Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Is Remote Wipe possible with this library? #110

Open
szaimen opened this issue Sep 28, 2019 · 10 comments

Comments

@szaimen
Copy link

@szaimen szaimen commented Sep 28, 2019

Please let us know, if remote wipe is supported with this library.

@tobiasKaminsky

This comment has been minimized.

Copy link
Member

@tobiasKaminsky tobiasKaminsky commented Sep 30, 2019

Currently there is no way implemented to notify the "3rd party" apps to do a remote wipe.

@David-Development do you think it is possible to trigger this somehow?

@mario

This comment has been minimized.

Copy link
Member

@mario mario commented Sep 30, 2019

Two ideas in my head:

  • the files app stores real password instead of app tokens so it can provision app-tokens per requesting apps (bad, but Files is an official app after all so not THAT bad)
  • a check in this library that allows checking if account exists - if NOT, then the 3rd app would delete its content for that account
@szaimen

This comment has been minimized.

Copy link
Author

@szaimen szaimen commented Sep 30, 2019

Thank you for your answers and ideas!

the files app stores real password instead of app tokens so it can provision app-tokens per requesting apps (bad, but Files is an official app after all so not THAT bad)

In my opinion getting app tokens for every app is a good idea, because then you can also use SSO inside Nextcloud talk. Downside is, that you have to change your password as soon as you change it elsewhere to update to the new password. Maybe you could workaround with a notification, that you have to change your password.

a check in this library that allows checking if account exists - if NOT, then the 3rd app would delete its content for that account

Beeing able to disconnect every app on my phone with just one click would be really nice, but would not work for nextcloud-talk because of the missing apptoken for each app.

Maybe there is also a third solution with working notifications in nextcloud-talk, no need to change the password on passwordchange and disconnecting all apps on the phone with just one click?

Could there be a way that apps register not via one app token for each app but are identifiable as single instances?
I propose that than under security on the web-interface you can expand a list below this single app token for the whole phone (for this nextcloud-files-app on my phone) where apps that use this apptoken are listed. Then you could also disconnect the whole app token or just single apps. This way the app could be recognized by the server and could get also notifications (important for nextcloud-talk).

@tobiasKaminsky

This comment has been minimized.

Copy link
Member

@tobiasKaminsky tobiasKaminsky commented Oct 8, 2019

Downside is, that you have to change your password as soon as you change it elsewhere to update to the new password.

App tokens are independent from password changes.

@szaimen

This comment has been minimized.

Copy link
Author

@szaimen szaimen commented Oct 8, 2019

App tokens are independent from password changes.

Yes, I know but if the app would store the real password, it would be most likely no longer independent from password changes.

@tobiasKaminsky

This comment has been minimized.

Copy link
Member

@tobiasKaminsky tobiasKaminsky commented Oct 8, 2019

For security reasons I do not want to store real password in our app.
This somehow circumvent the whole purpose of app tokens.
What instead could be possible is to have "nested" app tokens, that is that you can create a new app token from an existing one.
If this is possible, then we could create new app tokens for apps that access via SSO.

@szaimen

This comment has been minimized.

Copy link
Author

@szaimen szaimen commented Oct 8, 2019

What instead could be possible is to have "nested" app tokens, that is that you can create a new app token from an existing one.
If this is possible, then we could create new app tokens for apps that access via SSO.

Sounds like a very good solution to me 👍

@szaimen

This comment has been minimized.

Copy link
Author

@szaimen szaimen commented Oct 8, 2019

@tobiasKaminsky Shall I open an issue on the server repo for that? Or will you do this?

@tobiasKaminsky

This comment has been minimized.

Copy link
Member

@tobiasKaminsky tobiasKaminsky commented Oct 8, 2019

I thought there is one, but I fail to find it, so if you also do not find it, please open a new one.

@szaimen

This comment has been minimized.

Copy link
Author

@szaimen szaimen commented Oct 8, 2019

@tobiasKaminsky I opened nextcloud/server#17459. Feel free to add or correct, if you miss something or think, that something wasn't described properly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.