Erik Jan</div></div></div><br>_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature">Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a></div>
</div></div>