ubuntu-phone team mailing list archive
-
ubuntu-phone team
-
Mailing list archive
-
Message #10665
Re: Usage of Online Accounts by windowless processes (account-polld, sync-monitor, scopes...)
both account-polld and ubuntu-push-client talk to OA, but we already
don't show UI on failures AFAIK.
On 2 December 2014 at 12:01, Alberto Mardegan
<alberto.mardegan@xxxxxxxxxxxxx> wrote:
> Hi all!
> This mail is only relevant for people working on system services using
> Online Accounts (OA); if you are an application developer, don't worry:
> nothing changes for you. :-)
>
> There are a few processes which don't have a connection to Mir but are
> using OA; I know of account-polld and sync-monitor, plus the scopes via
> the unity-scopes-api, but there might be more. When these processes
> request a token and OA finds that the current token has expired, OA
> needs to popup a UI in order to obtain a new token. If the client
> process is connected to Mir (as is the case for all click apps), then OA
> opens a trusted prompt on top of the client application. But if the
> client is not connected to Mir, creating a trusted session is not possible.
>
> The current fallback when opening a trusted session fails is to show a
> snap decision, and once the user has activated it we show the OA UI and
> continue with the authentication. But this has two problems:
>
> 1) The snap decision flow is not approved by design
> 2) Various issues such as https://bugs.launchpad.net/bugs/1352251 cause
> this solution to be suboptimal and work unreliably
>
> I would like to change OA so that the snap decision fallback is removed,
> and instead we always return an error to the client when the client is
> not connected to Mir and the authentication cannot proceed without user
> interaction.
> This implies that the clients must handle the authentication error (we
> have a specific error code for this case), possibly by notifying the
> user about the failure and the need to re-authenticate. The
> re-authentication would then be started in a UI application which is
> linked to the backend (for instance, for sync-monitor I would think that
> the Calendar application could a good candidate, and the Dash would be
> the Ui for the scopes), but how this really happens would have to be
> decided by our UI designers.
>
> I would like to implement this change on the OA side as soon as
> possible, so please let me know what impact this change would have on
> your project, and if you have already a UI design about how to handle
> authentication failures (if not, please try to get one).
>
> Ciao,
> Alberto
>
> --
> Mailing list: https://launchpad.net/~ubuntu-phone
> Post to : ubuntu-phone@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~ubuntu-phone
> More help : https://help.launchpad.net/ListHelp
Follow ups
References