[aerogear-dev] Suggestion for some OTP improvements

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[aerogear-dev] Suggestion for some OTP improvements

Corinne Krych
Hello Guys,

Revisiting OTP demo for iOS client, I've seen some improvements that could be done in the OTP lib itself. 

1. storage of secret is done at cordova- layer [1] and [2]. It would be better to store them in a safe storage (ie: Keychain for iOS, KeyStore for Android etc...) or at least leave the option for end user. 

2. extracting secret from URL (read from QRCode) is done on each native client demos or in Corodva layer. See [3] for iOS and [4] for Android and [5] for Cordova. What about moving this code snippet in the library itself. For ex, add a new initialiser of OTP which takes an URL.

Thoughts?

++
Corinne

_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev
Reply | Threaded
Open this post in threaded view
|

Re: [aerogear-dev] Suggestion for some OTP improvements

Erik Jan de Wit
+1 on this this is something one will need to do use the lib better to have the lib do it or at least support doing that.

On Tue, Sep 22, 2015 at 2:48 PM, Corinne Krych <[hidden email]> wrote:
Hello Guys,

Revisiting OTP demo for iOS client, I've seen some improvements that could be done in the OTP lib itself. 

1. storage of secret is done at cordova- layer [1] and [2]. It would be better to store them in a safe storage (ie: Keychain for iOS, KeyStore for Android etc...) or at least leave the option for end user. 

2. extracting secret from URL (read from QRCode) is done on each native client demos or in Corodva layer. See [3] for iOS and [4] for Android and [5] for Cordova. What about moving this code snippet in the library itself. For ex, add a new initialiser of OTP which takes an URL.

Thoughts?

++
Corinne

_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev



--
Cheers,
       Erik Jan

_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev
Reply | Threaded
Open this post in threaded view
|

Re: [aerogear-dev] Suggestion for some OTP improvements

Daniel Passos
In reply to this post by Corinne Krych
On Tue, Sep 22, 2015 at 9:48 AM, Corinne Krych <[hidden email]> wrote:
Hello Guys,

Revisiting OTP demo for iOS client, I've seen some improvements that could be done in the OTP lib itself. 

1. storage of secret is done at cordova- layer [1] and [2]. It would be better to store them in a safe storage (ie: Keychain for iOS, KeyStore for Android etc...) or at least leave the option for end user. 

I'm not against to have a complete example and storing the secret in the database, but I'd prefer only scan QRCode and show the code on screen. I think it make the example easily to our community debug/play/understand/focus on OTP
 
2. extracting secret from URL (read from QRCode) is done on each native client demos or in Corodva layer. See [3] for iOS and [4] for Android and [5] for Cordova. What about moving this code snippet in the library itself. For ex, add a new initialiser of OTP which takes an URL.

+1 I like it.


_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev



--
-- Passos

_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev