#aerogear: AeroGear Security Meeting

Meeting started by abstractj at 14:31:43 UTC (full logs).

Meeting summary

  1. general (abstractj, 14:31:53)
  2. general (abstractj, 14:31:53)
    1. Roadmap for security on AeroGear was updated with some ideas you are welcome to vote (abstractj, 14:31:53)
    2. https://github.com/aerogear/aerogear.org/pull/440 (abstractj, 14:31:53)
    3. I'm planning to reorder tomorrow by the top voted (abstractj, 14:32:40)
    4. ACTION: abstractj add to the roadmap the work with AccountManager on Android, to make use of the same credentials (abstractj, 14:38:52)

  3. Keycloak (abstractj, 14:40:23)
  4. Keycloak (abstractj, 14:40:35)
    1. Development of passport adapter for Keycloak under development, pull request sent (abstractj, 14:40:35)
    2. https://github.com/keycloak/passport-keycloak/pull/1 (abstractj, 14:40:36)
    3. You're welcome to participate see the Jiras available (abstractj, 14:40:37)
    4. https://issues.jboss.org/browse/KEYCLOAK-864 (abstractj, 14:40:39)
    5. do we need a Keycloak Authz adapter for JavaScript - it would be "just another wrapper" (abstractj, 14:40:39)
    6. https://aerogear.org/docs/specs/aerogear-js/AeroGear.Authorization.adapters.OAuth2.html (abstractj, 14:40:41)
    7. imo it would be better to align Keycloak.js with AeroGear principles (e.g. use of ES6 Promises) (abstractj, 14:40:43)
    8. http://docs.jboss.org/keycloak/docs/1.0-rc-2/userguide/html/ch07.html#javascript-adapter (abstractj, 14:40:44)

  5. iOS (abstractj, 14:47:49)
    1. OpenID Connect flow covered in areogear-ios-oauth2 lib, Pr merged (corinnekrych, 14:48:16)
    2. https://github.com/aerogear/aerogear-ios-oauth2/pull/11 (corinnekrych, 14:48:16)
    3. could be move to a separate lib if needed like android is doing ag-android-auth vs ag-android-authz (corinnekrych, 14:48:17)
    4. this week cvasilak works on cocopods, after 2.1, we could split oauth2 vs social lib as discussed (corinnekrych, 14:52:01)
    5. for 2.1 planned end of next week we planned to finish most oauth2 stuff, we might be left with res credential grant to impl in 2.3 (abstractj, 14:54:27)
    6. more work on Keychain probably this week (corinnekrych, 14:55:47)
    7. for now Keychain wrapper is in ag-ios-oauth2, it should be moved away, abstractj: is the best place ag-ios-crypto or should it be its own module? (corinnekrych, 14:55:48)


Meeting ended at 14:59:57 UTC (full logs).

Action items

  1. abstractj add to the roadmap the work with AccountManager on Android, to make use of the same credentials


Action items, by person

  1. abstractj
    1. abstractj add to the roadmap the work with AccountManager on Android, to make use of the same credentials


People present (lines said)

  1. abstractj (81)
  2. corinnekrych (52)
  3. jbossbot (8)
  4. jbott (6)
  5. lholmquist (4)
  6. passos (4)
  7. cvasilak (3)
  8. dbevenius (1)
  9. lfryc (0)


Generated by MeetBot 0.1.4.