7:04 a.m.
Hi,
We discussed this before, using the swift iOS libs for cordova is not really great. When
building cordova app as a developer I shouldn’t have to fire up Xcode to run or test my
applications. Because the project that is used by cordova right now doesn’t support swift
you’ll have to change settings in Xcode after installing the plugin to make it work again.
So I suggest for the Oauth2 plugin we make it a javascript only plugin and depend on the
inappbrowser, in this specific case I don’t think using the native parts will improve
security (correct me I’ve I’m wrong)
This will enable us to keep our roadmap and in time cordova will merge our PR and swift
will be supported.
WDYT,
Erik Jan
7:12 a.m.
What about making a specific Keycloak Cordova plugin ?
Most of the work is done with keycloak.js but the plugin could install the
inappbrowser for us and expose keycloak.js ?
Small plugin but useful (at least for me ;)
On Mon, Nov 10, 2014 at 2:04 PM, Erik Jan de Wit <edewit(a)redhat.com> wrote:
Hi,
We discussed this before, using the swift iOS libs for cordova is not
really great. When building cordova app as a developer I shouldn’t have to
fire up Xcode to run or test my applications. Because the project that is
used by cordova right now doesn’t support swift you’ll have to change
settings in Xcode after installing the plugin to make it work again.
So I suggest for the Oauth2 plugin we make it a javascript only plugin and
depend on the inappbrowser, in this specific case I don’t think using the
native parts will improve security (correct me I’ve I’m wrong)
This will enable us to keep our roadmap and in time cordova will merge our
PR and swift will be supported.
WDYT,
Erik Jan
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
5:18 a.m.
So the idea is to make use of implicit grants like JS does, right? And
this is what you're suggesting
https://docs.auth0.com/native-platforms/cordova ?
On 2014-11-10, Erik Jan de Wit wrote:
Hi,
We discussed this before, using the swift iOS libs for cordova is not really great. When
building cordova app as a developer I shouldn’t have to fire up Xcode to run or test my
applications. Because the project that is used by cordova right now doesn’t support swift
you’ll have to change settings in Xcode after installing the plugin to make it work
again.
So I suggest for the Oauth2 plugin we make it a javascript only plugin and depend on the
inappbrowser, in this specific case I don’t think using the native parts will improve
security (correct me I’ve I’m wrong)
This will enable us to keep our roadmap and in time cordova will merge our PR and swift
will be supported.
WDYT,
Erik Jan
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
abstractj
PGP: 0x84DC9914
5:57 a.m.
On 11 Nov,2014, at 12:18 , Bruno Oliveira <bruno(a)abstractj.org> wrote:
So the idea is to make use of implicit grants like JS does, right?
And
this is what you're suggesting
https://docs.auth0.com/native-platforms/cordova ?
Right, but then it will be a plugin that will be combine these things so that there are no
manual steps needed so after installing the plugin you could do:
oauth2.google("517285908032-l580qf378r0jg5l9ebt52ugvbp5vvf06.apps.googleusercontent.com",
['openid', 'email'])
.then(function (result) {
console.log(result);
}, function (error) {
alert(error);
});
6:10 a.m.
Gotcha, so the idea is to make use of the same approach from ag-js?
On 2014-11-11, Erik Jan de Wit wrote:
On 11 Nov,2014, at 12:18 , Bruno Oliveira <bruno(a)abstractj.org> wrote:
> So the idea is to make use of implicit grants like JS does, right? And
> this is what you're suggesting
> https://docs.auth0.com/native-platforms/cordova ?
>
Right, but then it will be a plugin that will be combine these things so that there are
no manual steps needed so after installing the plugin you could do:
oauth2.google("517285908032-l580qf378r0jg5l9ebt52ugvbp5vvf06.apps.googleusercontent.com",
['openid', 'email'])
.then(function (result) {
console.log(result);
}, function (error) {
alert(error);
});
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
abstractj
PGP: 0x84DC9914
6:20 a.m.
But with implicit grant you won't get refresh tokens.
So you dont offer the same fluid features like the natives experience...
++
Corinne
Sent from my iPhone
On 11 nov. 2014, at 13:12, Erik Jan de Wit <edewit(a)redhat.com>
wrote:
> On 11 Nov,2014, at 13:10 , Bruno Oliveira <bruno(a)abstractj.org> wrote:
>
> Gotcha, so the idea is to make use of the same approach from ag-js?
Right, but then use InAppBrowser so that you can use it more easily on cordova
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
6:39 a.m.
I thought, correct me if I’m wrong, that mobile and javascript apps cannot use anything
other then implicit grant. As the whole switching to the browser can be intercepted and
therefore mobile client cannot be trusted to keep the secret.
On 11 Nov,2014, at 13:20 , Corinne <corinnekrych(a)gmail.com> wrote:
But with implicit grant you won't get refresh tokens.
So you dont offer the same fluid features like the natives experience...
++
Corinne
Sent from my iPhone
> On 11 nov. 2014, at 13:12, Erik Jan de Wit <edewit(a)redhat.com> wrote:
>
>
>> On 11 Nov,2014, at 13:10 , Bruno Oliveira <bruno(a)abstractj.org> wrote:
>>
>> Gotcha, so the idea is to make use of the same approach from ag-js?
