[aerogear-dev] cordova push plugin simplification

Erik Jan de Wit edewit at redhat.com
Wed Feb 26 05:38:26 EST 2014 

> Now the Javascript can verify that the callback is a function because it’s no longer a string and the need for a separate successHandler is overrated as you will either get messages or your errorHandler gets invoked. 
> 
> 
> I like the idea of passing in a function (instead of a string), for the notification handling.
> 
> However, the successHandler was meant to give feedback if registration w/ UPS was successful or not. Should we really remove that hook ? 

Well you still will get that feedback, errorHandler will be invoked when it wan’t successful

>  
> Till now all these changes can be made on the plugin, but we could take it even further. Two things that are still platform dependent the senderId and the variantID/secret. Now senderId is ‘known’ by UPS so why do we need to specify it here? We could make senderId part of the response when registering a device on UPS then the client doesn’t need to specify it and all configuration is in one place.
> 
> It's optional on UPS, as only really Android clients need it. And I think originally Luke just added the 'senderID' to UPS for having something handy (copy/paste usage).
> 
> So, I am not sure on that one, as that means we now have to enforce Android Variants always get the senderID attribute. Could be done, yes, but I am not sure.
>  

Hmm, right it’s optional then this maybe not the greatest idea 

> 
> That leaves variantID/secret and that is the boldest proposal. How about we make it possible to register for an application instead for a specific variant? Then based on the meta information (deviceType, operatingSystem and osVersion) we choose the right variant.
> 
> -1
> 
> we should never 'deploy' the masterSecret and the applicationID on clients. If that information is stolen (easy on devices), you can start sending dirty assaults to ALL the devices for that application. Same w/ all the different providers like Parse, Stackmob etc: they all use a MasterKey/Password for the actual send. And they _highly_ recommend NOT applying that to the clients (it's easy to leak that information)
> 

Right didn’t think about that, this together with the objections that Sebastien has makes this a definite no go.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20140226/6c3a5dd2/attachment-0001.html

More information about the aerogear-dev mailing list