wultra / mtoken-sdk-android Goto Github PK

We should parse the inbox message here
https://github.com/wultra/mtoken-sdk-android/blob/develop/library/src/main/java/com/wultra/android/mtokensdk/push/PushParser.kt#L41

as we do for operations.

the map that comes from the push:

{messageType=mtoken.inboxMessage.new, inboxId=4c734361-a764-48f2-840d-405de2f8fa2a}

To follow the same pattern across the company libraries.

Same as wultra/mtoken-sdk-ios#26

Add section, where we explain that the QR operations are 2FA only and the biometry is allowed based on the property in flags.

Similar to the iOS version: wultra/mtoken-sdk-ios#31

According a wultra/enrollment-server#493

Specifically the section around the original e exception - add some example of what this exception can usually be

• PowerAuth exception
• networking exception
• parser exception
• ...

Based on the backend implementation

Upgrade project to support PowerAuth mobile SDK 1.7.x

Otherwise, the SDK crashes during the deserialization of the backend.

The following page contains a dead link to ApiError class on Github:

https://developers.wultra.com/components/mtoken-sdk-android/1.3.x/documentation/Error-Handling

As described in wultra/enrollment-server#307

and implemented on iOS in

wultra/mtoken-sdk-ios#94

Update format of the documentation to follow Developer Portal "basics".

For example like documentation for https://github.com/wultra/react-native-powerauth-mobile-sdk

We should provide a helper method for verifying that a push message is a "mtoken" one.

This is redundant. Improve and use QROperationParser.parse.

To be consistent with iOS

Right now, we support only possession_knowledge and possession_biometry as signature factors. For 1FA, possession is "automatic".

https://github.com/wultra/mtoken-sdk-android/blob/develop/library/src/main/java/com/wultra/android/mtokensdk/api/operation/model/UserOperation.kt#L116

We should add (to at least allow to parse and throw away) the possession factor because it's in a lot of places in our documentation for backends

For example:
https://developers.wultra.com/components/powerauth-webflow/develop/documentation/Web-Flow-1.2.0.html#data-adapter-changes

Operation class and classes around it (like attributes etc.) should be documented much better.

Right now, the polling starts after the given polling time.

• split README into documentation
• write an example for LocalOperation
• add logging level section

The kotlin-doc and also markdown documentation should mention that using noValidation can lead to use of unsafe HostnameVerifier and X509TrustManager. See our documentation in PowerAuth mobile SDK.

Poweruth exception can occur (synchronously). This should be handled in an async way.

As in our product.

In Api.kt:59 onResponse call, the try/catch should be around the whole method to prevent a crash in malformed or unexpected response.

IPushService and IOperationsService are using listener interfaces for the asynchronous operation completion. We should rewrite both services to use callbacks with kotlin's Result<T> object. The only caveat is that we have to introduce a ApiErrorException because the legacy ApiError doesn't inherit from Throwable and therefore is not compatible with Result<T>.

The SDK uses the /operation/authorize/offline value, but this is not mentioned anywhere in the docs. Therefore, the developers who build the server-side part themselves have hard time figuring out how the set the server-side constant and usually make a wrong guess. We should:

• Add the default value to the client-side documentation
• Allow changing the constant in the SDK

Document Details

Do not edit this section. We use it to link the issue to the appropriate document. ⚠

• File: https://github.com/wultra/mtoken-sdk-android/blob/releases/1.4.x/docs/Using-Operations-Service.md
• Timestamp: 1636019971

1. mock HTTP client
2. test different networking scenarios

This library suppose to be licensed under Apache 2.0, but a lot of source codes still use a commercial Wultra license. This is due to fact that the library was created from our internal closed source project. This should be fixed to do not raise questions about the licensing.

For example: https://github.com/wultra/mtoken-sdk-android/blob/develop/library/src/main/java/com/wultra/android/mtokensdk/push/PushParser.kt

Based on the backend implementation

Get rid of the 2 methods for offline signing and use PowerAuthAuthentication object instead.

The same approach is in iOS counterpart.

• add a section with an explanation of what is Operation object
• add a section with an explanation of what is QROperation object
• add a section about how networking is done
• in error scenarios, make some (the usual) examples why the call can fail
• make a remark in getOperations API that the result is based on acceptLanguage value
• add info to offline operation signature that even if you provide wrong credentials, the op is signed and will produce a code
• add info what is the code after signing offline code
• add biometry counterpart for operation signing

We are using ThreeTen Android Backport, but its development is being stopped, we should move away from it.

As stated on their github: https://github.com/JakeWharton/ThreeTenABP

Attention: Development on this library is winding down. Please consider switching to Android Gradle plugin 4.0, java.time.*, and its core library desugaring feature in the coming months.

• for QR payment
• for online payment

and run on github CI

reflect changes from wultra/enrollment-server#747

It looks like there's discrepancy between declared minimum supported SDK in documentation and actual value set in build scripts:

• Documentation declare that we support 16+
• Gradle says we support 19+

Extract id and data properties into an interface.
Implement LocalOperation class that implements this interface.
Make UserOperation to implement this interface.

Make approve and reject endpoints to consume this interface instead of UserOperation.

The enrollment server will return the current timestamp in the new API enhancement (wultra/enrollment-server#667).

We should provide SDK API for obtaining the current server time.

iOS implementation: wultra/mtoken-sdk-ios#112

To fully support PowerAuth mobile SDK 1.7.x, we have to upgrade dependency on PowerAuth Networking to version 1.1.0 once is released.

Related to #69
Related to wultra/networking-android#19