Forem: jakubkoci

OpenID Connect Login

jakubkoci — Fri, 12 Dec 2025 16:28:00 +0000

I've implemented OpenID Connect (OIDC) login a few times in my career. Two times this year, actually. But I always forget all the steps and details, so I wanted to write them down in this article for future reference. Even if we use a library to manage the majority of those steps, we we can still benefit knowing the details under the hood.

I'm going to describe Authorization Code flow with PKCE. This diagram illustrates the flow from a high-level perspective:

Terminology

The OpenID Connect is built upon the OAuth specification. The OAuth defines quite a specific terminology that we don't usually use in our day-to-day engineering work. There are a few terms from the The OAuth 2.1 Authorization Framework spec I intentionally simplified or omit for the purpose of this writing:

User Agent: the Browser, just a regular web browser
Client: the App, a confidential, web application client
Authorization Server: the Identity Provider as referred to in OIDC specification
Resoruce Server: The Identity Provider issues a JWT at the end of the process that is then used to access a Resource Server. That part is out of scope of this article.

For the purpose of this article, I also use the terms front-channel and back-channel that are commonly used, though not part of the OAuth specification:

Front-channel: Unsecure, browser-based redirects. We should not send any sensitive information through this channel.
Back-channel: Secure, direct server-to-server communication between the App and the Identity Provider.

Flow

I haven't found a better way to explain the flow than using HTTP requests and responses. It's independent of a particular programming language and can demonstrate lower-level details without too much boilerplate. The flow begins when a user enters the URL of the App into the Browser. The Browser sends a request to the App without a session cookie yet (step 1).

GET / HTTP/1.1 
Host: app.com
Cookie:

The flow begins when a user enters the URL of the App into the Browser. The Browser sends a request to the App without a session cookie yet (step 1).

The App sends a response to the Browser with a redirect to the the Identity Provider (step 2). We can't send anything sensitive via a front-channel because it's publicly visible.

HTTP/1.1 302 Found
Location: https://identityprovider.com/login?response_type=code&client_id=acme&redirect_uri=https://app.com/api/auth/login-callback&scope=profile,email&state=xyz789random&code_challenge=xyz&code_challenge_method=S256

response_type: Suggests we want to use the Authorization Code flow from the OAuth spec.
client_id: An identifier of the App.
redirect_uri: Where the Identity Provider should redirect the user after successful login.
state:
- Protection against CSRF (Cross-Site Request Forgery) attacks.
- Randomly generated string.
- Must be verified by the App when handling the login-callback request as described in the next step.
code_challenge: PKCE part of the flow.
- Protection against Authorization Code Injection/Replay attacks.
- Generated based on a randomly generated code_verifier. The app adds only the code_challenge to the URL. The app will send the code_verifier to the Identity Provider later.

Side note: The state and code_verifier must be stored somewhere during the authorization flow. In our case, we use a web application with a server component so we can store both state and code_verifier temporarily in a server-side session storage.

The flow continues with the Identity Provider showing a login form. After successful login, the Identity Provider sends a response to the Browser with a redirect to the App (step 3). It uses redirect_uri as the redirect location. Again, this is a front-channel, so we can't just send the token yet.

HTTP/1.1 302 Found
Location: /api/auth/login-callback?code=123state=xyz789random 
Host: app.com

code: Generated by the Identity Provider and stored together with code_challenge and redirect_uri to be verified later.
state: Received from the App in the previous step (step 2). The app checks if the state matches the value it sent before.

The App sends a token request to the Identity Provider (step 4). Although we put the values into URL params, we sent them in the body. That means we're in secure back-channel and we can finally send sensitive information such as client_secret and code_verifier.

POST /token HTTP/1.1
Host: identityprovider.com
Content-Type: application/x-www-form-urlencoded

code=123&client_id=acme&client_secret=acme-123&code_verifier=verified-xyz&redirect_uri=https://app.com/api/auth/login-callback

code: Received from the Identity Provider in the previous step.
client_id: The same ID as in the first step.
client_secret: The secret obtained before, together with client_id, during the App registration (not part of this article).
redirect_uri:
- Protects against Authorization Code Redirection URI Manipulation.
- Must be the same value the App sent in the first request.
code_verifier: Retrieved from a storage based on the state.

The Identity Provider verifies that client_id and client_secret are correct. It checks if the code_verifier matches the previously stored code_challenge and if the redirect_uri matches the previously stored redirect_uri for the given code. Then, it sends a response with token(s) to the App (step 5).

HTTP/1.1 200 OK

{ 
    "access_token": "eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ"
    "refresh_token": "def50200a8f4b9c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5"
}

access_token: A token used to access a Resource Server. It usually has short expiration period in minutes.
refresh_token: A token that has longer expiration period (half an hour and longer) and it's used to refresh the access_token when that expires.

The App sends a response to the Browser with redirect to home page at /. The response contains session as an http-only cookie.

HTTP/1.1 302 Found
Location: /
Set-Cookie: access_token=eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ; Path=/; HttpOnly; Secure; SameSite=Strict; Max-Age=900
Set-Cookie: refresh_token=def50200a8f4b9c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5; Path=/api/auth/refresh; HttpOnly; Secure; SameSite=Strict; Max-Age=604800

All the following requests the Browser sends to the App, automatically contains the session.

GET /whatever HTTP/1.1
Host: app.com
Cookie: access_token=eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ

If you want to understand more about the OAuth in general, this is the best talk on OAuth I've ever seen OAuth 2.0 and OpenID Connect (in plain English).

Hyperledger SSI Ecosystem

jakubkoci — Mon, 16 Aug 2021 08:40:16 +0000

I assume you already know something about SSI principles. If you don’t, I suggest checking out Introduction to Self-Sovereign Identity. Now, you’re probably interested in what particular SSI technologies are out there. In this article, I’ll describe SSI technology from Hyperledger. There are three projects under the Hyperledger umbrella related to digital identity. Hyperledger Indy, Aries, and Ursa. Indy and Aries also contain more, let’s say, sub-projects. Therefore, it could be hard to get oriented in all of that. I don’t want to dive too deep here, but describe their purpose and how they’re related to each other.

Hyperledger Indy (distributed ledger and wallet)

indy-node contains a source code for the node running as part of the distributed ledger network. It implements PBFT consensus protocol, and it’s not intended to run as a public permissionless network as Bitcoin or Etherum but rather as a permissioned network. There is not one single instance of the Indy network. There are many of them. The most famous and publicly available is Sovrin, which was the first one. You can also use indy-node to run your network or run it locally on your machine via Docker for testing purposes.

indy-sdk works partially as a client for indy-node, but it has much more functionality. The library is written in Rust, and you can find it under the libindy folder. The binary file name is the same. There are also wrappers allowing you to use the library with other languages like Node.js, .NET, Java, Obj-C, and Python. We can divide the functionality into three parts:

Client for the distributed ledger. It allows to write public DID, register schema, and credential definition or work with revocation registry.
Manipulation with DIDs and verifiable credentials. There are methods to create and update DIDs, encrypt and decrypt messages, and create credentials or proofs.
A wallet as secure storage for keys, credentials, and other data. The wallet automatically stores private keys and allows storing other data. All encrypted with a wallet seed. It’s possible to export and import the data back if needed.

