Easy Enterprise Mobile





What are the challenges
of mobile apps?

Size matters...

Push Notifications

Surviving offline



Making money


How does AeroGear fit in?

100% Mobile

Cross-platform set of libraries with a Unified API

Cordova Plugins

Web, Native or Hybrid?

Why would you need to make a definitive choice?

AeroGear Core

Cross-platform APIs for all your common client-server infrastructure tasks.

AeroGear Push

Send push notifications to any device, regardless of platform or network (APNs, GCM, SimplePush).

AeroGear Security

Integrate with your existing security and authentication infrastructure.

AeroGear Sync

Secure offline support and synchronization.

The Cookbooks

Get up to speed (easy peasy) with examples

aerogear-ios-cookbook | aerogear-js-cookbook | aerogear-android-cookbook

Pipe & Pipeline

AeroGear Unified API makes it easier

  • Connection abstration
  • JAX-RS / nodejs backend/whatever REST endpoint
  • Asynchronous operation, either use success/error callbacks or promises
  • Paging support

Pipes in JavaScript

 // Create the 'Pipe' for '/developer/' endpoint
var developerPipe  = AeroGear.Pipeline([{
    name: "developers",
    settings: {
        baseURL: "rest/"

// Read
    success: function(data) {
    error: function (error) {

DataManager & Store

Persistence abstraction

  • Store CRUD API similar to Pipe API
  • Synchronous for most storage
  • ... but JS diversities: IndexedDB, webSQL are asynchronous return promises
  • Encrypted version for each store

Cookbook recipe: Food

From aerogear-js-cookbook

Store in JavaScript

// Create an IndexedDB store name "recipes"
// IndexedDB needs to be opened, see "auto" setting
// If IndexedDB is not supported in your browser, fall back

var dm = AeroGear.DataManager({
  name: 'recipes',
  type: 'IndexedDB',
   settings: {
      auto: true
app.agStore = dm.stores.recipes;
// Add an id to the data
data.id = uuid.v4();
// Here we are calling the stores "save" method.
app.agStore.save( data ).then( function( data ) {
  app.renderRecipeList( data );

AeroGear Push Notifications

  • Short Messages to ... notify!
  • No connection to maintain: save your batteries
  • Device registers to the UPS at start up
  • UPS to unify different provider networks: GCM, APNs, SimplePush
  • UPS admin to monitor all registered devices
  • UPS deployed in OpenShift in minute
  • Unified Client Libraries to send messages

AeroGear Push

AeroGear UnifiedPush: let's get the vocabulary

  • Push Application: A logical construct that represents an overall mobile application.
  • Push Variant: A variant of the Push Application. There can be multiple variants for a Push Application. A Variant contains platform specific properties, such as a Google API key (Android) or a PushNetwork URL (SimplePush).
  • Installation: Represents an actual installation on a mobile device / client.
  • Push Notification Message: A simple message to be send to a mobile application, to notify it of a data change.
  • Sender API: Is a component that sends Push Notification Messages to a Push Application or some of its different Variants.

AeroGear UnifiedPush cartridge on OpenShift

AeroGear UnifiedPush HelloWorld demo

Going further with AeroDoc backend example on how to use Sender API.

Push Registration

Client side: Register at first start-up of the app

public class RegisterActivity extends Activity {

    public void registerDeviceOnPushServer(String alias) {

        try {
            PushConfig config = new PushConfig(new URI(UNIFIED_PUSH_URL), GCM_SENDER_ID);

            PushRegistrar registrar = registrations.push("registrar", config);
            registrar.register(getApplicationContext(), new Callback() {
                public void onSuccess(Void data) {

                public void onFailure(Exception e) {
                    Toast.makeText(getApplicationContext(), e.getMessage(), Toast.LENGTH_SHORT).show();
        } catch (URISyntaxException e) {
            throw new RuntimeException(e);


Push Sender API

Test sending push messages:

AeroGear Security

Server side and Client side:

  • Authentication/Authorization server side: Shiro/PicketLink adapter
  • Soon to come Keycloak adapter
  • Encryption: key to enterprise mobile app
    • symmetric encryption (private key)
    • asymmetric encryption (private/public keys)
    • encrypted Storage - encrypted offline mode

Authentication, Authorization

Seamless integration with Pipe

  • Choose auth/authz method: simple digest
  • Integrate well with Keycloak, to learn more see Stian's presentation
  • OAuth2 compliant
  • Easy extendable with adapter

OAuth2 protocol

Some people call it a dance, it's more a discussion
Bob wants to grant access to Shootn'Share mobile app to upload images to GoogleDrive

  • 1. Hello, Mr GoogleAuth I'm Shoot'nShare app, could I get access to Google Drive services?
  • (optional). Which account, please identify yourself?
  • (optional). I am Bob, here's my login and password
  • 2 . Hello, Bob, do you want to grant access to GoogleDrive app?
  • 3. Yes I do. I trust this app.
  • 4. Ok fine, Let me use the client callback URL to get back to the app. Here is an auth code for you GoogleDrive.
  • 5. Thanks. Mr Google may I exchange my auth code for an access token?
  • 6, 7. Here's your access token GoogleDrive Enjoy.
  • 8, 9. So Mr Google could I upload a file to bob's account, here's my access token.
  • 10. Let me see if your access token is still valid, ok fine.

OAuth2 cookbook recipe: Shoot'nShare

OAuth2 Configuration with Objective-C

// start up the authorization process
AGAuthorizer* authorizer = [AGAuthorizer authorizer];
_restAuthzModule = [authorizer authz:^(id config) {
  config.name = @"restAuthMod";
  config.baseURL = [[NSURL alloc] initWithString:@"https://accounts.google.com"];
  config.authzEndpoint = @"/o/oauth2/auth";
  config.accessTokenEndpoint = @"/o/oauth2/token";
  config.clientId = @"873670803862-g6pjsgt64gvp7r25edgf4154e8sld5nq.apps.googleusercontent.com";
  config.redirectURL = @"org.aerogear.Shoot:/oauth2Callback";
  config.scopes = @[@"https://www.googleapis.com/auth/drive"];

[_restAuthzModule requestAccessSuccess:^(id response) {
   _token = response;
} failure:^(NSError *error) {


OAuth2 server side with Keycloak

Another cookbook recipe: ProductInventory

Disclaimer: this recipe is still Pull Requests server side and iOS client

  • Replace GoogleDrive by our own Java backend
  • Use Keycloak with for Auth/authz
  • Configure OAuth2 client
  • Keep the same iOS client code
  • version 1.0-alpha4, integrate well with Wildfly

Try it, comment on it, contribute!


No secret, Unified APIs is the success...

  • for crypto libs
    • Java: javax.crypto and Bouncy Castle libs, supports AES-GCM
    • JavaScript: sjcl lib, supports CCM and OCB authenticated-encryption mode
    • iOS: NaCI lib, supports ECC (Elleptic curve) and Ed25519
  • for encrypted storage

See Password Manager recipe which is available in iOS, Android and JavaScript


Web app, Native app

What about Hybrid?

What's for?

  • Embedded Browser in a native app
  • Bridge between JavaScript and native features
  • Implement in JS once and deploy everywhere
  • One line to compile for all the platforms
  • Easy to extend with plugins!

Cordova Build

Apache Cordova + AeroGear

  • AeroGear Cordova plugins
  • Cordova tooling
  • Core commiter

= love at first sight

Some magic in 4 commands

    cordova create food

    cordova platform add android

    cordova build

    cordova run


This is the end


Open Source Community

We need you!