[Openid-specs-ab] Announcing AppAuth for Android, a client SDK for OAuth 2.0 and OpenID Connect

Mike Jones Michael.Jones at microsoft.com
Fri Feb 26 23:53:17 UTC 2016


First, congratulations on this achievement!

I’m writing back with my board secretary hat on and adding the marketing committee.  Language matters.  I’m going to suggest some alternative language to use in future communications about this, because some of the language below could be misinterpreted in a way that leads people to reach false conclusions and negatively impacts the OpenID Foundation and its reputation.

In the future, you should probably replace the sentence “The Google Identity team has open sourced AppAuth for Android<http://openid.github.io/AppAuth-Android/> under the OpenID Foundation” with “The Google Identity team has contributed the open source AppAuth for Android<http://openid.github.io/AppAuth-Android/> code to the OpenID Connect working group”.  Why?  First, because a contribution is always made to specific working group and not to the Foundation as a whole.  Second, because the current language could be misinterpreted as implying an endorsement of this implementation by the OpenID Foundation.  The Foundation has to be extremely careful not to create an impression that it is favoring implementations by one member over those that are created by others.  I’m sure you understand that that is critical to the Foundation’s reputation.

Likewise, you need to replace the sentence “We contributed the code to the OIDF under the foundation's new contributor license agreement (CLA)” with “We contributed the code to the OpenID Connect Working Group under the OpenID Foundation’s new contributor license agreement (CLA)”.

Language matters.  Thanks for listening and trying to be more clear in future communications so that accurate perceptions are formed, particularly those that might reach a wider audience.

                                                                Best wishes,
                                                                -- Mike

P.S.  How soon can you run the implementation through the RP certification tests?

From: Openid-specs-ab [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of William Denniss
Sent: Friday, February 26, 2016 9:58 AM
To: openid-specs-ab at lists.openid.net; Iain McGinniss
Subject: [Openid-specs-ab] Announcing AppAuth for Android, a client SDK for OAuth 2.0 and OpenID Connect

The Google Identity team has open sourced AppAuth for Android<http://openid.github.io/AppAuth-Android/> under the OpenID Foundation.

AppAuth is a client SDK for OAuth and OpenID Connect that follows the best practices<https://tools.ietf.org/html/draft-ietf-oauth-native-apps> for doing standards-based auth in apps, including in-built support for PKCE<https://tools.ietf.org/html/rfc7636> and performing user interaction in custom tabs<http://developer.android.com/tools/support-library/features.html#custom-tabs> (a feature of Android supported by Chrome<https://developer.chrome.com/multidevice/android/customtabs>, and open to other browsers).

You can fork the repository<https://github.com/openid/AppAuth-Android> on Github, and reference the Maven dependency<https://bintray.com/openid/net.openid/appauth/view>. Comprehensive API docs<https://openid.github.io/AppAuth-Android/docs/latest/> are available.

I gave a talk<https://www.youtube.com/watch?v=ppeU8yeI_ks> at the OpenID Summit Tokyo last year, which outlines some of the motivations behind this effort.

We contributed the code to the OIDF under the foundation's new contributor license agreement (CLA). If you/your company have signed the CLA, feel free to contribute by sending a pull request.  Currently myself and my colleague Iain McGinniss are the maintainers, and will review all incoming pull requests.

Thanks to the contributors on my team: Iain McGinniss, Steven Wright, Alex Chau, and Benjamin Franz for their hard work building the library. To Don Thibeau, John Bradley, Adam Dawes and Mike Leszcz for their guidance and help getting the OpenID Foundation setup to accept code contributions, Paul Meyer and John Bradley for interop validation, and Andy Zmolek for advocating this best practice in the Android community.

Special thanks to Adam Dawes and Eric Sachs for backing the AppAuth effort.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20160226/e015803c/attachment-0001.html>


More information about the Openid-specs-ab mailing list