Comments (3)
Your reasoning makes sense, and I have seen a few practical examples where the authentication methods varied by platform for a service - for instance, supporting Google Sign-in on Android only. Such variation is usually disastrous though, as you end up locking users out of their accounts when they switch platforms :/
Playing it safe from our perspective and always requiring an app be explicit about the auth methods they support is probably the best course of action for now. So, sounds like this issue now becomes "remove wildcard behavior from spec".
from openyolo-android.
I think it would probably be better to just make the proto field optional, rather than having a "special" auth method value that could be accidentally mixed with other values.
from openyolo-android.
Maybe there is not a compelling reason to support this wildcard? Assumption: From my understanding the client application should always authenticate the retrieved credential therefore a retrieved credential with an unknown authentication method would be of no use to the client.
To avoid this possible scenario the client should only retrieve credentials with supported authentication methods.
Now that I think about this a wildcard seems like an opportunity for clients to potentially shoot themselves in the foot. For example I can imagine the following scenario where an app developer completes their android implementation using a wildcard for authentication method while their client only supports authentication method A, the developer adds a web frontend which supports authentication methods A and B, additional credentials are now available for unsupported authentication method B. Now the android application may receive unsupported credentials which may or may not be accounted for by the developer's implementation.
Additionally this wildcard is set as the default value when using the RetrieveRequest.Builder
. If there is a reason to support it I suggest it is changed to an non-default value to help developers avoid the situation described above.
from openyolo-android.
Related Issues (20)
- Document interactions with Android O's Autofill HOT 15
- CredentialClient.getDeleteResult() should be getCredentialDeleteResult()
- Gradle Error when following the getting started guide when using Android Studio 2.x HOT 1
- Potential security vulnerability in passing Intents via BBQ HOT 6
- Remove backwards compatibility with old BBQ retrieve Intents HOT 2
- Cleanup: utilize ProviderResolver in CredentialClient
- Feedback on demo app HOT 5
- Library uses Java 8 which makes integration difficult HOT 4
- Android Studio auto complete shows Protobuf package too HOT 2
- Proguard exclusion is too broad HOT 2
- Demo app is not working as intended HOT 2
- Confusing behaviuor or bug in providers? HOT 6
- Helper method to find out is any supported provider available? HOT 3
- Test app OpenYOLO Get credential button not working HOT 1
- Tapping the provider picker quickly after it is shown causes it to be dismissed HOT 1
- Crash due to IncompatibleClassChangeError: org.hamcrest.core.IsNull HOT 2
- Crash java.lang.ExceptionInInitializerError HOT 1
- RuntimeException in sample code HOT 1
- Can't delete credentials in Google Smart Lock HOT 1
- Unknown retrieve response in Test app HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openyolo-android.