Re: [aerogear-dev] iOS SDK for OAuth2

On 02 Feb 2015, at 20:28, Bruno Oliveira <bruno(a)abstractj.org&gt; wrote: Good morning, I was reviewing our SDK for iOS and I have few questions: 1. For example at Shoot app. Why our users have to configure to insert the app ID at Shoot-Info.plist and also insert the same app ID at ViewController? I was just wondering that once the app ID is informed, you don't need to inform it again.

2. We have a note: "Because this demo securely stores OAuth2 tokens in your iOS keychain, we chosen to use WhenPasscodeSet policy as a result to run this app you need to have your passcode set" I think that's amazing, but at the same time we instruct our devs, to insert the client secret hard coded into the app. Something like: let facebookConfig = FacebookConfig( clientId: "XXXXXX", clientSecret: "42", scopes:["photo_upload, publish_actions"]) Doing the reverse engineering of the app, would permit me to get the secret and mimic your FB app. So I would like to remove the need to input the same information twice and encrypt the client secret using password based encryption.

Let me know what do you think and I will start to file Jiras to myself. Note: This is not an issue specific to iOS. All the projects will get the same love and feedback. -- abstractj PGP: 0x84DC9914 _______________________________________________ aerogear-dev mailing list aerogear-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/aerogear-dev