On Wed, Feb 26, 2014 at 11:38 AM, Erik Jan de Wit <edewit(a)redhat.com> wrote:
Now the Javascript can verify that the callback is a function because it's
> no longer a string and the need for a separate successHandler is overrated
> as you will either get messages or your errorHandler gets invoked.
>
I like the idea of passing in a function (instead of a string), for the
notification handling.
However, the successHandler was meant to give feedback if registration w/
UPS was successful or not. Should we really remove that hook ?
Well you still will get that feedback, errorHandler will be invoked when
it wan't successful
:-) figured that out after I sent my first mail :)))
> Till now all these changes can be made on the plugin, but we could take
> it even further. Two things that are still platform dependent the senderId
> and the variantID/secret. Now senderId is 'known' by UPS so why do we need
> to specify it here? We could make senderId part of the response when
> registering a device on UPS then the client doesn't need to specify it and
> all configuration is in one place.
>
It's optional on UPS, as only really Android clients need it. And I think
originally Luke just added the 'senderID' to UPS for having something handy
(copy/paste usage).
So, I am not sure on that one, as that means we now have to enforce
Android Variants always get the senderID attribute. Could be done, yes, but
I am not sure.
Hmm, right it's optional then this maybe not the greatest idea
> That leaves variantID/secret and that is the boldest proposal. How about
> we make it possible to register for an application instead for a specific
> variant? Then based on the meta information (deviceType, operatingSystem
> and osVersion) we choose the right variant.
>
-1
we should never 'deploy' the masterSecret and the applicationID on
clients. If that information is stolen (easy on devices), you can start
sending dirty assaults to ALL the devices for that application. Same w/ all
the different providers like Parse, Stackmob etc: they all use a
MasterKey/Password for the actual send. And they _highly_ recommend NOT
applying that to the clients (it's easy to leak that information)
Right didn't think about that, this together with the objections that
Sebastien has makes this a definite no go.
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
Matthias Wessendorf
blog:
http://matthiaswessendorf.wordpress.com/
sessions:
http://www.slideshare.net/mwessendorf
twitter:
http://twitter.com/mwessendorf