Token used too early

This is regarding the Google OAuth API issue, I was facing a while ago.

For a specific feature on my mobile app, it sends the request to my application web server. My server processes the request and sends back the response to the App. As the request is user specific, so I use the following code to retrieve the user security token, where GoogleAuthUtil is provided by Google for OAuth purpose.

GoogleAuthUtil.getToken(getApplicationContext(), account, scopes);




This token is sent to the server where it gets validated again through Google OAuth Php Api

$google_client->verifyIdToken($token);


This is a recommended procedure to ensure that the token is not been tampered. If it throws any error [typically 'token expired'], then my app used to reiterate the whole flow.

I was facing this weird problem, where the whole flow was going in a long running loop. As I investigated the issue I found out, that while validating the token at server end, google api is throwing error with the message 'Token used too early'.

Looks like Google OAuth api does not like if somebody validates the token immediately after it gets issued. **I know, this contradicts against the recommendation**

But the good part is, along with the error, google api [php] sends back the user data as well. This was a life saver for me. I handled the exception at my server end as below to take care of my further processing. 

 

try { 
     $ticket = $client->verifyIdToken($tokenid); 
 } catch (Exception $e) { 
     $errMsg = $e->getMessage(); 
     if (strpos($errMsg,"Token used too early") !== false) 
       //do further processing


This really helped me in saving myself from my app users who were ready to bombard on me. Hope this info helps you as well.

Software Architect - How Much Real?

It was my choice to be a software architect. I was more inclined towards technology rather than the management. I started working as an application architect since four years back. After few of the architecture assignments I really wanted to spread my wings. I wanted to explore architecture practice as a solution or enterprise architect where you can contribute in a bigger and complex level "IT implementations".

But then I realized this role is just a dream with any of the IT companies in india. I am specially talking about companies which provide IT services to their clients. Infact I was surprised that there is no growth plan for software architects in these companies. Once you are an architect aka application architect, thats it!! There is no concept of solution or enterprise architect over here.

Can you imagine an architect doing the sales work? Well in other sectors [for e.g. construction, manufacturing this will sound crazy I am sure. But somehow its quite an integral part of software industry. Yes an architect is involved in sales activities. Infact all the senior architects [solution, portfolio, enterprise ...etc] do the same sort of work irrespective of their variant names. And if you dont opt for it, you are stuck. You are stuck at the lowest level of architect profile.

One reason for this could be that most of the clients have their own architecture teams and bigger decisions are always taken by them. There might be some more probable reasons responsible for this profile twist at IT companies [services]. Well I dont care about the reasons, what I care about is of my interest and the professional growth associated with it.

You might ensure both of these if you are at the other side. Which means you have to drop the idea of working with IT service provider [in india] and have to join their clients counterparts [in US/Europe]. Unfortunately most of these IT organizations are overseas and decisions are not easy to make.

So my urge to all of those architecture arpirants in software industry is to think over it. Apart from the limitations I discussed above there are many challenges with this profile. Software industry is still trying to get matured and architect profile has a long way to go.

Software Development and the Bidding Glitch

If we talk about the software service industry, bidding process for software development is nothing different from any other services in the market. Whenever an organization needs some automation there are usually two options, it’s either to build or to buy. Irrespective of the decision whenever some software development effort needed, organization invites proposal from multiple service providers aka vendors to select the best suited in terms of capabilities and cost.

Deep Insight
Let’s take a deeper look into this bidding process. For any such requirements, organizations float an RFP [Request for Proposal] across multiple vendors which they need to respond in some time frame. This is usually accompanied by some documents. Organizations usually expect a fixed cost from its vendors for the software development. Vendors study their documents and provide overall cost as a part of their response. Within this whole process, both organization and vendor ignores the accuracy of effort estimations [for software development] and hence the associated cost.

It’s very unlikely that an organization will have 100% requirements ready before it starts the bidding process. Even though it has, it cannot be communicated properly to vendors. And even if it can be, it’s not possible to analyze it completely. Insufficient time, details and communications could be the some of the reasons for this. Due to all these challenges, cost provided by vendor is highly inaccurate and it can vary drastically. In fact I have seen variations even to the levels of 200% - 300%.

Cause
Software development as a service cannot be compared with other services in the market. Let’s say an organization needs repaint to its office premises [building for e.g.], it will issue the bidding proposal to multiple vendors. Vendors will carry out some building measurements and can easily provide the overall cost [based on some past data] with high accuracy.

This kind of cost estimation is absolutely not possible with Software Development. Due to its diversified nature in terms of requirements, technologies, environments, engagement models, and so many other factors, it’s difficult to come up with an accurate figure [before getting into it], and hence the costing of whole exercise. In fact software estimation is an art and there have been very few projects which are completed within predefined time and budget, and are successful of course.

Consequences
Industry figures say that more than 70% projects in IT are failed ones. Some of them didn’t complete at all and abandoned in between. And others are done but with increased cost, time or both. Some organizations blame vendors for it. Some blame it to technologies and some to the engagement/management models. Well I agree with all of these to some extent, but I feel one of the major reasons is this un-tuned bidding process. As I said earlier, software development cannot be treated same as other services. If the standard bidding model is not changed, it will always be difficult for the vendor to provide cost and time estimates correctly. And till the time it continues, we will witness project failures in this industry.

What next?
How can we tune this bidding process for software development? One solution for this could be Time & Material [But organizations are usually not in favour of this for some other reasons :)].

Well I am sure this problem can be handled in multiple ways. It requires more churning of our throught processes to come up with a better strategy and model around it. But sooner we start better we can expect from this IT industry TO BE!!