<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Thanks for your advise Matthias, <br>
<br>
I understand that categories are the strong feature of UPS letting
you to send a push notification to one or more categories and then
notification will arrive to all devices subscribed to those
categories. <br>
In my case the categories don't help a lot because members of our
course sites change frequently and maintain this relationship
device-categories would be very difficult to maintain. For this
reason I thought to use alias instead of categories. <br>
<br>
By the other hand I understand that in the authentication methods
you pasted me relays security on the APP code execution. If code
is native like those you put, the risk to be hacked is less than
using a framework like cordova. I'm using aerogear cordova push
plug-in and if I want to authenticate first I must do it on JS and
it's very vulnerable.<br>
<br>
I know that I always have the options of change my development
framework stack or build my "vitamined" cordova plugin, but I want
to look for other options first :-D<br>
<br>
In the last paragraph I wrote in my last email I mean that in
order to use cordova plugin you must provide JSON object with
parameter senderID, variantID, variantSecret. In hybrid apps those
parameter are exposed to be read them easily and it's also easy to
manipulate REST calls to the UPS to associate the device to other
categories or assign other alias ... just it. I was looking to
proxy-ing to be sure that alias was the same that the username
that logged in the Backend.<br>
<br>
Sorry for bothering you guys.<br>
<br>
Alex.<br>
<br>
<br>
<br>
<br>
El 19/05/15 a les 12:03, Matthias Wessendorf ha escrit:<br>
</div>
<blockquote
cite="mid:CAAg5f2S8=p+yGZuKG0rsStwfoAWmJhjK_1cCaTxO9Bp1FVQtBw@mail.gmail.com"
type="cite">
<div dir="ltr"><br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, May 19, 2015 at 9:40 AM, Alex
Ballesté <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:alexandre.balleste@udl.cat" target="_blank">alexandre.balleste@udl.cat</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>Hi Erik, thanks for answering so quickly. I still
have some gaps in my mind; I'm sure that is because my
inexperience in that area. Maybe I was wrong choosing
UPS for covering use case that was not designed for
but I still think (correct me if I'm wrong) that this
scenario is possible:<br>
<br>
Our Learning Management System (LMS) Sakai distributes
users into "sites" corresponding to courses. Each
student belong to many sites. An instructor from a
course can send announcements, messages, upload
resources, etc to a particular course site and those
are only visible to the members of the site. <br>
<br>
We would like to reproduce that behaviour with UPS.
When a user sends an announcement to site (and a
checkbox is marked) it sends the notification to the
Messaging backend who automatically sends the
notification with an array of alias filled with the
"username" of members of that site. It helps to us to
limit who receives a notification from which site ...
<br>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>we have a category</div>
<div><br>
</div>
<div>the users device just subscribes to a category or more.</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>Now, on the backend, so something like:</div>
<div><br>
</div>
<div>
<div>final UnifiedMessage unifiedMessage = UnifiedMessage</div>
<div> .withMessage()</div>
<div> .alert("Some Text")</div>
<div> .sound("default")</div>
<div> .criteria()</div>
<div> .categories("Class A") // or pass in more...
if desired</div>
<div>.build();</div>
<div><br>
</div>
<div>sender.send(unifiedMessage, () -></div>
<div> <a moz-do-not-send="true"
href="http://logger.info">logger.info</a>("successful
delivery to UPS returned")</div>
<div>);</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div> <br>
Our intention with our APP is to authenticate first,
to be sure that is an student of our university, so
registration to the UPS must be done when auth succeed
(don't let anybody who downloaded the app register to
the UPS if don't belong to our institution).<br>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>yes, we do that too:</div>
<div>iOS: <a moz-do-not-send="true"
href="https://github.com/aerogear/aerogear-ios-cookbook/blob/1.6.x/AeroDoc/AeroDoc/Classes/Controllers/AGLoginViewController.m#L153-L174">https://github.com/aerogear/aerogear-ios-cookbook/blob/1.6.x/AeroDoc/AeroDoc/Classes/Controllers/AGLoginViewController.m#L153-L174</a></div>
<div>Andrid: <a moz-do-not-send="true"
href="https://github.com/aerogear/aerogear-android-cookbook/blob/27b9791713b9c77a2f01600ab487e8467cc62431/AeroDoc/app/src/main/java/org/jboss/aerogear/android/cookbook/aerodoc/activities/AeroDocActivity.java#L158-L167">https://github.com/aerogear/aerogear-android-cookbook/blob/27b9791713b9c77a2f01600ab487e8467cc62431/AeroDoc/app/src/main/java/org/jboss/aerogear/android/cookbook/aerodoc/activities/AeroDocActivity.java#L158-L167</a></div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div> <br>
Any time, user can choose to disconnect his account
from the APP, so we developed that when user
disconnects their account from the APP it calls to
unregister, because we don't want that the APP
receives more notifications. (Maybe that is our first
mistake?)<br>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>remove the cateory</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>I don't know how the UPS protects from another app
to use the same projectID to register to the service
(I'll dive deeper to be sure I'm doing things well),
but I can't imagine another way to prevent that a
user with our APP manipulate the calls to UPS with
other alias or categories, exposing the notifications
created from other LMS sites. I know that it's not a
critical situation because notifications should be not
used to send sensitive data, but we would like to
prevent it in some way. <br>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>not sure what you mean here </div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div> <br>
Thanks,<br>
<br>
Alex.<br>
<br>
<br>
<br>
El 18/05/15 a les 14:47, Erik Jan de Wit ha escrit:<br>
</div>
<div>
<div class="h5">
<blockquote type="cite">
<pre>The problem is that you don't want/need to call unregister in a normal
flow. Unregister is used for instance when a new version of you app
drops support for push notifications.