All these functions are still relatively low-level, so it would be better to try out some of the Aries frameworks, as I’ll explain later in the Aries chapter.

There are discussions in the community about splitting indy-sdk into more specific standalone libraries. There are already these three projects:

indy-vdr: client for distributed ledger.
indy-shared-rs: DIDs and verifiable credentials.
aries-askar: a wallet as secure storage.

There is another project that wants to evolve from indy-sdk. Evernym company forked the indy-sdk and created vdr-tools.

I think you’re still good to go with indy-sdk for now while being aware of other libraries.

Hyperledger Ursa (cryptography)

In the beginning, there was no Ursa or Aries, just Indy with all functionality together. As time went by, the Hyperledger community realized that there are a lot of useful cryptographic primitives which can be extracted and used by other Hyperledger projects. That’s the reason why Ursa has been created. It’s only one ursa repository containing encryption, signatures, and zero-knowledge algorithms. I’m not a cryptographer, and I’ve been working mainly with Indy and Aries, so I don’t know many details about it. I will leave that investigation up to you if you need to learn more. However, for many SSI use case implementations, you will be good just with knowledge of Indy and Aries.

Hyperledger Aries (protocol and higher-level abstractions)

In the indy-sdk section, I described that it provides functionality to create DIDs, credentials, proofs, etc. Now, you need a way to securely exchange those items in an interoperable and portable way according to SSI principles. That’s the goal of the Aries project. The specification of the protocol is in aries-rfcs, which originated from an older project, indy-hipe (the protocol was part of Indy in the beginning).

There are implementations in more languages like JavaScript, Python, .NET, Go, and Rust. All of them except for Go are using indy-sdk under the hood. Go framework implemented indy-sdk functionality on its own from scratch. That’s the beauty of it. As long as you’re compliant with the protocol, you can build it according to your own needs.

On top of that, as I mentioned earlier, Aries frameworks and libraries add some level of abstraction over indy-sdk to save you some time with repeating tasks. They offer better developer experience, simplicity, and faster development of SSI applications for all issuer, holder, and verifier roles.

Here is a diagram showing how all those components fit together. I took Aries JavaScript Framework for demonstration (I’m a little bit biased here because I started the project, and I’m a fan of it, of course):

Each project would deserve a standalone article. Hopefully, you have at least a good overview of the SSI ecosystem. Maybe we can dive deeper next time.

Introduction to Self-Sovereign Identity

jakubkoci — Sun, 28 Mar 2021 13:22:28 +0000

In this article, I will do my best to explain self-sovereign identity from the end-user perspective, without any technicalities.

Self-sovereign identity (SSI) is, simply put, a decentralized digital identity, but before we dive in, let’s look at what identity and digital identity actually means.

Identity

Identity is not only about a physical identity card issued by the government. An identity is a group of various attributes and relationships describing the existence of each individual. Some of these attributes we get assigned (like a name), some of them just happen (like date of birth). It could be our capabilities, our relationships, our biometric information, and our behavior. All these attributes belong to our identity. We can be uniquely identified based on some of these attributes in a given context. Sometimes our first name is good enough, sometimes we need our last name or date of birth. In a more formal context (communication with the government for example), we need an ID card with an ID number on it, which was given to us. On the other hand, our friends probably wouldn’t need to see our ID card but could be skeptical about our behavior, in both positive and negative ways. Remember when you did something unexpected and your friend was confused, asking “Who are you?”.

Nowadays, we usually use physical documents such as an ID card, driving license, birth certificate, university diploma, marriage certificate, and so on, to prove our particular identity attributes. How can we do the same thing in today’s digital world?

Digital Identity

You probably already have some sort of digital identity. Do you have an account on any social network? How many usernames and passwords do you have? I bet it’s plenty. Every username and password represent your so-called user account to access a specific software system (web or mobile application). Such system also keeps other information about us, like name, birth date, address. It sometimes also links your user account with other user accounts, representing your “digital” relationships with these users. As you can see it’s really similar to the identity description above. However, it has some problems.

Problems with Digital Identity

It’s hard to reuse our data. There are systems that require more than just your e-mail (as username) and password. Such systems often require additional personal details like date of birth, residence address, and sometimes even more. This data is usually usable only on the specific software platform. You’re vendor locked-in.
You have to provide this data all over again and you are actually not able to remember what you’ve shared with whom. It brings us to a problem where there is a large amount of duplicated data in the systems we’re using.
We can partially solve this data reuse and duplication problem by using a mechanism called single sign-on. Single sign-on is when you see buttons like “Log in with Facebook” or “Log in with Google”. First, you log in with your Facebook username and password, then when you’re trying to log into another system, it asks Facebook who you are and creates your user account based on that. The benefit is that you don’t need to create yet another password. The problem is that it creates centralized silos of data. Let’s say you’re using Facebook as a single sign-on on every other web application. Your digital life becomes dependent on Facebook. You have to hope they won’t cut you off from their service (yes, they can do that) or you won’t have a reason to leave. Facebook also knows exactly when and where you’re logging in. If there is a data breach, your user accounts in other software applications are at risk. These centralized silos of data are problematic even without single sign-on. Services with a huge amount of users with one centralized database are honeypots for hackers.
If you follow current security recommendations, you should use a new username and password for every new registration to an application. Even if you don’t use a new username, but you just create a new password and use your e-mail as a username, it’s still too many passwords to manage. You can solve this with a password manager, and you should (really, go and install one right now). However, using your e-mail as a username has its own issue. What if you want to change your primary e-mail address? I’ll let you think about the consequences of such an act :). It’s possible to get rid of all usernames and passwords with SSI. I’ll explain how later.

Decentralization

So far we’ve discussed identity and its digital representation. What about that decentralized part which is so crucial for SSI?

Let’s look at physical documents. These documents contain selected attributes about our identity attested and issued to us by an authority. They have signatures, stamps and other watermarks to provide tamper-proof and trust. Whoever trusts these signatures and authority, trusts the data on the document and doesn’t have to contact an issuer for every verification. We have it under control and in our possession, stored in a wallet or in other places. They’re already somehow decentralized. For example, my ID card contains my ID number, first name, last name, date of birth, and address. It’s attested by the government. I can use it to prove my age in a liquor store and the merchant doesn’t have to contact the government.

We can do the same with digital documents. Of course, we’re not able to sign it with a physical signature, so we need to use a digital signature. Instead of storing such documents in our physical wallet, we save them in a software wallet, which could be an application on our mobile phone, tablet, or laptop. These documents are called verifiable credentials and we can use them in both the digital and physical world.

