[aerogear-dev] External vs Embedded browser for OAuth2 libs and Cordova plugin
Daniel Passos
daniel at passos.me
Mon Nov 24 05:32:24 EST 2014
On Mon, Nov 24, 2014 at 7:02 AM, Erik Jan de Wit <edewit at redhat.com> wrote:
>
> On 24 Nov,2014, at 9:43 , Corinne Krych <corinnekrych at gmail.com> wrote:
>
> I think the best approach is to go external browser, one of the main issue
> with embedded view is that the user stills have to enter credentials in
> native app. Although it might offer a better UX experience not switching
> apps, it’s seen as less secure. My preference would be to go external. On
> iOS, the re-enter app is solved using URI schema. The same approach is used
> fro Cordova plugin, the schema is configured in the config.xml cordova
> file.
>
>
> Yes, because when using a WebView the app could override onKeyDown and get
> your password:
>
> @Override
> public boolean onKeyDown <http://developer.android.com/reference/android/app/Activity.html#onKeyDown(int,%20android.view.KeyEvent)>(int keyCode, KeyEvent event) {
> // I’m getting your password here
> return super.onKeyDown(keyCode, event);
> }
>
>
> Obviously that it not what we do, but it could be done easy also by app
> that uses our oath2 library.
>
>
> @summersp @passos do you have plan to move to external browser?
>
> Erik started working on Oauth2 Android with embedded view, but if we’re
> planning to move to ext. browser maybe it's worth putting the plugin
> implementation on hold untill we got that?
>
>
> I guess because of the WebView I have to use the aar as a dependency for
> the plugin. This is not supported by cordova, but it will be supported in
> version 4.0 So I hope that using the external browser will make using the
> aar no longer needed. As this will mean like for iOS a lot of manual steps
> needed to get the plugin to work and no JBDS support for this plugin.
>
I'm not sure if use external browser will make aar no longer needed. Btw
use aar instead of jar is the correct thing to do.
> Cheers,
> Erik Jan
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20141124/f4709f61/attachment.html
More information about the aerogear-dev
mailing list