On 2015-02-03, Corinne Krych wrote:
> On 02 Feb 2015, at 20:28, Bruno Oliveira <bruno(a)abstractj.org> wrote:
> Good morning, I was reviewing our SDK for iOS and I have few questions:
> 1. For example at Shoot app. Why our users have to configure to insert
> the app ID at Shoot-Info.plist and also insert the same app ID at
> ViewController? I was just wondering that once the app ID is informed,
> you don't need to inform it again.
good point go ahead if you feel like pull requesting, if not create a JIRA for 2.2
Sure will do!
> 2. We have a note:
> "Because this demo securely stores OAuth2 tokens in your iOS keychain,
> we chosen to use WhenPasscodeSet policy as a result to run this app you
> need to have your passcode set"
> I think that's amazing, but at the same time we instruct our devs, to
> insert the client secret hard coded into the app. Something like:
> let facebookConfig = FacebookConfig(
> clientId: "XXXXXX",
> clientSecret: "42",
> scopes:["photo_upload, publish_actions"])
> Doing the reverse engineering of the app, would permit me to get the
> secret and mimic your FB app.
> So I would like to remove the need to input the same information twice
> and encrypt the client secret using password based encryption.
Oki where do you want to store the encryption key? Keychain?
I think this is a good scenario for offline. The developer would be able
to insert the secret in clear text and based on the private key stored
in the Keychain, we encrypt it.
I will turn both in Jiras and this will be included for offline.
Thanks for the feedback
> Let me know what do you think and I will start to file Jiras to myself.
> Note: This is not an issue specific to iOS. All the projects will get
> the same love and feedback.
> PGP: 0x84DC9914
> aerogear-dev mailing list
aerogear-dev mailing list