Just Scan a QR Code

I’ll demonstrate some scenarios of how it could work in the real world. We start with a software wallet, most likely in the form of a mobile app that we can download from an app store. Then, we go to the government office just as we go there for a new ID card. A clerk will generate a QR code on a display. We scan it with our mobile app and get our government identity card in the form of a verifiable credential. Now, we can go to a bank website to open a bank account. The bank website shows a QR that contains the information they need from us to open the account. We will see the requested data in our mobile app. If we confirm this share request, the bank will verify the digital signature from the government, and if the bank trusts this they can open an account for us.

Verifiable credentials are not only about a digital identity card. You can have almost any document you can imagine in the form of a verifiable credential. It could be a bank account statement proving your income, certificate or diploma proving your education, or just an ordinary public transport ticket. Another example could be an application for a credit card. Let’s say you have a bank account in ABC bank and you want a credit card in XYZ bank. You go to the XYZ bank website, scan a QR code and share your ID number, last name, and address from the digital identity credential together with your income for the last 3 months from bank account statement credentials issued by ABC bank. No more filling sensitive data into endless forms again and again. Similarly, you can get a verifiable credential representing your university diploma and then share it with your new employer. This way, you are building your decentralized digital identity one credential at a time.

Roles of SSI

There are three basic roles in SSI. Issuer, verifier, and holder. The first scenario above described the government as an issuer, issuing an ID card credential, the bank as a verifier of the credential, and us, users, as holders of the credential. In the second scenario with a credit card, one bank was an issuer of a bank account statement and the other was a verifier. The reason I’m explaining these roles instead of just using government, bank, and user directly is because who is in what role depends on the exact use case. Let’s say I want to verify if an e-shop is a legit business by verifying its business license before I place an order. Then I can issue a credential to my friend to receive the delivery if I’m not at home.

Roles in SSI.

Principles of SSI

Each party in the examples demonstrated above needs some software to participate in a credential exchange. This software doesn’t have to be from the same provider at all. If everyone is compliant with self-sovereign identity standards, we can use whatever vendor or platform we want and still be interoperable. This also allows for portability from one provider to another. Remember, we need to have data under our control and decide where it will be stored. Therefore we should be able to move our credentials from one mobile app to another, keeping all of them usable and valid.

The software wallet securely stores all credentials encrypted and accessible only via biometric or passcode authentication. Each credential exchange is done via a secure communication channel. It’s created when a user scans the QR code or reused if the channel with the given party already exists.

Last thing I kept intentionally until the end is minimal disclosure, the best of all these innovations brought by SSI from my perspective. With physical or ordinary digital documents we need to share the whole document even if another party asks us just for one attribute. Let’s look at the date of birth and liquor store use case again. We need to share the whole ID card with the merchant although they look at the date of birth only. With verifiable credentials, we can use modern cryptography to disclose just one attribute while preserving data integrity and signatures. We can go even further and disclose only that the required attribute is in a given range without revealing the exact value. Imagine proving you’re older than 21 without revealing your age, proving your income is higher than a specific amount without revealing your salary or that you live in a specific city without revealing your exact address.

That’s all for the introduction to SSI. I hope I got you excited about this amazing technology. I tried to keep it high level so I can imagine you have a lot of questions. If so, don’t hesitate to ask and stay tuned for other articles that will probably go deeper.

How to start with programming?

jakubkoci — Sat, 15 Aug 2020 10:50:57 +0000

I’ve been interested in programming since I was 16, I studied computer science and was lucky to start a career as a software engineer. This, however, doesn’t mean that everyone necessarily has to take the same path as I did. I know many people who started programming without any previous experience or education and still succeeded. Although programming might be very challenging at first, it will most likely be fun. You will be able to create amazing stuff on your device and work wherever you are.

Many people ask me whether it’s possible to learn it, how hard it is, and where to start. I always try to give them as many positive answers as possible and encourage them to try it. On the other hand, I struggle to give them a simple explanation, so I decided to share a few tips with you.

Can anyone learn how to program? I think if you can read, write and count, then you will pretty much be able to learn at least basics of programming. There is no secret magic behind it, we’re not special magic species or wizards like Harry Potter, there is no secret Hogwarts college behind platform 9 and 3/4 for programmers. Don’t be afraid and just do it! That’s the most important first step.

Can anyone make a living on it? Maybe not. In my opinion, it depends on you and how much effort you want to put in it and there is no doubt that you need a lot of passion to become a good software developer. Not everyone has it, as not everyone necessarily likes music (no offense, I like it). Is it a problem if you are not good at math? No, I’m a good example it’s not :).

Now as you are motivated, let’s look at the difficult part, programming itself. Before I tell you where to start, let me explain what programming actually is.

Definition of programming

Programming means describing instructions of what we want our computer to do. We need a programming language, as computers don’t understand any human language, only machine code consisted of zeros and ones like this 1101010101.

Such instructions are usually in a textual form called “source code” written in a given programming language. It’s just a bunch of keywords and symbols (syntax) with given meaning (semantics), kind of similar to English, with more structure.

Selecting a programming language

Before you start, you need to select a programming language. There are hundreds of them, but I don’t want to make you confused. In the beginning, I recommend to choose JavaScript. You can find it everywhere as you can create many different kinds of apps (mobile, desktop, web). There is a lot of resources on the internet, some of them for free.

Although I highly recommend JavaScript, another good option for you might be Java or Python. If you have a good friend who knows one of them and is able to help you with it, these could be even better for you.

Where to start?

The best idea is to start with Welcome to learn.freeCodeCamp!, specifically, with these two courses:

Responsive Web Design Certification (I would go for this one if you are interested in making websites or web apps. Anyway, I think you will always find a way to use the basics of HTML and CSS. The benefit is that it’s more visual and you can apply this knowledge with your learning of JS later on.)
JavaScript Algorithms and Data Structures Certification Each course has around 300 hours or learning material. Don't be scared by this amount of time. Courses are divided into small interactive sections where you have a short explanation of the topic and playground where you can directly try and test your understanding to progress in small steps.

Other good JavaScript resources for beginners:

Khan Academy - Unit: Intro to JS: Drawing & Animation
Khan Academy - Unit: Programming
Eloquent JavaScript. It’s a free book about JavaScript, from the very basic to the most advanced part. Read and try at least Intro plus the first 5 chapters, which could be enough to start with. After practicing you can check out other articles or courses for JavaScript basics and come back later for the advanced stuff.
JavaScript Tutorial: Learn JavaScript For Free | Codecademy
Code School: JavaScript Road Trip Part 1 | Pluralsight
The Modern Javascript Tutorial

I also like @eggheadio. Although courses for JavaScript are paid, there are free courses related to other programming topics.

