On Mon, Nov 24, 2014 at 7:02 AM, Erik Jan de Wit <edewit(a)redhat.com> wrote:
On 24 Nov,2014, at 9:43 , Corinne Krych <corinnekrych(a)gmail.com> wrote:
I think the best approach is to go external browser, one of the main issue
with embedded view is that the user stills have to enter credentials in
native app. Although it might offer a better UX experience not switching
apps, it’s seen as less secure. My preference would be to go external. On
iOS, the re-enter app is solved using URI schema. The same approach is used
fro Cordova plugin, the schema is configured in the config.xml cordova
file.
Yes, because when using a WebView the app could override onKeyDown and get
your password:
@Override
public boolean onKeyDown
<
http://developer.android.com/reference/android/app/Activity.html#onKeyDow...
keyCode, KeyEvent event) {
// I’m getting your password here
return super.onKeyDown(keyCode, event);
}
Obviously that it not what we do, but it could be done easy also by app
that uses our oath2 library.
@summersp @passos do you have plan to move to external browser?
Erik started working on Oauth2 Android with embedded view, but if we’re
planning to move to ext. browser maybe it's worth putting the plugin
implementation on hold untill we got that?
I guess because of the WebView I have to use the aar as a dependency for
the plugin. This is not supported by cordova, but it will be supported in
version 4.0 So I hope that using the external browser will make using the
aar no longer needed. As this will mean like for iOS a lot of manual steps
needed to get the plugin to work and no JBDS support for this plugin.
I'm not sure if use external browser will make aar no longer needed. Btw
use aar instead of jar is the correct thing to do.
Cheers,
Erik Jan
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev