9:43 a.m.
Hello Guys,
Erik did some great progress on OAuth2 iOS plugin using external browser approach. Some
workarounds are needed for iOS because of Swift based plugin and are documented here:
https://github.com/edewit/aerogear-oauth2-plugin#workaround-for-ios
As descibed in the readme instruction:
https://github.com/edewit/aerogear-oauth2-plugin#aerogear-oauth2-cordova
I think the best approach is to go external browser, one of the main issue with embedded
view is that the user stills have to enter credentials in native app. Although it might
offer a better UX experience not switching apps, it’s seen as less secure. My preference
would be to go external. On iOS, the re-enter app is solved using URI schema. The same
approach is used fro Cordova plugin, the schema is configured in the config.xml cordova
file.
@summersp @passos do you have plan to move to external browser?
Erik started working on Oauth2 Android with embedded view, but if we’re planning to move
to ext. browser maybe it's worth putting the plugin implementation on hold untill we
got that?
++
Corinne
—————
AeroGear iOS tech lead
10:02 a.m.
On 24 Nov,2014, at 9:43 , Corinne Krych <corinnekrych(a)gmail.com> wrote:
I think the best approach is to go external browser, one of the main
issue with embedded view is that the user stills have to enter credentials in native app.
Although it might offer a better UX experience not switching apps, it’s seen as less
secure. My preference would be to go external. On iOS, the re-enter app is solved using
URI schema. The same approach is used fro Cordova plugin, the schema is configured in the
config.xml cordova file.
Yes, because when using a WebView the app could override onKeyDown and get your password:
@Override
public boolean onKeyDown(int keyCode, KeyEvent event) {
// I’m getting your password here
return super.onKeyDown(keyCode, event);
}
Obviously that it not what we do, but it could be done easy also by app that uses our
oath2 library.
@summersp @passos do you have plan to move to external browser?
Erik started working on Oauth2 Android with embedded view, but if we’re planning to move
to ext. browser maybe it's worth putting the plugin implementation on hold untill we
got that?
I guess because of the WebView I have to use the aar as a dependency for the plugin. This
is not supported by cordova, but it will be supported in version 4.0 So I hope that using
the external browser will make using the aar no longer needed. As this will mean like for
iOS a lot of manual steps needed to get the plugin to work and no JBDS support for this
plugin.
Cheers,
Erik Jan
10:42 a.m.
On Mon, Nov 24, 2014 at 10:02 AM, Erik Jan de Wit <edewit(a)redhat.com> wrote:
On 24 Nov,2014, at 9:43 , Corinne Krych <corinnekrych(a)gmail.com> wrote:
I think the best approach is to go external browser, one of the main issue
with embedded view is that the user stills have to enter credentials in
native app. Although it might offer a better UX experience not switching
apps, it’s seen as less secure. My preference would be to go external. On
iOS, the re-enter app is solved using URI schema. The same approach is used
fro Cordova plugin, the schema is configured in the config.xml cordova
file.
Yes, because when using a WebView the app could override onKeyDown and get
your password:
@Override
public boolean onKeyDown
<http://developer.android.com/reference/android/app/Activity.html#onKeyDow...
keyCode, KeyEvent event) {
// I’m getting your password here
return super.onKeyDown(keyCode, event);
}
Obviously that it not what we do, but it could be done easy also by app
that uses our oath2 library.
ha! cool :) that's a 'nice' feature :))
@summersp @passos do you have plan to move to external browser?
Erik started working on Oauth2 Android with embedded view, but if we’re
planning to move to ext. browser maybe it's worth putting the plugin
implementation on hold untill we got that?
I guess because of the WebView I have to use the aar as a dependency for
the plugin.
sounds like using external browser will not only help overall security, it
will also help our Cordova plugin.
one more reason, while the security one is a stronger argument ;-)
This is not supported by cordova, but it will be supported in version
4.0
So I hope that using the external browser will make using the aar no longer
needed. As this will mean like for iOS a lot of manual steps needed to get
the plugin to work and no JBDS support for this plugin.
Cheers,
Erik Jan
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
11:32 a.m.
On Mon, Nov 24, 2014 at 7:02 AM, Erik Jan de Wit <edewit(a)redhat.com> wrote:
On 24 Nov,2014, at 9:43 , Corinne Krych <corinnekrych(a)gmail.com> wrote:
I think the best approach is to go external browser, one of the main issue
with embedded view is that the user stills have to enter credentials in
native app. Although it might offer a better UX experience not switching
apps, it’s seen as less secure. My preference would be to go external. On
iOS, the re-enter app is solved using URI schema. The same approach is used
fro Cordova plugin, the schema is configured in the config.xml cordova
file.
Yes, because when using a WebView the app could override onKeyDown and get
your password:
@Override
public boolean onKeyDown
<http://developer.android.com/reference/android/app/Activity.html#onKeyDow...
keyCode, KeyEvent event) {
// I’m getting your password here
return super.onKeyDown(keyCode, event);
}
Obviously that it not what we do, but it could be done easy also by app
that uses our oath2 library.