I’ve recently discovered the Programming 101 with “Uncle Bob” video. I would say the content is mainly language agnostic, but there is a Java demo at the end. It nicely introduces you to programming logic. Look at the first 35 minutes, the rest is optional.

If you’ve really decided that Java will be your first language, look at Course | Programming Methodology - YouTube. It’s a course from Stanford University, not strictly about Java, but more about general programming principles demonstrated with Java programming language and taught by the most passionate teacher I’ve ever seen. I guess it’s not for total beginners, take it as a part of education, not only a resource for your learning.

What’s next

After you make your first steps into programming, you should already know what exactly you are interested in. Mobile apps? Web apps? Games? Your interests can also influence your decision about choosing a programming language. I just want you to know that this is not the end, but the beginning. If you are thinking about taking programming seriously, as your job, Green Fox Academy - Junior Developer Course provides a good overview and a roadmap of the programmer’s knowledge base.

Learning tips

Read, watch, listen.
Do tutorials, don't bother with re-writing it, that's ok.
Write your own stuff. Inspire yourself with a tutorial, then change requirements a little. If you did a tutorial on the to-do list, change the to-do list to a list of finance records. In this way, you’ll be enforced to think more about what you’re learning, not only re-writing code from tutorials.
Practice, practice, practice. Have you heard about 10 000 hours rule? You learn programming only by writing code.
Focus. You will see a lot of different resources, opinions, job opportunities for a lot of different technologies. Although a software development career is a never-ending learning story, it’s good to master your already gained skills first, don’t jump from one language to another.
Patience. I said it is possible, but I didn’t say it would be easy. It takes a lot of effort. It takes a lot of time. Don’t give up with first struggles. Don’t be too harsh to yourself. You don’t have to get everything for the first time, even for the second or third time.
Nobody knows what they're doing. Don’t forget, software engineering is a young field and Nobody knows what the fuck they’re doing – Max Stoiber – Medium

I hope you’re now motivated and couldn’t wait to start. Good luck and enjoy the road!

To my lovely girlfriend.

Origin of Banks

jakubkoci — Thu, 16 Jul 2020 19:56:25 +0000

Last summer I was on vacation in Italy. Because of my interest in the history of money, I realized there are some interesting places worth visiting connected to banking history. Let me take you on a short trip explaining the origin of banks.

Pisa

Our first stop is Pisa. This was the birthplace of Leonardo of Pisa. You probably know him as Fibonacci. He is known for his sequence of numbers, Fibonacci sequence, but he also helped build the financial industry. During his travels across the Mediterranean, he realized how much easier it is for merchants to use Arabic numerals for calculations vs. Roman numerals, which were used heavily in Italy back then. Based on this finding he wrote the Book of Calculation in the year 1202, demonstrating the benefits of Arabic numerals for different kinds of commercial calculations like currency conversion or computation of interest from money loans.

Pisa

Venice

Fibonacci’s calculations became very valuable in Venice, which was the trade center between Western Europe and the rest of the world. But that was just the first step towards banking as we know it today. Overseas business voyages were profitable, but costly and merchants needed funding to make it happen. There was also a risk of ships sinking, causing the loss of all invested money therefore nobody wanted to lend money for free. The problem was the Medieval church’s law against usury, charging interest for a loan. However, this law only applied to Christians, not to Jews. Jews weren’t supposed to lend with interest to other Jews, but they could lend to a stranger, to a Christian.

Jews were forced to live in a ghetto where they were providing financial services, sitting behind their desks on benches. That’s the origin of the word bank, from the Italian word “banco” which means a bench.

Banco Rosso, Venice. The place with one of the first banks (benches).

Today’s banks are usually big companies. That’s not a coincidence, they have to be big to reduce risk. In comparison to individuals or a small group of Jews in Venice, it’s a huge difference. When an individual lends money, it’s usually a significant part of his portfolio and it could have a devastating impact on his business. Therefore he is forced to require a large interest to cover such cases. A higher interest could be good for the lender, but it’s not so convenient for the borrower. Shakespeare’s play Merchant of Venice demonstrates this issue nicely.

Florence

Money lenders needed to become bigger. Let me take you from Venice to our last stop, Florence. The Florentine Medici family, which I consider the biggest financial disruptors of the 15th century, created huge wealth based on two tricks:

creation of a decentralized network of partners to protect against defaulting of their clients
hide interests as commission for currency conversion

The second point allowed them to avoid the church’s anti-usury law. They couldn’t provide a loan for interest but could charge a commission for currency exchange. Let’s say you would like to exchange 10 euros for 12 dollars. You would get 12 dollars immediately, but pay them 10 euros plus some commission later. The longer the period, the higher the commission and therefore interest.

Via Arte Della Lana, Florence. The street where the Medici family had their bench and was providing financial services.

The Medici family founded the Medici bank in 1397 and we can even say they later financed the whole renaissance.

If you like such stories, I really recommend watching the documentary The Ascent of Money (TV Series 2009) - IMDb which served as a reference for this article.

Infrastructure as Code in TypeScript

jakubkoci — Mon, 06 Apr 2020 19:50:19 +0000

It's been about 4 three years since I participated in the AWS hackathon. There were some great talks about AWS before the hackathon itself. I remember I was both amazed and overwhelmed at the same time. I was amazed by the possibilities you have with AWS and saw a huge potential there. On the other hand, I was overwhelmed by all the clicking here and there across the AWS console. Time went by and I haven’t worked with infrastructure so much until now.

Fortunately, I’ve recently found Pulumi which saved me from the AWS console clicking panic. Pulumi is a tool that allows you to define your infrastructure as a code. It supports AWS, Azure, GCP, and many other cloud providers. You can also use it for Kubernetes. I know there are already similar tools like AWS CloudFormation or Terraform. The problem is that the first one is only for AWS and the second has its own custom language. Here comes the biggest advantage Pulumi has from my perspective. You can define your infrastructure in JavaScript or TypeScript. It also supports Python and there is some preview version for Go and C#.

My infrastructure is just one EC2 instance with inbound SSH and outbound internet access. However, I still ended up with something a little bit different than what was in the official Pulumi Getting Started documentation and I also found some errors I needed to solve along the way. That's what I want to share with you here.

Pulumi Get Started with AWS | Pulumi manual is quite good, so look for the Pulumi installation, AWS Setup and creating a new project there.

After successfully going through the quickstart project, I continued with a project for my infrastructure. It consists of VPC, subnet in the VPC, routing tables, internet gateway, EC2 instance and connecting them all together. Therefore Deploy a Webserver to AWS EC2 | Pulumi wasn’t enough for me.

Let’s start with the VPC, internet gateway, one subnet and routing table. Here, it’s important to say that you don't need to define 10.0.0.0/24 with local target because it's created automatically. Actually, it throws an error if you try to do so.

