Android v0.13.1

kalaspuffar · Jan 28, 2019

Hi again gang.

After some clarification from Steve on the new API I think I now have a stable version for login on the new site so I release it with some small fixes.

One bug that still eludes me is the bug where some have reported that they can't save files due to permissions. Need to find a device with that problem I guess.

Bugs
* Change to send noiptest on all QR logins.
* Fix to show ellipsis again
* Login popup is moved so not obscured by keyboard.

Thank you for your time.

Barry Minion · Jan 31, 2019

When trying to login to this site via the app, I get an error about two domains, though I haven't managed to capture the screen and am unsure of the exact wording. It says that one link equals one domain while "child=sqrl.grc.com" or something like that. The domains appeared the same (or similar) at a glance, so unsure of the issue.

However, after a few tries I could no longer reproduce this error. Instead the app asks for my fingerprint or the password, does the decryption process, but then drops back to this site (Firefox tab) without logging me in. It doesn't tell me what went wrong. I cannot login in via my Pixel 1 (Android Pi) and am posting this from my laptop. I'm using the "SQRL" button on the login window and have imported this identity to the device.

The importing process worked flawlessly, btw. I used the Windows client to display the QR code and your app to import it. Very easy and exactly how such data should be transferred to a smartphone.

During my first login attempt, I also noted that the password window prompted me for "Password (first 4 characters)", but actually required the full password to proceed. During later attempts, the window properly continued to decryption after the first four characters were entered.

I hope it's okay to post this here. If not, let me know. I apologize for not providing more useful details. I just got the phone and am new to Android (well, haven't used it in years), so I will not be a truly helpful tester. In this environment, I'm more representative of a casual user than a skilled one <g>.

Morphlin · Feb 5, 2019

Works great for me. Associated my identity with my existing user. No issues yet. Great work!

Morphlin · Feb 6, 2019

I just got a bug trying to log in, app displaying "missing argument" right after capturing the qr code. A retry did the trick.

kalaspuffar · Feb 6, 2019

Morphlin said:
I just got a bug trying to log in, app displaying "missing argument" right after capturing the qr code. A retry did the trick.

View attachment 105

I think these kinds of problems are very technical so I would like to see some more easily digested error messages.

In this case I believe the QR link was old and needed a refresh. The app does one refresh automatically if transient error occurs but sadly you could get multiple stale links some times I guess.

Transient and Client errors aren't clear to me without context which I think is a bit of lacking in the protocol. An error without actionable point for the user is not good.

But I hope the new documentation will clarify this issue.

Best regards
Daniel

Morphlin · Feb 6, 2019

I agree. I was just posting FYI

To me the fact that it's working is great. Good job!

kalaspuffar · Feb 6, 2019

Barry Minion said:
When trying to login to this site via the app, I get an error about two domains, though I haven't managed to capture the screen and am unsure of the exact wording. It says that one link equals one domain while "child=sqrl.grc.com" or something like that. The domains appeared the same (or similar) at a glance, so unsure of the issue.

However, after a few tries I could no longer reproduce this error. Instead the app asks for my fingerprint or the password, does the decryption process, but then drops back to this site (Firefox tab) without logging me in. It doesn't tell me what went wrong. I cannot login in via my Pixel 1 (Android Pi) and am posting this from my laptop. I'm using the "SQRL" button on the login window and have imported this identity to the device.

The importing process worked flawlessly, btw. I used the Windows client to display the QR code and your app to import it. Very easy and exactly how such data should be transferred to a smartphone.

During my first login attempt, I also noted that the password window prompted me for "Password (first 4 characters)", but actually required the full password to proceed. During later attempts, the window properly continued to decryption after the first four characters were entered.

I hope it's okay to post this here. If not, let me know. I apologize for not providing more useful details. I just got the phone and am new to Android (well, haven't used it in years), so I will not be a truly helpful tester. In this environment, I'm more representative of a casual user than a skilled one <g>.

Hi Barry

Thank you for your report, sorry for the late response.

First of the first error messages is something new. Never heard of a parameter called child in the protocol. If you see it again try to capture it in some way. Screenshot perhaps.

The site not redirecting you in Firefox after a correct login is sadly up to the site and nothing the client can change. Might be an issue with internal communication with Firefox and applications. But in that case you should get a warning and the site should still redirect you a logged in state. Maybe a reload of the browser will solve the issue.

I'll test Firefox a bit more though.

The issue of the label being incorrect when entering passwords is an issue I though I fixed but I need to reproduce and hunt down the issue again.

If you find a way to reliably reproduce the issue it would be greatly appreciated.

Thank you for your time.

Best regards
Daniel Persson

notsponsible · Feb 7, 2019

I just downloaded the app and used it for the first time. It worked well. It lacks polish but the functionality is there. I had initially downloaded another app that had a rating only to immediately recognize a lack of understanding by the developer when it gave me a recovery code and asked me to reenter it on the same screen thereby not forcing me to write it down. I also like the ability to print the recovery code, that was classy.

