Are you a developer? Want OGS on a mobile device?


#145

Hey man, thanks for the feedback. I’m afraid that I need some guidance from the website devs on how to handle logging in without a username and password since all the docs I could find talk about username/password combo.


#146

@elx he means my app: https://play.google.com/apps/testing/io.zenandroid.onlinego It’s usable, but not done yet and I sadly did not find time to work on it since before Christmas. If you’re in the market for one, please try it out and let me know what you think.


#147

Adding @anoek and @matburt - they are the ones most likely to know how to use oauth authentication with the API (or whether that is even possible or not)


#148

please try it out and let me know what you think.

Is it available from f-droid? I only install programs from there. The page you linked redirects to login page, so I can’t check it.


#149

I only distributed through the official Google Play for now. Sorry, I see how this can be a problem if you don’t trust Google but sadly I don’t have the time to distribute this through several channels, and if I have to choose just one, then Google Play makes the most sense (I even had to pay for this btw).


#150

I think you can simply give the link to your source repository to f-droid team, they build APK themselves, which is why I prefer f-droid. If you install from them then binaries are guaranteed to fully correspond to published source code which is open for security review.


#151

And how do you deal with the secret in the app (e.g. the API key) that you cannot make public? I’m sorry but it’s too much hassle just to reassure people that I’m not doing something omnious with the phone. And to be honest I couldn’t do much even if I were inclined to do so since the security on the android phone is quite good.


#152

BTW, found an hour to look at the crash reports (that Google Play provides, unlike f-droid) and fixed the most prevalent issues. Expect an update in a few minutes.


#153

And how do you deal with the secret in the app (e.g. the API key) that you cannot make public?

I honestly think that there is something wrong with architecture of that program or server, if an application package available for download to user has to contain secret which user cannot access.

According to this post OAuth2 Client Credentials it’s no longer the case, though, the application just needs regular login and password, same as you enter on the website. It is suggested not to store that but instead get some reauth-token though.

Point of f-droid is not only to make sure that application is not doing anything ominous, though. It’s also that Google Play requires login even to browse and install payment-free applications. Why does google play require password while other software repositories do not?


#154

That is the case for ALL apps that are consuming a 3rd party API: they have a secret key that they send to the server to authenticate not the user but the app itself to the server. Anybody with access to that key can impersonate the app. It is a requirement for OGS and is nothing I can do about it.

Bottom line is: if it’s a case of me submitting the APK to f-droid I will probably do it sometimes in the future if I find the time. If it’s a complicated system requiring them to rebuild from source, I’m just not willing to spend the time to do it.


#155

How hard is it to get a new app key? Can it be done automatically?


#156

Hey @MrAlex I’ve concluded that the thing I would like most above all is a notifier. I’m actually not that keen to play on the phone - it’s nice when there’s no desktop available, but that’s comparatively rare.

However I would love to not have to keep coming back to my desk to check if there is a move. Or open an app explicitly on the phone. It’d be awesome if the phone dinged when a move is available…

GaJ


#157

Well sorry @GreenAsJade but isn’t my app already doing exactly that? :slight_smile: Perhaps something is broken for you guys, in which case I need to know, but the way this should work is after you log in I check every few minutes (more often if the phone is plugged in and on wifi) and spawn a notification if it is your move. It should be a bit too slow for live games, but not for correspondance ones.


#158

Hmm - I didn’t even know it tried :smiley:

I will leave it open in the background and see what I see. I agreed that a few minutes is absolutely fine.


#159

Is the “plus” button supposed to be doing something or still to early in developement? Because it does nothing for me…


#160

Not implemented yet I’m afraid. It’s supposed to open the dialog for issuing a new challenge, but when I realised just how many options there are for a new challenge the motivation just went out of me :slight_smile:


#161

You don’t even have to leave it “open”… it’s very peculiar that it doesn’t work, did you do anything special to your phone (such as disabled background services or something)?


#162

It doesn’t work for me either, on Oreo 8.0.0


#163

That’s weird… I don’t get any reports of crashes on the latest version. Does it not work even when plugged in?


#164

I’m not sure, with fast charging these days i don’t charge longer then 15-20 min… But I’ll try to keep an eye on that.
Second problem I have is, sometimes it doesn’t submit my moves, I have to kill the app and relaunch it, then it works again…