@summersp @passos do you have plan to move to external browser?
Erik started working on Oauth2 Android with embedded view, but if we’re
planning to move to ext. browser maybe it's worth putting the plugin
implementation on hold untill we got that?
I guess because of the WebView I have to use the aar as a dependency for
the plugin. This is not supported by cordova, but it will be supported in
version 4.0 So I hope that using the external browser will make using the
aar no longer needed. As this will mean like for iOS a lot of manual steps
needed to get the plugin to work and no JBDS support for this plugin.
I'm not sure if use external browser will make aar no longer needed. Btw
use aar instead of jar is the correct thing to do.
Cheers,
Erik Jan
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
11:35 a.m.
I guess because of the WebView I have to use the aar as a dependency
for the plugin. This is not supported by cordova, but it will be supported in version 4.0
So I hope that using the external browser will make using the aar no longer needed. As
this will mean like for iOS a lot of manual steps needed to get the plugin to work and no
JBDS support for this plugin.
I'm not sure if use external browser will make aar no longer needed. Btw use aar
instead of jar is the correct thing to do.
Correct, but unsupported for cordova
10:40 a.m.
On Mon, Nov 24, 2014 at 9:43 AM, Corinne Krych <corinnekrych(a)gmail.com>
wrote:
Hello Guys,
Erik did some great progress on OAuth2 iOS plugin using external browser
approach. Some workarounds are needed for iOS because of Swift based plugin
and are documented here:
https://github.com/edewit/aerogear-oauth2-plugin#workaround-for-ios
As descibed in the readme instruction:
https://github.com/edewit/aerogear-oauth2-plugin#aerogear-oauth2-cordova
I think the best approach is to go external browser, one of the main issue
with embedded view is that the user stills have to enter credentials in
native app. Although it might offer a better UX experience not switching
apps, it’s seen as less secure. My preference would be to go external.
+1
I think it makes sense to move our supported native platforms (Android /
iOS) to the more secure version, with the external browser - instead of
inlining with WebView.
Glad you bringing it up, Corinne
-M
On iOS, the re-enter app is solved using URI schema. The same
approach is
used fro Cordova plugin, the schema is configured in the config.xml cordova
file.
@summersp @passos do you have plan to move to external browser?
Erik started working on Oauth2 Android with embedded view, but if we’re
planning to move to ext. browser maybe it's worth putting the plugin
implementation on hold untill we got that?
++
Corinne
—————
AeroGear iOS tech lead
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
12:48 p.m.
I think we all already agreed that Webview is bad. At the same time, I
don't think we should hold the development, instead, document that
Webview will be replaced like Summers did for Android.
On 2014-11-24, Matthias Wessendorf wrote:
On Mon, Nov 24, 2014 at 9:43 AM, Corinne Krych
<corinnekrych(a)gmail.com>
wrote:
> Hello Guys,
>
> Erik did some great progress on OAuth2 iOS plugin using external browser
> approach. Some workarounds are needed for iOS because of Swift based plugin
> and are documented here:
> https://github.com/edewit/aerogear-oauth2-plugin#workaround-for-ios
>
> As descibed in the readme instruction:
> https://github.com/edewit/aerogear-oauth2-plugin#aerogear-oauth2-cordova
> I think the best approach is to go external browser, one of the main issue
> with embedded view is that the user stills have to enter credentials in
> native app. Although it might offer a better UX experience not switching
> apps, it’s seen as less secure. My preference would be to go external.
+1
I think it makes sense to move our supported native platforms (Android /
iOS) to the more secure version, with the external browser - instead of
inlining with WebView.
Glad you bringing it up, Corinne
-M
> On iOS, the re-enter app is solved using URI schema. The same approach is
> used fro Cordova plugin, the schema is configured in the config.xml cordova
> file.
>
> @summersp @passos do you have plan to move to external browser?
>
> Erik started working on Oauth2 Android with embedded view, but if we’re
> planning to move to ext. browser maybe it's worth putting the plugin
> implementation on hold untill we got that?
>
> ++
> Corinne
> —————
> AeroGear iOS tech lead
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
abstractj
PGP: 0x84DC9914
11:30 a.m.
On Mon, Nov 24, 2014 at 6:43 AM, Corinne Krych <corinnekrych(a)gmail.com>
wrote:
Hello Guys,
Erik did some great progress on OAuth2 iOS plugin using external browser
approach. Some workarounds are needed for iOS because of Swift based plugin
and are documented here:
https://github.com/edewit/aerogear-oauth2-plugin#workaround-for-ios
As descibed in the readme instruction:
https://github.com/edewit/aerogear-oauth2-plugin#aerogear-oauth2-cordova
I think the best approach is to go external browser, one of the main issue
with embedded view is that the user stills have to enter credentials in
native app. Although it might offer a better UX experience not switching
apps, it’s seen as less secure. My preference would be to go external. On
iOS, the re-enter app is solved using URI schema. The same approach is used
fro Cordova plugin, the schema is configured in the config.xml cordova file.
