Appauth-android: Call for new maintainer

Created on 5 Feb 2019  路  15Comments  路  Source: openid/AppAuth-Android

After almost 4 years as the lead maintainer of AppAuth-Android, it is time for me to move on. While I am still very passionate about the authentication and identity space (and direct an engineering group related to this at WeWork), I do not personally have the time to commit to keeping pace with questions and changes in the Android ecosystem. As such, I am looking for a new active maintainer for this project.

In my estimation the library is currently stable and fit for purpose for most third party authorization use cases. My biggest time sink as a maintainer has been answering questions related to OAuth2 usage patterns rather than anything specific to the library itself in most cases. Helping the community through the transition to AndroidX is probably the most immediately pressing technical task, and beyond that keeping pace with the most widely used extensions to OAuth2 and OpenID Connect is important.

The time commitment necessary is around one day a week. If you feel you have the domain knowledge and time to offer to the project, please let me know and I will arrange to give you the committer rights and introduce you to the other interested parties in the community.

Thank you all for your questions, contributions and support during my tenure working on this project. It has been rewarding and educational in equal measure, but it is time to accept the reality that I am no longer able to commit the time to being a responsible steward of this library and community.

help wanted

Most helpful comment

How is this going? I've been using this library for some time now and I wouldn't mind helping with the review of pull requests and perform the release chores. This lib cannot just remain stale for years, it'd be a shame :S

All 15 comments

Thank you @iainmcgin you did an exceptional work. we are using AppAuth on Android a lot!

Just want to add my 2 cents here. Some devices have issues receiving the callback (may have to do with Chrome not being on the android device). It resulted in me ditching AppAuth. Also, https://github.com/openid/AppAuth-Android/issues/123 is a pretty significant problem. I had to fork the repo to make it work properly.

These problems led me to move away from using appauth. I can't honestly say I recommend it in it's current form. With that being said I love the idea of appauth. But it does need some finishing touches.

Where are all the Android gurus when needed :). Thx for your time and effort @iainmcgin.

@dalu I was only using AppAuth for Google OAuth, so I went with Native Google Login. For my app though that caused issues because it adds the google account to the phone which I don't want, so I just recently switched to using Auth0 which has all sorts of support for OAuth integration. Auth0 can cost money depending on your needs/user count, but so far it's been worth it.

I would also like to thank @iainmcgin for his effort spent on this project!

Would somebody from the openid organization be able to update us on the status of this "issue"?

  • Are you actively seeking a new maintainer? Is it a paid position?
  • What sort of timeline do you anticipate until this project becomes active again?

(Going to tag @WilliamDenniss here in case he has the inside scoop, since he does an incredible job of maintaining AppAuth-iOS!)

The OpenID Foundation hosts this project, but are not responsible for maintaining it (any more than any other git repo under the org). As an open source project, duty falls to the _AppAuth Android Community_, being you, me, us. So it's up to us to continue this work, if we want to see it continued.

I'm an admin of this project, but lack the required Android knowledge to be a maintainer. I'm happy to review any applications for the maintainership position.

So, if someone has demonstrated experience in contributing to open source Android projects and wishes to take on this role, let us know!

The best way to apply for the maintainer role would be to show us your personal fork of AppAuth Android where you could merge or fix some outstanding issues. That would help us to see the quality of your work, and if we like it, then those changes can be immediately pushed to the primary repo, and you can continue the work there as a maintainer.

Note that this is a fairly complex topic, involving a nuanced understanding of how Android intents and app priorities interact. That's also the value that this library brings our users, being that they don't have to worry about this themselves.

This is a volunteer role.

@WilliamDenniss @iainmcgin I don't mind helping with maintanence. I won't have 1 day a week to spend on this but I will help with the triage of issues and pull requests being merged. As you can see I made a PR to fix the AndroidX issue. And my own branch has a fix for the hyrbid login model (although that was a quick fix, I'd need to clean it before making a mergable PR).

So happy to help, but hope we can also continue to look for more maintainers.

Hi, is there any new release planned? I've just seen the last release was in August 2018 and some important fixes like https://github.com/openid/AppAuth-Android/issues/402 were fixed later.

A new release including that fix would be very appreciated because that issue is a bit dangerous, it causes crashes when getting http codes > 300 in token requests.

@WilliamDenniss @iainmcgin @blundell what do you think? Thanks in advance

@iainmcgin Are you still looking for a new maintainer?

How is this going? I've been using this library for some time now and I wouldn't mind helping with the review of pull requests and perform the release chores. This lib cannot just remain stale for years, it'd be a shame :S

Hey @iainmcgin , happy to chip in and commit time for AppAuth. Let me know where I can help, I have been using it for quite a while now and would gladly contribute to keep this library going.

Are there any updates on the maintainers front @iainmcgin ? would be great if you can point us to the right direction.

Could anyone get in touch with @iainmcgin? Looks like we may have a candidate :)

I have given @amrfarid140 maintainer access on this repo, along with @agologan who had reached out to me privately. Both of you should reach out to the OpenID Foundation and introduce yourself to some key people, such as @ve7jtb and @WilliamDenniss, and ensure you understand the current requirements for the contributor license agreement and accepting submissions.

I wish you both luck in carrying the project forward; if there are questions you should still be able to reach out to me, and I'll keep myself as an admin on the repo for now. When you next need to make a release via jcenter, I'll figure out how to give you the necessary permissions there to push a release.

As @blundell had previously helped with some maintenance tasks, I've added him as a maintainer also.

Was this page helpful?
0 / 5 - 0 ratings