Allow hiding authentication data in scope binary
Bug #1554040 reported by
Alberto Mardegan
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical System Image |
Fix Released
|
High
|
Alejandro J. Cura | ||
unity-scopes-api (Ubuntu) |
Fix Released
|
High
|
Alberto Mardegan | ||
unity-scopes-shell (Ubuntu) |
Fix Released
|
High
|
Alberto Mardegan |
Bug Description
The current scope API doesn't allow the developer to specify the OAuth client keys at runtime, they must reside in the .service files which end up installed on the filesystem.
Some people are concerned about exposing their API keys, and would rather embed them in their scope binary and specify them at runtime. While acknowledging that this will actually not improve the security, this possibility is offered by all other Online Accounts APIs, and it would be nice if scopes offered this too.
Related branches
lp:~mardy/unity-scopes-api/clientid-1554040
- PS Jenkins bot (community): Approve (continuous-integration)
- Marcus Tomlinson (community): Approve
-
Diff: 327 lines (+133/-12)8 files modifieddebian/VERSION.MICRO (+1/-1)
debian/control.in (+1/-0)
doc/tutorial.dox (+5/-0)
include/unity/scopes/OnlineAccountClient.h (+16/-0)
include/unity/scopes/internal/OnlineAccountClientImpl.h (+3/-0)
src/scopes/OnlineAccountClient.cpp (+10/-1)
src/scopes/internal/OnlineAccountClientImpl.cpp (+26/-2)
test/gtest/scopes/OnlineAccountClient/OnlineAccountClient_test.cpp (+71/-8)
Superseded
for merging
into
lp:unity-scopes-api
- PS Jenkins bot (community): Approve (continuous-integration)
- Marcus Tomlinson (community): Approve
-
Diff: 327 lines (+133/-12)8 files modifieddebian/VERSION (+1/-1)
debian/control.in (+1/-0)
doc/tutorial.dox (+5/-0)
include/unity/scopes/OnlineAccountClient.h (+16/-0)
include/unity/scopes/internal/OnlineAccountClientImpl.h (+3/-0)
src/scopes/OnlineAccountClient.cpp (+10/-1)
src/scopes/internal/OnlineAccountClientImpl.cpp (+26/-2)
test/gtest/scopes/OnlineAccountClient/OnlineAccountClient_test.cpp (+71/-8)
lp:~mardy/unity-scopes-shell/clientid-1554040
- Marcus Tomlinson (community): Approve
- PS Jenkins bot (community): Needs Fixing (continuous-integration)
-
Diff: 108 lines (+12/-6)6 files modifiedCMakeLists.txt (+1/-1)
debian/control.in (+1/-1)
src/Unity/logintoaccount.cpp (+5/-2)
src/Unity/logintoaccount.h (+3/-2)
src/Unity/previewmodel.cpp (+1/-0)
src/Unity/scope.cpp (+1/-0)
Changed in unity-scopes-api (Ubuntu): | |
status: | New → In Progress |
importance: | Undecided → High |
assignee: | nobody → Alberto Mardegan (mardy) |
Changed in unity-scopes-shell (Ubuntu): | |
status: | New → In Progress |
importance: | Undecided → High |
assignee: | nobody → Alberto Mardegan (mardy) |
Changed in unity-scopes-api (Ubuntu): | |
status: | In Progress → Fix Committed |
Changed in canonical-devices-system-image: | |
assignee: | nobody → Alejandro J. Cura (alecu) |
importance: | Undecided → High |
milestone: | none → 11 |
status: | New → In Progress |
Changed in canonical-devices-system-image: | |
status: | In Progress → Fix Committed |
Changed in canonical-devices-system-image: | |
status: | Fix Committed → In Progress |
Changed in canonical-devices-system-image: | |
status: | In Progress → Fix Committed |
Changed in unity-scopes-shell (Ubuntu): | |
status: | In Progress → Fix Released |
Changed in canonical-devices-system-image: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Mardy: if this doesn't actually improve security, why is this bug marked high importance? Is there any particular user who is calling for this feature?
Are there any online services we are talking to that require this kind of obfuscation?