This is not mentioned in RouteTable | Pulumi docs. But, fortunately, it’s based on Terraform aws_route_table where you can find the explanation “Note that the default route, mapping the VPC’s CIDR block to ‘local’, is created implicitly and cannot be specified.”

import * as aws from '@pulumi/aws';

const vpc = new aws.ec2.Vpc('my-vpc', {
  cidrBlock: '10.0.0.0/16'
});

const internetGateway = new aws.ec2.InternetGateway('my-internetgateway', {
  vpcId: vpc.id
});

const subnet = new aws.ec2.Subnet('my-public-subnet', {
  cidrBlock: '10.0.0.0/24',
  tags: {
    Name: 'Main'
  },
  vpcId: vpc.id
});

// Allow access to any address outside VPC except for addresses inside VPC.
const publicRouteTable = new aws.ec2.RouteTable('my-route-table', {
  routes: [
    {
      cidrBlock: '0.0.0.0/0',
      gatewayId: internetGateway.id
    }
  ],
  vpcId: vpc.id
});

AWS creates a default routing table when creating VPC, but it permits everything. We needed to create a routing table to allow access from the internet and associate it with subnet here:

const publicRouteTableAssociation = new aws.ec2.RouteTableAssociation(
  'my-route-table-association',
  {
    routeTableId: publicRouteTable.id,
    subnetId: subnet.id
  }
);

Now, let's create a security group allowing inbound SSH access to EC2 instance and security group allowing outbound internet access to EC2 instance. For the definition of the second one, the SecurityGroup | Pulumi documentation says: “If you select a protocol of -1 (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1”.

const sshGroup = new aws.ec2.SecurityGroup('ssh-access', {
  ingress: [
    { protocol: 'tcp', fromPort: 22, toPort: 22, cidrBlocks: ['0.0.0.0/0'] }
  ],
  vpcId: vpc.id
});

const internetGroup = new aws.ec2.SecurityGroup('internet-access', {
  egress: [
    { protocol: '-1', fromPort: 0, toPort: 0, cidrBlocks: ['0.0.0.0/0'] }
  ],
  vpcId: vpc.id
});

Pulumi can also upload a public key for SSH access to EC2 instance for you. I don't like to hardcode such things so I added dotenv package and set the key in .env file, which is not versioned. This is the beauty of using TypeScript because you can use it in a way you're used to in your usual development process. The format of the key and other details are described here KeyPair | Pulumi.

// Add import at the start of the file
import * as dotenv from 'dotenv';
...
dotenv.config();
...
const publicKey = process.env.SSH_KEY;
if (!publicKey) throw new Error('Missing public key.');
const key = new aws.ec2.KeyPair('key', { publicKey });

Finally, we define our EC2 server. You can see I didn't use aws.getAmi(...) method, but I set amiId I found in Ubuntu Amazon EC2 AMI Finder directly. Also, if you don’t have EC2-Classic VPC, you need to assign groups with vpcSecurityGroupIds attribute. The code in the official documentation example shows usage of securityGroups: [group.name], but it has been deprecated and throws an error.

const server = new aws.ec2.Instance('my-server', {
  instanceType: size,
  ami: amiId,
  subnetId: subnet.id,
  vpcSecurityGroupIds: [sshGroup.id, internetGroup.id],
  keyName: key.keyName
});

One more thing. This EC2 instance we created doesn't have a public IPv4 assigned by default. We can set associatePublicIpAddress: true in InstanceArgs definition or define Elastic IP. The benefit of Elastic IP is that it stays the same even if you restart the machine.

const eip = new aws.ec2.Eip(‘my-server-eip', {
  instance: server.id,
  vpc: true
});

Now, you can run pulumi up and Pulumi creates everything in AWS for you. No clicking, just the code. You can access the machine by ssh -i ~/.ssh/id_rsa ubuntu@<ELASTIC_IP>.

There aren’t as many tutorials and examples on the Pulumi docs site. You would need to go through the API reference or look into Github (yes, it’s open-source). I’m adding some links I found useful:

Pulumi AWS API Reference
Pulumi AWS EC2 API Reference
Pulumi AWS Node.js SDK on GitHub
Pulumi examples on Github - Examples in all supported languages. Particularly the folder aws-ts-resources helped me with my effort.
Provider: AWS - Terraform by HashiCorp - You can also look into Terraform docs as I did with RouteTable specification.

React Native Push Notifications

jakubkoci — Sat, 29 Feb 2020 21:37:33 +0000

So you want to start using push notifications in your new shiny mobile app written in React Native. But if you’re new to mobile development and you don’t know anything about how push notifications work, you can be lost (as I was the first time). What’s so difficult about push notifications?

Each platform (Android, iOS) implements it differently.
React Native implementation itself is a bit different for each platform and React Native push notification libraries can also have differences.
There is some backend/server-side involved.
Different behavior based on the state of the app (open, in the background, closed) from the user perspective.
Various types of notifications (local/remote, foreground/background, …).

First, let’s look at the general specifics of push notifications and then I’ll discuss the selection of React Native library and show you how to set up push notifications and React Native notifications library on each platform.

Architecture

APNs (Apple Push Notification service) and FCM (Firebase Cloud Messaging) are cloud services provided by Apple for iOS and by Google for Android, respectively. To utilize these services as a developer, you need to register your app for APNs or FCM (I’ll explain how to do that later). After that process, you will get a certificate for iOS and Server API Key for FCM which you will save into your notification provider. Notification Provider could be AWS SNS for example. You can also use FCM, build your own or it can be part of your backend system.

The goal of APNs and FCM services is to allow you to send a notification to a user without knowing anything about the IP address of the user’s device. You just add some code into your app which registers the user’s device with APNs or FCM and returns back a device token. Then you send a notification message for the given device token from your backend system via notification provider to APNs or FCM and they take care of the rest - delivery to the user’s device.

Notification Types

Foreground vs. Background

Foreground notification means notification which the user gets when the app is open and running.
Background notification is either when the app is running in the background or when the app is closed.

There is a different behavior and API for handling notifications depending on the state of the app on the user’s device and you have to be prepared for that.

Remote vs. Local

A local notification is a notification initiated from within the app and then delivered into the system notification center by a given time or repeatedly. Such notification is not being sent from the server. Vice versa, a remote notification is sent from a server. In this article I’ll be focusing mainly on remote notifications.

React Native library

So far, I’ve tried two libraries:

I started with zo0r/react-native-push-notification, but I had an issue with receiving background notification on iOS so I went with wix/react-native-notifications.

Install the library by running:

Yarn: yarn add react-native-notifications or
NPM: npm install —save react-native-notifications.

Now, you can go through the setup section for iOS or Android as you need. In any case, you need to go through React Native Implementation section right after that, before going to “testing” section for any platform.

iOS Setup

Enroll in Apple Developer Program

If you want to send a remote notification, even just for testing purposes, you have to be enrolled in Apple's developer program. It costs $100 for a year, but if you want to publish your app in App Store you would need to do it anyway.