>
> Right, but then use InAppBrowser so that you can use it more easily on cordova
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
7:34 a.m.
That's the point of proving a cordova plugin to store those tokens in natives secured
storage.
Doing a cordova plugin with implicit grant miss the point.
Sent from my iPhone
On 11 nov. 2014, at 13:39, Erik Jan de Wit <edewit(a)redhat.com>
wrote:
I thought, correct me if I’m wrong, that mobile and javascript apps cannot use anything
other then implicit grant. As the whole switching to the browser can be intercepted and
therefore mobile client cannot be trusted to keep the secret.
> On 11 Nov,2014, at 13:20 , Corinne <corinnekrych(a)gmail.com> wrote:
>
> But with implicit grant you won't get refresh tokens.
> So you dont offer the same fluid features like the natives experience...
>
> ++
> Corinne
>
> Sent from my iPhone
>
>> On 11 nov. 2014, at 13:12, Erik Jan de Wit <edewit(a)redhat.com> wrote:
>>
>>
>>> On 11 Nov,2014, at 13:10 , Bruno Oliveira <bruno(a)abstractj.org> wrote:
>>>
>>> Gotcha, so the idea is to make use of the same approach from ag-js?
>>
>> Right, but then use InAppBrowser so that you can use it more easily on cordova
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
7:36 a.m.
Agreed, Implicit grant is only needed for pure JS apps,
On Nov 11, 2014, at 8:34 AM, Corinne <corinnekrych(a)gmail.com>
wrote:
That's the point of proving a cordova plugin to store those tokens in natives secured
storage.
Doing a cordova plugin with implicit grant miss the point.
Sent from my iPhone
> On 11 nov. 2014, at 13:39, Erik Jan de Wit <edewit(a)redhat.com> wrote:
>
> I thought, correct me if I’m wrong, that mobile and javascript apps cannot use
anything other then implicit grant. As the whole switching to the browser can be
intercepted and therefore mobile client cannot be trusted to keep the secret.
>
>> On 11 Nov,2014, at 13:20 , Corinne <corinnekrych(a)gmail.com> wrote:
>>
>> But with implicit grant you won't get refresh tokens.
>> So you dont offer the same fluid features like the natives experience...
>>
>> ++
>> Corinne
>>
>> Sent from my iPhone
>>
>>> On 11 nov. 2014, at 13:12, Erik Jan de Wit <edewit(a)redhat.com> wrote:
>>>
>>>
>>>> On 11 Nov,2014, at 13:10 , Bruno Oliveira <bruno(a)abstractj.org>
wrote:
>>>>
>>>> Gotcha, so the idea is to make use of the same approach from ag-js?
>>>
>>> Right, but then use InAppBrowser so that you can use it more easily on
cordova
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev(a)lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
8:33 a.m.
So I might be to paranoid, but with security there is no such thing as being to paranoid.
So if a javascript based Cordova plugin with InAppBrowser makes no sense then I suggest
postponing the OAuth2 plugin until swift is supported by Cordova.
8:42 a.m.
Agreed let's not jump to quickly into conclusions. Lets review roadmap
I'll take a closer look next week
++
Corinne
Sent from my iPhone
On 11 nov. 2014, at 15:33, Erik Jan de Wit <edewit(a)redhat.com>
wrote:
So I might be to paranoid, but with security there is no such thing as being to paranoid.
So if a javascript based Cordova plugin with InAppBrowser makes no sense then I suggest
postponing the OAuth2 plugin until swift is supported by Cordova.
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
1:05 a.m.
On 2014-11-11, Corinne wrote:
That's the point of proving a cordova plugin to store those
tokens in natives secured storage.
Doing a cordova plugin with implicit grant miss the point.
+1 agreed on that
Sent from my iPhone
> On 11 nov. 2014, at 13:39, Erik Jan de Wit <edewit(a)redhat.com> wrote:
>
> I thought, correct me if I’m wrong, that mobile and javascript apps cannot use
anything other then implicit grant. As the whole switching to the browser can be
intercepted and therefore mobile client cannot be trusted to keep the secret.
>
>> On 11 Nov,2014, at 13:20 , Corinne <corinnekrych(a)gmail.com> wrote:
>>
>> But with implicit grant you won't get refresh tokens.
>> So you dont offer the same fluid features like the natives experience...
>>
>> ++
>> Corinne
>>
>> Sent from my iPhone
>>
>>> On 11 nov. 2014, at 13:12, Erik Jan de Wit <edewit(a)redhat.com> wrote:
>>>
>>>
>>>> On 11 Nov,2014, at 13:10 , Bruno Oliveira <bruno(a)abstractj.org>
wrote:
>>>>
>>>> Gotcha, so the idea is to make use of the same approach from ag-js?
>>>
>>> Right, but then use InAppBrowser so that you can use it more easily on
cordova
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev(a)lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
abstractj
PGP: 0x84DC9914
3692
days inactive
3694
days old
12 comments
5 participants
participants (5)
-
Bruno Oliveira -
Corinne -
Erik Jan de Wit -
Lucas Holmquist -
Sebastien Blanc