@summersp @passos do you have plan to move to external browser?
Yes => https://issues.jboss.org/browse/AGDROID-319
Erik started working on Oauth2 Android with embedded view, but if
we’re
planning to move to ext. browser maybe it's worth putting the plugin
implementation on hold untill we got that?
++
Corinne
—————
AeroGear iOS tech lead
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
11:54 a.m.
On 24 Nov 2014, at 11:30, Daniel Passos <daniel(a)passos.me>
wrote:
On Mon, Nov 24, 2014 at 6:43 AM, Corinne Krych <corinnekrych(a)gmail.com> wrote:
Hello Guys,
Erik did some great progress on OAuth2 iOS plugin using external browser approach. Some
workarounds are needed for iOS because of Swift based plugin and are documented here:
https://github.com/edewit/aerogear-oauth2-plugin#workaround-for-ios
As descibed in the readme instruction:
https://github.com/edewit/aerogear-oauth2-plugin#aerogear-oauth2-cordova
I think the best approach is to go external browser, one of the main issue with embedded
view is that the user stills have to enter credentials in native app. Although it might
offer a better UX experience not switching apps, it’s seen as less secure. My preference
would be to go external. On iOS, the re-enter app is solved using URI schema. The same
approach is used fro Cordova plugin, the schema is configured in the config.xml cordova
file.
@summersp @passos do you have plan to move to external browser?
Yes => https://issues.jboss.org/browse/AGDROID-319
+1
Erik started working on Oauth2 Android with embedded view, but if we’re planning to move
to ext. browser maybe it's worth putting the plugin implementation on hold untill we
got that?
++
Corinne
—————
AeroGear iOS tech lead
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
11:57 a.m.
On Mon, Nov 24, 2014 at 11:30 AM, Daniel Passos <daniel(a)passos.me> wrote:
On Mon, Nov 24, 2014 at 6:43 AM, Corinne Krych
<corinnekrych(a)gmail.com>
wrote:
> Hello Guys,
>
> Erik did some great progress on OAuth2 iOS plugin using external browser
> approach. Some workarounds are needed for iOS because of Swift based plugin
> and are documented here:
> https://github.com/edewit/aerogear-oauth2-plugin#workaround-for-ios
>
> As descibed in the readme instruction:
> https://github.com/edewit/aerogear-oauth2-plugin#aerogear-oauth2-cordova
> I think the best approach is to go external browser, one of the main
> issue with embedded view is that the user stills have to enter credentials
> in native app. Although it might offer a better UX experience not switching
> apps, it’s seen as less secure. My preference would be to go external. On
> iOS, the re-enter app is solved using URI schema. The same approach is used
> fro Cordova plugin, the schema is configured in the config.xml cordova file.
>
> @summersp @passos do you have plan to move to external browser?
>
Yes => https://issues.jboss.org/browse/AGDROID-319
awesome!
-M
> Erik started working on Oauth2 Android with embedded view, but if we’re
> planning to move to ext. browser maybe it's worth putting the plugin
> implementation on hold untill we got that?
>
> ++
> Corinne
> —————
> AeroGear iOS tech lead
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
3:09 p.m.
On 11/24/2014 03:43 AM, Corinne Krych wrote:
Hello Guys,
Erik did some great progress on OAuth2 iOS plugin using external browser approach. Some
workarounds are needed for iOS because of Swift based plugin and are documented here:
https://github.com/edewit/aerogear-oauth2-plugin#workaround-for-ios
As descibed in the readme instruction:
https://github.com/edewit/aerogear-oauth2-plugin#aerogear-oauth2-cordova
I think the best approach is to go external browser, one of the main issue with embedded
view is that the user stills have to enter credentials in native app. Although it might
offer a better UX experience not switching apps, it’s seen as less secure. My preference
would be to go external. On iOS, the re-enter app is solved using URI schema. The same
approach is used fro Cordova plugin, the schema is configured in the config.xml cordova
file.
@summersp @passos do you have plan to move to external browser?
We do, passos has
linked to the JIRA later in the thread.
For me the big win is that we can integrate with other services which
might have a native login widget (Google+, Facebook) and not have to use
the WebView which might have rendering issues if the site isn't responsive.
Erik started working on Oauth2 Android with embedded view, but if we’re planning to move
to ext. browser maybe it's worth putting the plugin implementation on hold untill we
got that?
++
Corinne
—————
AeroGear iOS tech lead
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
Summers Pittman
>Phone:404 941 4698
>Java is my crack.
3764
days inactive
3764
days old
10 comments
6 participants
participants (6)
-
Bruno Oliveira -
Corinne Krych -
Daniel Passos -
Erik Jan de Wit -
Matthias Wessendorf -
Summers Pittman