Enable push notification

Open your project in Xcode. I’m using RN > 0.60 so I open PushNotificationsWixDemo.xcworkspace. Go to Xcode project settings -> Capabilities and turn on Push Notifications (see Add a capability to a target). To see this option in Capabilities menu, you need to be logged into Xcode with your Apple ID which is enrolled in the Apple developer program as I mentioned before. Advanced App Capabilities shows what kind of developer account you need for a specific capability.

Create a Certificate

You need to create a TLS certificate to be able to communicate with APNs. You can do that in your Apple Developer Account page in Certificates, Identifiers & Profiles section.

Before you start, you need to Create a certificate signing request (don’t forget to fill in “Common Name” field, otherwise, the certificate created from such CSR won’t work). When you have one, for example, CertificateSigningRequest.certSigningRequest, continue with creating the certificate as described in Communicate with APNs using a TLS certificate. When asked for Certificate type, just select Development SSL Certificate, that’s good enough for playing around with push notifications within your project. For the production version of the app distributed via App Store and even for beta testing via TestFlight you would need to create a Production SSL Certificate.

During this process, you’ll create, download and add cer file into your Keychain. Then you’ll export p12 file which we will use later for testing push notifications.

NOTE: While writing this article, I found there is another option: Communicate with APNs using authentication tokens, but I haven’t tried it.

Other useful resources:

React Native Setup

Continue with other steps in React Native Notifications Getting Started Guide · React native notifications related to iOS:

pod install —project-directory=ios/
Update AppDelegate.m

Android Setup

As I mentioned before, Android is using FCM for push notification delivery. I would say it’s more straightforward. You just need a Google Account to log in to Firebase Console and create a project for Android there. There is one thing that could be a bit confusing. You can set up and use FCM also for other platforms such as iOS, web, C++ or Unity, but this only means that FCM could work also as a Notification Provider from our diagram. It’s not a replacement for APNs service and you would need to do iOS setup described above anyway.

SIDE NOTE: As of April 10, 2018, Google deprecated GCM. Then removed the GCM server and client APIs by April 11, 2019. You need to migrate GCM apps to Firebase Cloud Messaging if you’ve used it before. That’s also the reason why you can spot GCM from time to time, in dependencies or as an attribute in message payloads for example.

Create Firebase Project

If you want to send push notifications to Android, you would need to create a project in Firebase Console Firebase Console and register your app there (as described at Add Firebase to your Android project | Firebase step 1., 2. and 3.

Step 1: Create a Firebase project:
- Add Project
- Project name push-notifications-wix-demo
- Turn off “Enable Google Analytics for this project"
Step 2: Register your app with Firebase:
- Android package name: com.pushnotificationswixdemo (you can find it in android/app/build.gradle file, android -> defaultConfig -> applicationId)
- App nickname (optional): Push Notifications Wix Demo
- Register app
Step 3: Add a Firebase configuration file:
- Download google-services.json and put it into PROJECT_DIR/android/app/ folder.
- Update PROJECT_DIR/android/build.gradle and PROJECT_DIR/android/app/build.gradle files. Beware that there might be differences in specific versions defined in Firebase console and Android Installation · React native notifications. I usually try to set the Gradle files according to current Firebase console recommendations and downgrade if it doesn’t work with React Native notification library.

React Native Setup

Continue with other steps in Android Installation · React native notifications:

Add the library to your application class (e.g. MainApplication.java)
Link react-native-notifications in PROJECT_DIR/android/settings.gradle

Now you should have everything set up correctly. Open Android Studio and try to build your app as a sanity check whether you have correct dependencies.

Android Client Setup Under the Hood

There is more information about Set up a Firebase Cloud Messaging client app on Android | Firebase and FirebaseMessagingService | Google APIs for Android | Google Developers, but wix/react-native-notifications library does a lot of it for you and you don’t have to worry about it. I’m adding it just for reference. I found it interesting to know what’s under the hood.

React Native Implementation

Create PushNotificationsManager.js file with following content and add it into your project:

import React from 'react'
import { Platform, View } from 'react-native'
import { Notifications } from 'react-native-notifications'

export default class PushNotificationManager extends React.Component {
  componentDidMount() {
    this.registerDevice()
    this.registerNotificationEvents()
  }

  registerDevice = () => {
    Notifications.events().registerRemoteNotificationsRegistered(event => {
      // TODO: Send the token to my server so it could send back push notifications...
      console.log('Device Token Received', event.deviceToken)
    })
    Notifications.events().registerRemoteNotificationsRegistrationFailed(event => {
      console.error(event)
    })

    Notifications.registerRemoteNotifications()
  }

  registerNotificationEvents = () => {
    Notifications.events().registerNotificationReceivedForeground((notification, completion) => {
      console.log('Notification Received - Foreground', notification)
      // Calling completion on iOS with `alert: true` will present the native iOS inApp notification.
      completion({ alert: false, sound: false, badge: false })
    })

    Notifications.events().registerNotificationOpened((notification, completion) => {
      console.log('Notification opened by device user', notification)
      console.log(`Notification opened with an action identifier: ${notification.identifier}`)
      completion()
    })

    Notifications.events().registerNotificationReceivedBackground((notification, completion) => {
      console.log('Notification Received - Background', notification)

      // Calling completion on iOS with `alert: true` will present the native iOS inApp notification.
      completion({ alert: true, sound: true, badge: false })
    })

    Notifications.getInitialNotification()
        .then(notification => {
          console.log('Initial notification was:', notification || 'N/A')
        })
        .catch(err => console.error('getInitialNotifiation() failed', err))
  }

  render() {
    const { children } = this.props
    return <View style={{ flex: 1 }}>{children}</View>
  }
}

Add PushNotificationManager into App.js file like that:

import React from 'react'
import { View } from 'react-native'
import { Provider } from 'react-redux'
import PushNotificationManager from './pushNotifications'
import { RootScreen } from './router'

const App = () => {
  return (
    <>
      <Provider store={store}>
        <PushNotificationManager>
          <View style={{ flex: 1 }}>
            <RootScreen />
          </View>
        </PushNotificationManager>
      </Provider>
    </>
  )
}

export default App

Testing iOS Push Notifications

To test push notifications on iOS you need:

Start the app: currently, it's not possible to test remote push notifications by running the app in Simulator, so you have to start the app from Xcode and run it on a connected device. It should change in the future versions of Xcode (see How to Send Push Notifications to the iOS Simulator).
Device Token: in this demo project, we’re just logging it into the browser console in the registerDevice method, you can just copy it from there. In real world, you would send a token to your Notification Provider and then send a notification from there.
Get TLS certificate: We’ve created such certificate in the iOS Setup -> Create Certificate section of this article.

