[Openid-specs-ab] Announcing AppAuth for Android, a client SDK for OAuth 2.0 and OpenID Connect

John Bradley ve7jtb at ve7jtb.com
Sat Feb 27 06:54:53 UTC 2016


I think we were perhaps a bit over excited at having the SDK available, and meeting our release goal.

You are correct about the fine tuning of the language and our need to describe this as a product of the OIDF rather than as a single member.

In conversations this week with the GSMA they are interested in harmonizing the mobile Connect SDK they have developed as there is a large amount of overlap.

As this move ahead I think this will become a truly important open source contribution.   

As to RP testing, Paul Meyer form Ping is working on demo apps using the SDK on iOS and Android.  

The SDK may not yet constitute a complete RP on its own.

It will be worth seeing how the RP tests can be applied to native apps as part of our testing the tests.  
I will encourage him to try a demo app that can be used for the RP test.

John B.

> On Feb 27, 2016, at 12:53 AM, Mike Jones <Michael.Jones at microsoft.com> wrote:
> 
> First, congratulations on this achievement!
>  
> I’m writing back with my board secretary hat on and adding the marketing committee.  Language matters.  I’m going to suggest some alternative language to use in future communications about this, because some of the language below could be misinterpreted in a way that leads people to reach false conclusions and negatively impacts the OpenID Foundation and its reputation.
>  
> In the future, you should probably replace the sentence “The Google Identity team has open sourced AppAuth for Android <http://openid.github.io/AppAuth-Android/> under the OpenID Foundation” with “The Google Identity team has contributed the open source AppAuth for Android <http://openid.github.io/AppAuth-Android/> code to the OpenID Connect working group”.  Why?  First, because a contribution is always made to specific working group and not to the Foundation as a whole.  Second, because the current language could be misinterpreted as implying an endorsement of this implementation by the OpenID Foundation.  The Foundation has to be extremely careful not to create an impression that it is favoring implementations by one member over those that are created by others.  I’m sure you understand that that is critical to the Foundation’s reputation.
>  
> Likewise, you need to replace the sentence “We contributed the code to the OIDF under the foundation's new contributor license agreement (CLA)” with “We contributed the code to the OpenID Connect Working Group under the OpenID Foundation’s new contributor license agreement (CLA)”.
>  
> Language matters.  Thanks for listening and trying to be more clear in future communications so that accurate perceptions are formed, particularly those that might reach a wider audience.
>  
>                                                                 Best wishes,
>                                                                 -- Mike
>  
> P.S.  How soon can you run the implementation through the RP certification tests?
>  
> From: Openid-specs-ab [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of William Denniss
> Sent: Friday, February 26, 2016 9:58 AM
> To: openid-specs-ab at lists.openid.net; Iain McGinniss
> Subject: [Openid-specs-ab] Announcing AppAuth for Android, a client SDK for OAuth 2.0 and OpenID Connect
>  
> The Google Identity team has open sourced AppAuth for Android <http://openid.github.io/AppAuth-Android/> under the OpenID Foundation.
>  
> AppAuth is a client SDK for OAuth and OpenID Connect that follows the best practices <https://tools.ietf.org/html/draft-ietf-oauth-native-apps> for doing standards-based auth in apps, including in-built support for PKCE <https://tools.ietf.org/html/rfc7636> and performing user interaction in custom tabs <http://developer.android.com/tools/support-library/features.html#custom-tabs> (a feature of Android supported by Chrome <https://developer.chrome.com/multidevice/android/customtabs>, and open to other browsers).
>  
> You can fork the repository <https://github.com/openid/AppAuth-Android> on Github, and reference the Maven dependency <https://bintray.com/openid/net.openid/appauth/view>. Comprehensive API docs <https://openid.github.io/AppAuth-Android/docs/latest/> are available.
>  
> I gave a talk <https://www.youtube.com/watch?v=ppeU8yeI_ks> at the OpenID Summit Tokyo last year, which outlines some of the motivations behind this effort.
>  
> We contributed the code to the OIDF under the foundation's new contributor license agreement (CLA). If you/your company have signed the CLA, feel free to contribute by sending a pull request.  Currently myself and my colleague Iain McGinniss are the maintainers, and will review all incoming pull requests.
>  
> Thanks to the contributors on my team: Iain McGinniss, Steven Wright, Alex Chau, and Benjamin Franz for their hard work building the library. To Don Thibeau, John Bradley, Adam Dawes and Mike Leszcz for their guidance and help getting the OpenID Foundation setup to accept code contributions, Paul Meyer and John Bradley for interop validation, and Andy Zmolek for advocating this best practice in the Android community.
>  
> Special thanks to Adam Dawes and Eric Sachs for backing the AppAuth effort.
>  
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20160227/f87558b4/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4326 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20160227/f87558b4/attachment-0001.p7s>


More information about the Openid-specs-ab mailing list