[feedhenry-dev] Authentication in Mobile.Next

Summers Pittman supittma at redhat.com
Fri Aug 25 16:08:54 UTC 2017 

On Fri, Aug 25, 2017 at 10:33 AM, Wei Li <weil at redhat.com> wrote:

> Hi FeedHenry developers,
>
> As you may have heard, we are planning on delivering a few mobile-focused
> services in Mobile.Next project. One of the services we are looking at is
> authentication.
>
> As a start, we first would like to kick off some discussions around
> requirements & expectations of this service within the community. More
> specifically, we are looking for some answers to the following questions:
>
> * What is the biggest pain point you currently have in terms of user
> authentication when develop mobile applications?
>

My biggest pain is integrating in various social providers in a way that is
compatible and not clunky,

For a new app there is an understood Register -> Confirm Registration ->
Log In -> Use the app flow.  Social providers through OAuth combine the
first three steps into a single step (select the account to use), but
integrating with each provider is often very time consuming.

Keycloak manages a lot of the social flow, but it does not have a native
experience and falls back to OAuth 2 web flow.  It is a bad user experience
(and bad for user retention) if the first thing they do after they open
your app they just downloaded if they are taken out of the app to sign into
a website.


> * What features/functions around authentication you should like to see in
> Mobile.Next, both client and cloud side?
>

Better support for real time authentication events, asynchronous sessions,
and WebSockets.

On the client side we need support for Native platforms in a way that
doesn't rely on WebViews.  We also need better exposure of best practices
because the native platform gives us more options than the cookie store in
a web browser does.  For instance tokens can be kept in a biometrically
sealed keystore which require the user to use a thumbprint to unlock before
the app can perform an operation.



> * If you have used Keycloak before, what is your thoughts on integration
> with it in mobile applications?
>

Keycloak is pure magical wonderfulness for Java EE Servers and web based
applications.  Outside of this there is a lot of compatibility thanks to
some smart design choices, but the documentation isn't great at explaining
that.  Most of my googling for how to do something in KC often turns up my
own blog posts ><.

On Android KC is only OK.  It is really missing support for using the
Google account found on most devices.  You can work around this by using
webviews, redirects, etc to get this information but there isn't a golden
scenario.


> * Anything else around authentication?
>

I feel like we are 80% there already.  We need good docs and examples for
non trivial integrations.  The learning curve is really steep because the
problem is really complex and requires a lot of integrations.  If we can
just support a few of those with sensible defaults that are easy to change
then I think we can make a lot of headway.

>
> The answers to those questions will help us make sure we deliver something
> that will solve the problems you are facing day to day.
>
> We look forward to your answers and thank you in advance.
>
> Regards,
>
> --
>
> WEI LI
>
> SENIOR SOFTWARE ENGINEER
>
> Red Hat Mobile <https://www.redhat.com/>
>
> weil at redhat.com    M: +353862393272
> <https://red.ht/sig>
>
> _______________________________________________
> feedhenry-dev mailing list
> feedhenry-dev at redhat.com
> https://www.redhat.com/mailman/listinfo/feedhenry-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/feedhenry-dev/attachments/20170825/c57e1173/attachment.htm>

More information about the feedhenry-dev mailing list