ubuntu-phone team mailing list archive

[Chris Wayne <chris.wayne@xxxxxxxxxxxxx>]

On Thu, Oct 2, 2014 at 7:14 AM, Alberto Mardegan <
alberto.mardegan@xxxxxxxxxxxxx> wrote:

> On 10/02/2014 01:22 PM, James Henstridge wrote:
> > I don't know the exact details of the scope Chris ran into this with,
> > but I am curious about how this ACL is being checked.  I do know that
> > Chris's scopes are Click packaged, so they will be running with an
> > AppArmor profile name of the form "$packagename_$scopename_$version",
> > even if that profile is equivalent to "unconfined".  Is that going to
> > pass this ACL check?
>
> Mmm... this is interesting. So, regardless of the contents of the
> profile, OA will see the app as "$packagename_$scopename_$version", and
> it will let it access the desired account only if
> "$packagename_$scopename_*" is present in the account's ACL.
>
> > I'd imagine the same issue is going to affect any application that
> > uses Click packaging too.
>
> If you mean to say that any application that uses Click packaging can't
> just access any account it wishes, that's indeed true. We have an API to
> request access to an account (and I realize just now that's not listed
> in developer.ubuntu.com), and that's via the "Setup" element of the
> "Ubuntu.OnlineAccounts.Client 0.1" QML module.
> The UI flow is described here:
> https://wiki.ubuntu.com/OnlineAccounts#App_access
>
> Scopes need to call this method as well, if they want to access the
> account. IIRC, the plan was to have a scope-config tool which would do
> that on their behalf.
> (the other option is to go to the Accounts panel in the system settings,
> click on the desired account and enable the application/scope from there)
>

I've done that for these scopes (which used to work) but am still not able
to get an access token

>
> Ciao,
>   Alberto
>