[aerogear-dev] iOS SDK for OAuth2
Corinne Krych
corinnekrych at gmail.com
Tue Feb 3 02:37:50 EST 2015
> On 02 Feb 2015, at 20:28, Bruno Oliveira <bruno at abstractj.org> wrote:
>
>
> Good morning, I was reviewing our SDK for iOS and I have few questions:
>
> 1. For example at Shoot app. Why our users have to configure to insert
> the app ID at Shoot-Info.plist and also insert the same app ID at
> ViewController? I was just wondering that once the app ID is informed,
> you don't need to inform it again.
>
good point go ahead if you feel like pull requesting, if not create a JIRA for 2.2 release
> 2. We have a note:
>
> "Because this demo securely stores OAuth2 tokens in your iOS keychain,
> we chosen to use WhenPasscodeSet policy as a result to run this app you
> need to have your passcode set"
>
> I think that's amazing, but at the same time we instruct our devs, to
> insert the client secret hard coded into the app. Something like:
>
> let facebookConfig = FacebookConfig(
> clientId: "XXXXXX",
> clientSecret: "42",
> scopes:["photo_upload, publish_actions"])
>
> Doing the reverse engineering of the app, would permit me to get the
> secret and mimic your FB app.
>
> So I would like to remove the need to input the same information twice
> and encrypt the client secret using password based encryption.
>
Oki where do you want to store the encryption key? Keychain?
> Let me know what do you think and I will start to file Jiras to myself.
>
> Note: This is not an issue specific to iOS. All the projects will get
> the same love and feedback.
>
>
> --
>
> abstractj
> PGP: 0x84DC9914
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
More information about the aerogear-dev
mailing list