search

geir54 / android-sqrl

android implementation of steve gibsons sqrl authentication
GNU General Public License v3.0
66 stars 16 forks source link

Changed the URL handling to follow the specification from GRC.com. #8

Closed kalaspuffar closed 9 years ago

kalaspuffar commented 10 years ago

The specification states that domain is the path without sqrl:// before either the slash or pipe sign. And we should not care about either port or username and password in this string.

And when it comes to the url we call back to we need to send the querystring so servers could retrieve data from the querystring that might be needed for processing.

Also added the flag to permit all in strict mode to be able to run this before we do the web calles in a background process.

geir54 commented 10 years ago

Thanks for the pull request :+1:

I don't see the big change in MainActivity.java so I'd like to keep that as is.

getURL() looks nice

getReturnURL() What do you mean by "so we get the querystring to the server for processing". This is only used to contact the server.

getDomain() looks nice

kalaspuffar commented 10 years ago

Hi.

Regarding "getReturnURL()" yes your right but I couldn't see that you actually used the full query string to the server when contacting the server. In some cases the server needs to append some data to enable a login and in these cases you must be able to specify a query string that will be included in the address contacted.

Or did I miss interpret something?

Best regards Daniel

geir54 commented 10 years ago

Yes that is a bug, it would not handle paths with my code. I'll merge and rewrite :) Thanks for your help

sesam commented 10 years ago

Hej, How's the squirrel doing? Working proof of concept code seem to be a prereq. to get sqrl to take off. (Or is there some actual reason why it's so quiet here?)

gdorai commented 10 years ago

Hello there, I am trying to understand the httppost to the website. But, when I try to scan the QR code, the public key and signature has been generated. But I don't see a httppost happening. Does the current source code does this? Or Am I missing something? I tried using this URL to test: https://sqrl-test.paragon-es.de

geir54 commented 10 years ago

Yes that should be working try on my test page On Oct 25, 2014 7:11 PM, "gdorai" notifications@github.com wrote:

Hello there, I am trying to understand the httppost to the website. But, when I try to scan the QR code, the public key and signature has been generated. But I don't see a httppost happening. Does the current source code does this? Or Am I missing something? I tried using this URL to test: https://sqrl-test.paragon-es.de

— Reply to this email directly or view it on GitHub https://github.com/geir54/android-sqrl/pull/8#issuecomment-60489621.

gdorai commented 9 years ago

Hello there,

Thanks for your reply. But, when I scan the QR code and confirm the URL, I can see that the signature is generated. But "httppost" does not seem to work. I tries on your test page: http://sqrl.host56.com. Am I missing something?