Shoot and Share design
by Summers Pittman
Now that we have two Shoot and Share impl's I'm hoping to get some
design work going on with them.
Right now we need an icon. I'm sure if there is a wild designer on this
list we will get awesome input.
(ppsssst agalante that's your cue).
--
Summers Pittman
>>Phone:404 941 4698
>>Java is my crack.
11 years, 4 months
Security advice for UnifiedPush Server
by Andreas Røsdal
Hello!
I would like to security advice for running the Aerogear UnifiedPush Server
for sending Push messages to an iPhone app. The app-server is Wildfly, and
HTTPS is enabled. It is important to prevent unauthorized push messages
from being sent. Do you have any documentation or general advice for
securing Aerogear UnifiedPush Server?
I would like to setup firewall rules to prevent users on the internet to
log in to the UnifiedPush Admin gui /ag-push/ while still allowing
registration of iPhone app/device tokens though the same UnifiedPush Admin
server. What kind of URL pattern can I use to prevent admin logins
externally?
Regards,
Andreas R.
11 years, 4 months
[UPS] Import/Export of installations
by Sebastien Blanc
Hi,
I would like to start a discussion around the import/export of
installations in UPS. To track all the tasks, we have a ticket[1] also
containing some sub-tasks.
<https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#scope>Scope
For now we stick to installations, meanning we can import or export
installations from a particular Variant. Import/Export for Variants will
maybe come later but due to some security issues (mainly for iOS
cert/passphrase) it's on hold.
<https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#import-service>Import
Service
That's an easy one ;) since the service already exist [2]. It's a REST
service and it uses the VariantId/Secret combination to authenticate.
Data format looks like :
[
{
"deviceToken" : "someTokenString",
"deviceType" : "iPad",
"operatingSystem" : "iOS",
"osVersion" : "6.1.2",
"alias" : "someUsername or email adress...",
"categories" : ["football", "sport"]
},
{
"deviceToken" : "someOtherTokenString",
...
},
...
]
<https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#export-service>Export
Service
Like import, it will use the variantId/secret combo to authenticate and
retrieve the right variant to export the installations. The data structure
format would of course looks like the one used for import.
<https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#output-format>Output
format
How should provide the exported data ? I need your input here 1. Raw Json ?
2. Json file ? 3. Zip / tarball ?
<https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#ui>UI
UI should be a *nice to have*
I would suggest to add 2 items (import and export) in the contextual menu
that you can see in this screenshot :
<https://camo.githubusercontent.com/94f19f69e50a217e89363aefe52912c9b33f63...>
For import, the user will have a file input and feedback on how many
installations were imported. For export, the user just have to press an
export button
<https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#migration-issues>Migration
issues
So, that is a very important point that I would like to discuss. Even if we
are able to import installations, the *variantID_ and the __variantSecret* will
not match with those that are in the Clients.
Imagine the following scenario : I export 15000 installations, my
datacenter burns, I create a new UPS instance, with a new Push App and a
new Variant (so new VariantID and VariantSecret), then I inport the
installations. Well, my 15000 clients will point to the wrong variant. For
sure, they can be updated but that might not always be an option.
That is why I would like suggest the following change : Make *VariantId*
and *VariantSecret* editable, so after someone has done an import he can
change the values of the variants so it matches the clients.
I know we had this discussion before, but in the future we might want to
change the naming around VariantId and VariantSecret, to me it sounds more
like *variantAPIKey* / *variantAPISecret*
wdyt ?
<https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#security>
Security
As said before, import/export uses variantId/variantSecret to authenticate.
So if someone has access to these keys he could make a malicious import of
500k installations. What should we do for that ? We could give this access
only to authenticated "console" users but then it would be hard to expose
import/export as rest service (because of KC implication)
Please comment, ask questions , be crazy ...
Sebi
[1] https://issues.jboss.org/browse/AGPUSH-978
[2]
http://aerogear.org/docs/specs/aerogear-unifiedpush-rest/registry/device/...
11 years, 4 months
External vs Embedded browser for OAuth2 libs and Cordova plugin
by Corinne Krych
Hello Guys,
Erik did some great progress on OAuth2 iOS plugin using external browser approach. Some workarounds are needed for iOS because of Swift based plugin and are documented here:
https://github.com/edewit/aerogear-oauth2-plugin#workaround-for-ios
As descibed in the readme instruction:
https://github.com/edewit/aerogear-oauth2-plugin#aerogear-oauth2-cordova
I think the best approach is to go external browser, one of the main issue with embedded view is that the user stills have to enter credentials in native app. Although it might offer a better UX experience not switching apps, it’s seen as less secure. My preference would be to go external. On iOS, the re-enter app is solved using URI schema. The same approach is used fro Cordova plugin, the schema is configured in the config.xml cordova file.
@summersp @passos do you have plan to move to external browser?
Erik started working on Oauth2 Android with embedded view, but if we’re planning to move to ext. browser maybe it's worth putting the plugin implementation on hold untill we got that?
++
Corinne
—————
AeroGear iOS tech lead
11 years, 4 months
[UPS] APNS issue
by Vivek Pandey
Hello Guys,
We are facing an issue in our deployment where if there is any invalid APNS
token, all subsequent messages are dropped/not delivered.
I noticed that Matthias is already working on this
https://github.com/notnoop/java-apns/issues/124
I was hoping if you could point me to related UPS issue so that I can get an
idea about expected time of fix.
Thanks,
Vivek
This message may contain privileged and confidential information and is solely for the use of intended recipient. The views expressed in this email are those of the sender and not of Pine Labs. The recipient should check this email and attachments for the presence of viruses / malwares etc. Pine Labs accepts no liability for any damage caused by any virus transmitted by this email. Pine Labs may monitor and record all emails.
11 years, 4 months