You can test push notifications just by sending an HTTP request directly to APNs via curl. But first, we need to generate .pem from our .p12 which we will send with that request.

Create .pem from .p12 certificate file via openssl command:

openssl pkcs12 -nodes -clcerts -in Certificates.p12 -out Certificates.pem

If you're confused what these files and file extensions mean, try to look at certificates - PEM, CER, CRT, P12 - what is it all about? - Information Security Stack Exchange.

After that, you can send the HTTP request by the following command (just replace abcd with a password you set for the .pem certificate in the previous step):

curl -v \
  -d '{"aps":{"alert": {"title": "Game Request", "body": "Bob wants to play poker"},"sound":"default"}, "data": "some custom data"}' \
  -H "apns-topic:PROJECT_BUNDLE_IDENTIFIER" \
  -H "apns-expiration: 1" \
  -H "apns-priority: 10" \
  --http2 \
  --cert CERTIFICATE_FILE_PATH:CERTIFICATE_PASS \
  https://api.development.push.apple.com/3/device/DEVICE_TOKEN

Other useful resources:

Testing Android Push Notifications

To test push notifications on Android you need:

Start the app: you can use an emulator or connected device.
Get Device Token: in this demo project, we’re just logging it into the browser console in the registerDevice method, you can just copy it from there. In real world, you would send a token to your Notification Provider and then send a notification from there.
Get Server Key: you will find it in your project's Project Settings -> Cloud Messaging -> Server key.

The first option to try whether it works is to go into your project in Firebase console. Go to Cloud Messaging -> Notifications tab -> New notification. This approach has one problem. It doesn’t work for initial notifications, which are a special case of background notifications when your app is closed and you open it by tapping on the notification in notification center. The reason is that Android distinguishes two types of push notification message:

Notification Message
Data Message

The main difference is whether the message payload contains notification or data attribute. To send a notification that can be processed as initial notification, you would need to put data attribute into the payload, but I didn’t find out how to send Data message via Firebase console. You can find more details in the following links:

Hopefully, we can use the good old pure HTTP request via curl or Postman (Test FCM Notification with POSTMAN! - Android School - Medium) for example. Here is the curl command I use:

curl -X POST \
  https://fcm.googleapis.com/fcm/send \
  -H 'Authorization: key=SERVER_KEY' \
  -H 'Content-Type: application/json' \
  -H 'Host: fcm.googleapis.com' \
  -d '{
 "to" : "DEVICE_TOKEN",
 "data" : {
     "body" : "Body of Your Notification in Data",
     "title": "Title of Your Notification in Title",
     "key_1" : "Value 1",
     "key_2" : "Value 1"
 }
}'

There is documentation for the Firebase Cloud Messaging HTTP protocol.

When you run the command, you should get the notification into your Android. The notification should appear in system notification center and in the console log. Even if the app is not running, you should get the notification and see it as an initial notification in the browser’s console log after opening the app by tapping on the notification.

Summary

Whichever React Native library you choose, you still need to know how to set up push notifications specifically for a given platform.
There are various types of push notifications (foreground/background, local/remote - this article focuses on remote notifications, …).
You can send push notifications for each platform by sending an HTTP request via curl command. The difference is in the authentication mechanism with a certificate for iOS and Serve key for Android. The setup is vastly different for each platform.
Android:
- You have to create a project in Firebase console and add the Android app to get push notifications key. You can also add the iOS app, but it's not necessary. You would still need to set your APNs authentication key and register for remote notifications for iOS anyway.
iOS:
- You must be enrolled in Apple Developer Program if you want to send remote notifications.
  - You need to set your APNs authentication key or certificate and register for remote notifications in your project.
- It’s not possible to send a push notification into an app running on Simulator.

I hope I provided you at least a good overview of what you need to know to use push notifications on both Android and iOS platforms via React Native library. My goal wasn’t to describe all the steps in detail but to put together pieces of information and links I’ve gathered while setting up push notifications.

How to build VCX iOS library

jakubkoci — Fri, 31 Jan 2020 21:50:49 +0000

VCX is part of Hyperledger’s Indy and Aries projects. It’s a library for exchange of verifiable credentials written in Rust. It has also c-callable API with wrappers for iOS, Java, Node and other languages.
Our team needed to build the iOS static library from scratch and I decided to write down some notes from the process. The description of the build process is not only a good help for those who need the same, but it’s also good for understanding the build process itself which can be useful for any other library.

I won’t go into details describing all commands, I just want to provide a high-level description. If you want to see specifics, go to this repo jakubkoci/indy-vcx-build with the final Bash script or look at these two links which were my inspiration (thank you to all authors for their contribution):

Prerequisities

You need to run a build script on Mac OS with Rust and some other libraries installed. You will find everything described in the setup.sh script.

Goal

At the end of the process, we want to have a vcx.framework folder containing a binary file compiled for all required architectures together. This binary file will be combined from libvcx library and all its dependencies libindy, libssl, libcrypto, libsodium and libzmq.

Architectures

Whenever you want to build a native library, you need to select the architecture a.k.a type of processor of a device where your app, and therefore library, will be running. There are usually following options for iOS:

arm64 (aarch64-apple-ios): 64-bit ARM processor in iPhone 5s, iPad Air and newer.
armv7s (armv7s-apple-ios): 32-bit ARM processor in iPhone 5.
armv7 (armv7-apple-ios): 32-bit ARM processor in iPhone 3GS, 4, 4S.
x86_64 (x86_64-apple-ios): 64-bit simulator.
i386 (i386-apple-ios): 32-bit simulator.

In my case, OpenSSL library supports only two architectures, arm64 for devices and x86_64 for a simulator, so I need to build libraries only for these two.

You can find more about architectures here:

Build Native Libraries

For every 3rd party library I checkout particular repo and run a build script within it:

OpenSSL

clone https://github.com/x2on/OpenSSL-for-iPhone
run ./build-libssl.sh which produces both libssl.a and libcrypto.a

Libsodium

clone https://github.com/evernym/libsodium-ios
run ./libsodium.rb which produces libsodium.a

ZMQ

clone https://github.com/evernym/libzmq-ios
run ./libzmq.rb -> which produces libzmq.a

Libindy

I take similar steps with libindy, but on top of cloning the repo, I also checkout the required version by tag:

$ git clone git clone https://github.com/hyperledger/indy-sdk
$ cd indy-sdk/libindy
$ git checkout $INDY_VERSION
$ cargo lipo —release —targets="aarch64-apple-ios,x86_64-apple-ios”

You can spot that instead of architectures arm64 or x86_64 I use aarch64-apple-ios, x86_64-apple-ios. I call them triplets. Some libraries use the first architecture format, some use triplets, but you can see the mapping between architectures and triplets in the Architectures section above.

