Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Google: use new Ubports keys #33

Merged
merged 1 commit into from Jul 29, 2019

Conversation

@mardy
Copy link
Member

commented Jul 7, 2019

Note: This is a WIP: you are very welcome to test it and report how it works, but we won't merge this until our keys have been approved by Google.

This is related to #1171, though not really a fix (there's nothing we can do to prevent Google to block access to GMail APIs). This change is to switch to the Google API keys registered by us (Unity/Ubports), instead of continue using those which were registered by Canonical, and that we have no way of configuring.

Test instructions: install the account-plugin-google, then delete your Google accounts from the device, and recreate them anew: verify that Contacts and Calendars get synchronised. The GMail webapp should not be affected, since it doesn't use Online Accounts at all, but feel free to double-check. :-)

@mardy mardy changed the title google: use new Ubports keys WIP: google: use new Ubports keys Jul 7, 2019

@UniversalSuperBox
Copy link
Member

left a comment

Could we insert these via an environment variable instead? At least then we're not committing it to the repository. The ID and secret will still be available inside the app, but it's another hoop to go through.

@mardy

This comment has been minimized.

Copy link
Member Author

commented Jul 15, 2019

It's a sense of false security. There is no way that we can keep the client secret really secret. Google at least understands that (see the second paragraph in https://developers.google.com/identity/protocols/OAuth2#installed), so for Google we don't even have to pretend to care.

We might need to do the trick you suggest with other OAuth providers, but I'd wait until they complain (in 5 years, no one did). :-)

@UniversalSuperBox

This comment has been minimized.

Copy link
Member

commented Jul 17, 2019

Alright, all seems to work fine here. One thing though, the Google login page says Ubports rather than UBports. UBports is the correct capitalization. If you have power over that, could you set it correctly?

@mardy

This comment has been minimized.

Copy link
Member Author

commented Jul 18, 2019

UBports is the correct capitalization. If you have power over that, could you set it correctly?

Sure, I will!

@UniversalSuperBox
Copy link
Member

left a comment

Assuming you (and Google) are ready, merge whenever you like.

@Flohack74

This comment has been minimized.

Copy link
Member

commented Jul 24, 2019

I am still voting for not having our secret exposed in public.

@UniversalSuperBox

This comment has been minimized.

Copy link
Member

commented Jul 24, 2019

It really doesn't matter, the secret is hardly so.

The process results in a client ID and, in some cases, a client secret, which you embed in the source code of your application. (In this context, the client secret is obviously not treated as a secret.)

https://developers.google.com/identity/protocols/OAuth2#installed

@mardy mardy merged commit f7f1d14 into ubports:xenial Jul 29, 2019

1 check passed

continuous-integration/jenkins/pr-merge This commit looks good
Details

@mardy mardy deleted the mardy:new-google-keys branch Jul 30, 2019

@Flohack74

This comment has been minimized.

Copy link
Member

commented Jul 30, 2019

Please remove WIP: marker before merging in the future, for sanity.

@Flohack74 Flohack74 changed the title WIP: google: use new Ubports keys Google: use new Ubports keys Jul 30, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.