ubuntu-appstore-developers team mailing list archive

Thread
Date

Re: Skipping auth on downloads

To: James Westby <james.westby@xxxxxxxxxxxxx>
From: "Alejandro J. Cura" <alejandro.cura@xxxxxxxxxxxxx>
Date: Wed, 7 Aug 2013 10:54:54 -0300
Cc: Ubuntu Appstore Developers <ubuntu-appstore-developers@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <878v0evo7z.fsf@jameswestby.net>

On Tue, Aug 6, 2013 at 12:22 PM, James Westby
<james.westby@xxxxxxxxxxxxx> wrote:
> Hi,
>
> Apparently there are issues with authenticating downloads due to the
> lack of a keyring on the phone images. In order to unblock wider testing
> it is now possible to skip the authentication checks when downloading a
> click package, You can do this by appending ?noauth=1 to the url, and
> you won't have to provide a token or oauth signature in order to
> download the package.
>
> Due to the obvious security implications, this feature will self-expire
> on Sept 15th of this year, at which point you will have to provide
> credentials once again.
>
> You can continue to test the authentication by skipping the extra
> parameter, and everything will work the same as before.

The branch to use ?noauth=1 on the click scope is about to land on
trunk, so it should be on tomorrow's image.

cheers,
-- 
alecu

References

Skipping auth on downloads
From: James Westby, 2013-08-06