You can find more about architectures here:

Lipo

Lipo is a command-line tool that allows us to create universal binary with more architectures in one file (called Universal Static Library, or just “fat file”). We can also use it for extracting one universal file into more files according to given architecture (“non-fat file”).

If you check the output library with lipo you will see whether it’s a fat-file or not, and what architectures it contains.

For example, in our case:

$ lipo -info output/libsodium-ios/dist/ios/lib/libsodium.a
Architectures in the fat file: output/libsodium-ios/dist/ios/lib/libsodium.a are: armv7 armv7s i386 x86_64 arm64

or, for libindy:

$ lipo -info output/indy-sdk/libindy/target/aarch64-apple-ios/release/libindy.a
Non-fat file: output/indy-sdk/libindy/target/aarch64-apple-ios/release/libindy.a is architecture: arm64

If you run this command for every library you’ll see that all 3rd party libraries are fat files with all architectures, but libindy has been built as non-fat files. We need to extract architectures from fat-files to non-fat files:

$ lipo -extract ${arch} ../$FILE_PATH -o ${arch}/$FILE_NAME-fat.a
$ lipo ${arch}/$FILE_NAME-fat.a -thin $arch -output ${arch}/$FILE_NAME.a

You may be confused why there are two steps (extracting — keep output as a fat file with given architecture only, and thinning — create a non-fat file with given architecture). That’s because you need to extract architecture before you thin the file. If you try to thin the file directly, you will get the following error:

fatal error: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/lipo: input file (arm64/libzmq.a) must be a fat file when the -thin option is specified

Libvcx

I also copied libindy from indy-sdk to a different directory. Extracting and copying helps us set environment variables which are required to build libvcx in the following way:

export OPENSSL_LIB_DIR=$WORK_DIR/libs/openssl/${ARCH}
export IOS_SODIUM_LIB=$WORK_DIR/libs/sodium/${ARCH}
export IOS_ZMQ_LIB=$WORK_DIR/libs/zmq/${ARCH}
export LIBINDY_DIR=$WORK_DIR/libs/indy/${ARCH}

cargo build —target “${TRIPLET}” --release --no-default-features —features “ci”

Combine It All

Now, we have all libraries libssl, libcrypto, libsodium, libzmq, libindy and libvcx separated by architecture. What we want is one file with all libraries for all architectures. This part is too code heavy to describe it here. In general, we first combine all libraries for given platform and then create a fat file with all architectures with lipo. I prepared a simple drawing describing it:

This still not over. To call output libvcxall.a library from our code we need to wrap it with Objective-C and c-callable headers. First, we copy the libvcxall.a to indy-sdk/vcx/wrappers/ios/vcx which contains these headers and then we use xcodebuild and lipo utility to create our final vcx.framework.

Yes, we’re finally done. I hope you find it helpful even if you don’t need to build the library by yourself, but were curious about the process.

What's Wrong With Agile Development

jakubkoci — Mon, 23 Dec 2019 15:41:42 +0000

It's been a while since I've heard an amazing episode of JavaScript Jabber podcast about agile development JSJ 349: Agile Development - The Technical Side with James Shore. The ideas from that episode are coming up again and again, not only in my mind but also in discussions with other developers about the software development process. I decided to summarize my key takeaways from that episode in this short blog post:

Scrum masters aren’t there to charge but to enable. Perhaps, they should be just a temporary role until the team is self-organized in the process.
Scrum certifications are unfortunately more about the business that has been built around it rather than bringing actual value.
Agile tends to be more focused on how to organize rather than how to do the actual work. We need to discuss the technical side of agile more.
Start with one particular method (XP recommended), but always be focused mainly on the basic ideas from Agile manifesto.
Agile manifesto values some things more than others, but it doesn’t mean that the other parts are not important or useful.
Software development is not a sprint, it’s a marathon. Try to imagine athletes to run one sprint after another. Don't count weekends as a pause between sprints. Look at The Six Week Cycle by Basecamp for an example of a different approach.

Agile is about shortening the feedback loop with a focus on delivering value to the customer according to values in Agile Manifesto. Keep it in mind whenever introducing some process or technique from any agile methodology.

Polling with async/await

jakubkoci — Thu, 19 Sep 2019 07:28:50 +0000

This article is based on my real experience with refactoring a small piece of code with polling function so I won’t be starting from the scratch. I know its not rocket science, but I was looking for the solution for polling in the past and I found similar articles very helpful. It’s also a nice demonstration of how async/await and higher-order functions could help to code maintainability and readability.

I have been using the following piece of code for some polling functionality for a while.

function originalPoll(fn, end) {
  async function checkCondition() {
    const result = await fn();
    console.log("result", result);
    if (result < 3) {
      setTimeout(checkCondition, 3000);
    } else {
      end();
    }
  }

  checkCondition();
}

It takes function fn and calls it every 3 seconds until it gets required result (I simplified it here to a condition result < 3), then it calls callback end passed as the second parameter. The function somehow works and does what I need. But, it’s not possible to re-use it with a different condition. So I decided to refactor it a little bit. After a few minutes of thinking and tweaking I finally ended up with this simplification:

async function poll(fn, fnCondition, ms) {
  let result = await fn();
  while (fnCondition(result)) {
    await wait(ms);
    result = await fn();
  }
  return result;
}

function wait(ms = 1000) {
  return new Promise(resolve => {
    console.log(`waiting ${ms} ms...`);
    setTimeout(resolve, ms);
  });
}

This function still calls the fn function repeatedly, but now it takes also another parameter fnCondition which is called with the result of calling the fn function. Function poll will be calling the function fn until the function fnCondition returns false. I also extracted setTimeout function, it improves the readability of the polling function and keeps its responsibility straightforward (I don’t care how the waiting is implemented at this abstraction level). We also got rid of function inside a function which just added unnecessary complexity.

I didn’t start with a test first to be honest. Anyway, I still wanted to check my design, provide some safety for the future refactoring and also to document how to call the poll function. We can nicely achieve all of that by adding some tests:

describe("poll", () => {
  it("returns result of the last call", async () => {
    const fn = createApiStub();
    const fnCondition = result => result < 3;
    const finalResult = await poll(fn, fnCondition, 1000);
    expect(finalResult).toEqual(3);
  });

  it("calls api many times while condition is satisfied", async () => {
    const fn = createApiStub();
    const fnCondition = result => result < 3;
    await poll(fn, fnCondition, 1000);
    expect(fn).toHaveBeenCalledTimes(3);
  });

  function createApiStub() {
    let counter = 0;
    const testApi = () => {
      console.log("calling api", counter);
      counter++;
      return counter;
    };
    return jest.fn(() => testApi());
  }
});

I’m using Jest as a testing library. It has great support for testing async functions and provides stubs with assertions by default. Function createApiStub is here just for the purpose of the test and assertions and it'll represent our real API call or whatever function we would want to poll.

You can find and run the code in this CodeSandbox: Polling with async/await - CodeSandbox.