ubuntu-phone team mailing list archive
-
ubuntu-phone team
-
Mailing list archive
-
Message #10664
Usage of Online Accounts by windowless processes (account-polld, sync-monitor, scopes...)
Hi all!
This mail is only relevant for people working on system services using
Online Accounts (OA); if you are an application developer, don't worry:
nothing changes for you. :-)
There are a few processes which don't have a connection to Mir but are
using OA; I know of account-polld and sync-monitor, plus the scopes via
the unity-scopes-api, but there might be more. When these processes
request a token and OA finds that the current token has expired, OA
needs to popup a UI in order to obtain a new token. If the client
process is connected to Mir (as is the case for all click apps), then OA
opens a trusted prompt on top of the client application. But if the
client is not connected to Mir, creating a trusted session is not possible.
The current fallback when opening a trusted session fails is to show a
snap decision, and once the user has activated it we show the OA UI and
continue with the authentication. But this has two problems:
1) The snap decision flow is not approved by design
2) Various issues such as https://bugs.launchpad.net/bugs/1352251 cause
this solution to be suboptimal and work unreliably
I would like to change OA so that the snap decision fallback is removed,
and instead we always return an error to the client when the client is
not connected to Mir and the authentication cannot proceed without user
interaction.
This implies that the clients must handle the authentication error (we
have a specific error code for this case), possibly by notifying the
user about the failure and the need to re-authenticate. The
re-authentication would then be started in a UI application which is
linked to the backend (for instance, for sync-monitor I would think that
the Calendar application could a good candidate, and the Dash would be
the Ui for the scopes), but how this really happens would have to be
decided by our UI designers.
I would like to implement this change on the OA side as soon as
possible, so please let me know what impact this change would have on
your project, and if you have already a UI design about how to handle
authentication failures (if not, please try to get one).
Ciao,
Alberto
Follow ups