Comments (7)
emcrisostomo
commented on May 17, 2024
Hi @ari,
It's not hidden: it was lost during a POM merge. I added it back to the develop branch yesterday, I'm going to merge it on release shortly.
The JAX-RS dependency is there because we use the URIBuilder class to perform some URI-encoding needed when generating the Google Chart API call. That dependency is marked as provided:
<dependency>
<groupId>javax.ws.rs</groupId>
<artifactId>javax.ws.rs-api</artifactId>
<version>2.0.1</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.glassfish.jersey.core</groupId>
<artifactId>jersey-common</artifactId>
<version>2.13</version>
<scope>provided</scope>
</dependency>
When I wrote that part, using that class was by far the simplest method to get things done. If you are not executing this library on a Java EE container (6 or above), then you should provide both the API and the implementation in your classpath.
from googleauth.
ari
commented on May 17, 2024
I was thinking of forking your project to remove these dependencies for our own use. But also to then add https://github.com/kenglxn/QRGen because I am concerned about the security of passing the secret keys to Google.
Thanks for the very clearly written code by the way.
from googleauth.
emcrisostomo
commented on May 17, 2024
The security concern is understandable: in fact, I added that as an ancillary facility to make things easy for Google Authenticator users. Into our own environments we don't even rely on QR codes to get things done. IMHO, I'd keep things separate: this library manages the creation and the validation of TOTP credentials. If you want to represent a secret key as a QR code or "put your favourite thing here", I'd do it externally.
If you want to remove Guava, it's fine: refactoring things will be really easy. I'm not going to drop it here (I just added it to the solution, in fact), because I think the source code readability greatly benefits from it (I acknowledge this is a very small library, though).
from googleauth.
emcrisostomo
commented on May 17, 2024
@ari,
I've just pushed 0.4.1 with the updated POM.
I'm curious about why you want to remove Guava: is it because of its size?
from googleauth.
ari
commented on May 17, 2024
Well at first because it was a surprising dependency not in the pom. But then because I'm not sure I want a whole pile of extra code in our project to help with readability in a third party library (and from what I could see, that saves about 5 lines of code).
from googleauth.
emcrisostomo
commented on May 17, 2024
Yeah, I use Guava almost in every project and I added almost automatically when I refactored those exceptions (because of related design choice in some EJBs of ours where we use this component).
You got your point: I'm going to drop it.
from googleauth.
emcrisostomo
commented on May 17, 2024
@ari, dependency to Guava has been in GoogleAuth v. 0.4.2.
from googleauth.
Related Issues (20)
- candleData method error HOT 1
- Unable to pass OTP starting with number 0 HOT 1
- OTP starting with 0 is not working HOT 1
- Unable to authorize codes that have a leading zero HOT 1
- How to fix the length of the TOTP ? HOT 3
- Setting valid time to OTP
- Setting timeout to passcode HOT 2
- Replacement for Google Charts usage HOT 4
- Get time remaining HOT 1
- More than one file was found with OS independent path 'META-INF/DEPENDENCIES' HOT 1
- Can not authorize with scratch code. HOT 3
- Does this code have C# (.net) language implementation? HOT 1
- Use JDK (8+) Base32/64 codecs instead of apache commons HOT 3
- Use of api.qrcode.com
- Generate a code which will be valid for the next 30 seconds HOT 1
- Library gives true even previous otp is changed in GAuth app HOT 2
- Is there a way to generate scratch codes? Readme.md and manual PDF doesn't say how. HOT 1
- Import OTP Secrets from mobile GoogleAuthenticator? HOT 2
- How does the scratch code work?
- QR codes not recognized by Google Authenticator HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from googleauth.