Steve · Feb 7, 2019

kalaspuffar said:
I think these kinds of problems are very technical so I would like to see some more easily digested error messages. In this case I believe the QR link was old and needed a refresh. The app does one refresh automatically if transient error occurs but sadly you could get multiple stale links some times I guess. Transient and Client errors aren't clear to me without context which I think is a bit of lacking in the protocol. An error without actionable point for the user is not good. But I hope the new documentation will clarify this issue.

Best regards
Daniel

I need to carefully think through the mobile login case where the client is asserting the "noiptest" flag. In that situation it might not reduce security to allow a new QR code reissue. In the desktop case, a stale QR code should probably not be reissued.

But, independent of that, the formal behavior for ANY SQRL client is: If any SQRL client receives TWO IDENTICAL transient errors in a row, having the same TIF, the client MUST report that the logon page code has expired, must be refreshed, then authenticate. That will ALWAYS solve the problem for the client and for the user.

I will work to see how the incidence of duplicate TIF codes can be minimized... but that's the server-side responsibility. IF you receive two identical transient TIF codes in a row, you must stop and ask the user to refresh their logon page. Note that if the TIFs are not identical, you can keep retrying until to get two identical codes in a row.

(I'm sorry I haven't been more clear about that before now.)

kalaspuffar · Feb 7, 2019

notsponsible said:
I just downloaded the app and used it for the first time. It worked well. It lacks polish but the functionality is there. I had initially downloaded another app that had a rating only to immediately recognize a lack of understanding by the developer when it gave me a recovery code and asked me to reenter it on the same screen thereby not forcing me to write it down. I also like the ability to print the recovery code, that was classy.

Hi notsponsible

Thanks for the feedback and if you have any suggestions on polish that would improve the user experience then please share.

Thank you for your time.

Best regards
Daniel

kalaspuffar · Feb 7, 2019

Steve said:
I need to carefully think through the mobile login case where the client is asserting the "noiptest" flag. In that situation it might not reduce security to allow a new QR code reissue. In the desktop case, a stale QR code should probably not be reissued.

But, independent of that, the formal behavior for ANY SQRL client is: If any SQRL client receives TWO IDENTICAL transient errors in a row, having the same TIF, the client MUST report that the logon page code has expired, must be refreshed, then authenticate. That will ALWAYS solve the problem for the client and for the user.

I will work to see how the incidence of duplicate TIF codes can be minimized... but that's the server-side responsibility. IF you receive two identical transient TIF codes in a row, you must stop and ask the user to refresh their logon page. Note that if the TIFs are not identical, you can keep retrying until to get two identical codes in a row.

(I'm sorry I haven't been more clear about that before now.)

Hi Steve

Thanks for the clarification. I'll look into multiple retries until I get a stable error code and also improve the communication with the end user with a more descriptive error message for transient error.

Thank you for your time.

Best regards
Daniel

Steve · Feb 7, 2019

kalaspuffar said:
Hi Steve

Thanks for the clarification. I'll look into multiple retries until I get a stable error code and also improve the communication with the end user with a more descriptive error message for transient error.

Thank you for your time.

Best regards
Daniel

Daniel... I just wrote a somewhat more lengthy and detailed reply to your posting over in the newsgroups. And I suggested some error message text. So you should look over there for a better response. And... thank YOU for working on a client for Android! it's CLEAR that it's going to be VERY popular!!

0.NRG · Feb 11, 2019

Boy, I wish I had an Android phone to test this. I am very tempted to purchase one of the inexpensive Motorola or other Android phones to test this and for other things I cannot test with an iPhone.

kalaspuffar · Feb 11, 2019

0.NRG said:
Boy, I wish I had an Android phone to test this. I am very tempted to purchase one of the inexpensive Motorola or other Android phones to test this and for other things I cannot test with an iPhone.

Hi 0.NRG

Actually, if you just want to test you may start up an emulator and try the features there. I think the emulator will work just as fine on a Macintosh.

If not I would suggest you try the implementation of SQRL on iPhone available from Jeff.

0.NRG · Feb 11, 2019

I'm testing Jeff Arthur's iOS SQRL app and I had thought of testing your Android app via BlueStacks or other Android emulator. If I had a Windows tablet still, then that wouldn't be bad, but all I have now are Windows desktop and laptop PC's. So, I cannot test your app in an emulator and use it like I would with a phone where the camera scans a QR code. Well, I could do this with a laptop, but it would be really clunky.

But, I might go ahead and play with your app using an emulator for kicks and giggles as we say.

Search

Search

Android v0.13.1

kalaspuffar

Well-known member

Barry Minion

New member

Morphlin

Member

Morphlin

Member

kalaspuffar

Well-known member

Morphlin

Member

kalaspuffar

Well-known member

notsponsible

New member

Steve

Administrator

kalaspuffar

Well-known member

kalaspuffar

Well-known member

Steve

Administrator

0.NRG

Well-known member

kalaspuffar

Well-known member

0.NRG

Well-known member