← Back to team overview

desktop-packages team mailing list archive

[Bug 1457298] Re: invalid auth for online-account

 

Hi! The signon-plugin-oauth only handles OAuth 1.0 and 2.0. Since yupoo
uses its own non-standard authentication, you cannot use the signon-
plugin-oauth with it.

You need to write a signon plugin specialized for yupoo. Unfortunately this is not well documented, but at least there are a few examples of signon plugins around.
The more complex is certainly signon-plugin-oauth, but here's a few simpler ones:

https://gitlab.com/accounts-sso/signon-plugin-digest
https://gitlab.com/accounts-sso/signon-plugin-sasl
(click on the "Files" tab on the left to see the project files)

I had a look at the yupoo documentation at
http://dev.yupoo.com/apidoc2/www/ but since it's in Chinese, I didn't
understand much about it. It appears that it all starts with this call
(please correct me if I'm wrong):

http://www.yupoo.com/services/auth/?api_key=[api_key]&perms=[perms]&api_sig=[api_sig]

The above link should be opened in a web view, where the user will be asked to authenticate and authorize the app, and then it will be redirected to the callback url, which will have the "frob" appended in a query item. Is my understanding correct?
And, what do you need in order to generate the "api_sig"?

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to signon-plugin-oauth2 in Ubuntu.
https://bugs.launchpad.net/bugs/1457298

Title:
  invalid auth for online-account

Status in signon-plugin-oauth2 package in Ubuntu:
  New

Bug description:
  In order to launch authentication like most other accounts, yupoo need
  to register a new .provider file to Online accounts.

   But this XML-format file requires an standard-parameter request for
  authenticating and  accessing token, including  client_id, token_path
  and others, which doesn't match with the request format of yupoo.

  Yupoo need to launch an auth with a link like
  http://www.yupoo.com/services/auth/?api_key=[api_key]&frob=[frob]&perms=[perms]&api_sig=[api_sig].
  It is an non standard-format request and need additional parameter
  requests before accessing token. So we can hardly integrating the
  entire auth of yupoo into Online-accounts.

  Shall we provide an more agile policy for configure when creating the
  .provide file?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/signon-plugin-oauth2/+bug/1457298/+subscriptions


Follow ups

References