I don't get why you are proxy-ing the requests to UPS, because you
cannot have 2 applications receiving the same push notifications. On
iOS the bundle id makes sure of that, and on android there is the
unique project id. So even if a second app would register with UPS it
will not get the push notifications.
On Mon, May 18, 2015 at 2:12 PM, Alex Ballesté
<a moz-do-not-send="true" href="mailto:alexandre.balleste@udl.cat" target="_blank"><alexandre.balleste@udl.cat></a> wrote:
</pre>
<blockquote type="cite">
<pre>Hi, I'm developing a mobile app for android and ios for our University. It
will use AeroGear Unified Push Server to send notifications to students when
a new announcement is sent in our LMS.
We are developing the app with ionic framework and we are using the register
and unregister process through a custom backend service instead of direct
from device.
We use the cordova plugin and we call registers and unregister JS methods,
but we don't point to the push server endpoint, but backend server instead.
Once the Backend server gets the requests it creates a new request to Push
server providing variantSecret and variantID; the response received is sent
back to the app.
We would like to use this flow for security reasons. We want to avoid that
the users do their own apps and use those values to register and supply
alias to get users notifications. So backend handles the security (tokens,
deviceids, usernames, ... ) and if everything is ok then proxies then
backend generates a new request fullfilling alias and real authentication
parameters and the received parameters from app. We achieved the registation
and unregistration, but when unregistration process is done if we do a new
re-registration then we got a success response, but then notification didn't
arrive.
Has anybody did something similar to this approximation? Do you have any
advise or trick that would be useful for us?
Thanks in advance
Alex
--
Alexandre Ballesté Crevillén alexandre.balleste at <a moz-do-not-send="true" href="http://udl.cat" target="_blank">udl.cat</a>
====================
Universitat de Lleida
Àrea de sistemes d'Informació i Comunicacions
Analista/Programador
University of Lleida
Information and Communication Systems Service
Tlf: <a moz-do-not-send="true" href="tel:%2B34%20973%20702148" value="+34973702148" target="_blank">+34 973 702148</a>
Fax: <a moz-do-not-send="true" href="tel:%2B34%20973%20702130" value="+34973702130" target="_blank">+34 973 702130</a>
=====================
Avís legal/Aviso legal/Avertiment legal/Legal notice
_______________________________________________
Aerogear-users mailing list
<a moz-do-not-send="true" href="mailto:Aerogear-users@lists.jboss.org" target="_blank">Aerogear-users@lists.jboss.org</a>
<a moz-do-not-send="true" href="https://lists.jboss.org/mailman/listinfo/aerogear-users" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-users</a>
</pre>
</blockquote>
</blockquote>
<br>
<br>
<div>-- <br>
<p>Alexandre Ballesté Crevillén alexandre.balleste
at <a moz-do-not-send="true"
href="http://udl.cat" target="_blank">udl.cat</a><br>
====================<br>
Universitat de Lleida<br>
</p>
<p>Àrea de sistemes d'Informació i Comunicacions</p>
<p>Analista/Programador</p>
<br>
<p>University of Lleida</p>
<p>Information and Communication Systems Service</p>
<br>
<p>Tlf: <a moz-do-not-send="true"
href="tel:%2B34%20973%20702148"
value="+34973702148" target="_blank">+34 973
702148</a></p>
<p>Fax: <a moz-do-not-send="true"
href="tel:%2B34%20973%20702130"
value="+34973702130" target="_blank">+34 973
702130</a></p>
<p>=====================</p>
<p> <a moz-do-not-send="true"
href="http://www.imatge.udl.cat/avis_legal_lopd.html"
target="_blank">Avís legal/Aviso
legal/Avertiment legal/Legal notice</a> </p>
</div>
</div>
</div>
</div>
<br>
_______________________________________________<br>
Aerogear-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:Aerogear-users@lists.jboss.org">Aerogear-users@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/aerogear-users"
target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-users</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="gmail_signature">Matthias Wessendorf <br>
<br>
blog: <a moz-do-not-send="true"
href="http://matthiaswessendorf.wordpress.com/"
target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
sessions: <a moz-do-not-send="true"
href="http://www.slideshare.net/mwessendorf"
target="_blank">http://www.slideshare.net/mwessendorf</a><br>
twitter: <a moz-do-not-send="true"
href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a></div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Aerogear-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Aerogear-users@lists.jboss.org">Aerogear-users@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/aerogear-users">https://lists.jboss.org/mailman/listinfo/aerogear-users</a>
</pre>
</blockquote>
<br>
<br>
<div class="moz-signature">-- <br>
<p>Alexandre Ballesté Crevillén alexandre.balleste at udl.cat<br>
====================<br>
Universitat de Lleida<br>
</p>
<p>Àrea de sistemes d'Informació i Comunicacions</p>
<p>Analista/Programador</p>
<br>
<p>University of Lleida</p>
<p>Information and Communication Systems Service</p>
<br>
<p>Tlf: +34 973 702148</p>
<p>Fax: +34 973 702130</p>
<p>=====================</p>
<p>
<a href="http://www.imatge.udl.cat/avis_legal_lopd.html">Avís
legal/Aviso legal/Avertiment legal/Legal notice</a>
</p>
</div>
</body>
</html>