[Resending and extending my original reply from July 10th - I only
noticed now that Sunny had BCCed the mailing list]
On Thu, 2013-07-11 at 01:09 +0530, Sunny wrote:
> Hi,
>
> Google made caldav & carddav api public again ( http://goo.gl/8i81d )
> & changed their calendar api-end point from
>
> " https://www.google.com/calendar/dav/<CALID>/events"
> to
> " https://apidata.googleusercontent.com/caldav/v2/<CALID>/events".
>
> But new api-end point doesn't work with basic http authentication. And
> old end-point will stop working after 16 September, 2013.
>
> I tried with following command:
>
> SYNCEVOLUTION_DEBUG=1 syncevolution --print-items --daemon=no \
> loglevel=4 \
> [email protected] \
> password=***** \
> database=https://apidata.googleusercontent.com:443/caldav/v2/[email protected]/events/
> \
> backend=caldav
>
>
> It failed with " HTTP 401 Unauthorized" response code as mentioned in
> google-developer page.
> Here is the log ( http://paste.ubuntu.com/5862621/ ).
That's expected - SyncEvolution and its underlying DAV library, neon, do
not know how to use the new authentication mechanism.
> I am currently documenting a Ubuntu-wiki for syncevolution
> ( https://help.ubuntu.com/community/SyncEvolution) &
> calendar-synchronisation
> method documented there will not work after 16 sept.
>
> Hence the obvious question: Will next release of Syncevolution support
> Google-Auth?
Yes, that's the highest priority item on my list of things to do for the
upstream 1.4 release. I consider lack of that feature a release blocker.
My current thinking is that I'll reuse the work done by different
single-sign-on (SSO) services for authenticating against Google. That
will be easier than trying to replicate that work and give a better user
experience (integration into the system's credential and account
handling) - if there is such a system.
The downside will be that getting SyncEvolution up and running with
Google without such a system will be impossible, unless someone from the
community adds the code for a builtin authentication backend.
More specifically, I intend to lay the foundation for plugable SSO
backends and make it work in combination with gSSO
(https://01.org/gsso). That is something that I can justify as part of
my work on Tizen.
Some developers from Ubuntu expressed an interest to make it work with
Ubuntu Online Accounts, which has a very similar API.
[ fast forward to September ]
The current status is that I am one full test run away from including
OAuth2 support in the master branch. That test should be complete after
the weekend. A 1.3.99.5 beta release could follow middle of next week.
This whole work got delayed a bit because it got mixed up with fixing
FDO #66110 ("GTK-UI + D-Bus: password not stored in GNOME keyring or
KWallet" https://bugs.freedesktop.org/show_bug.cgi?id=66110). Sorry for
that!
As originally planned, gSSO is one way of doing OAuth2. I have also
added support for GNOME Online Accounts. However, only GNOME Online
Accounts >= 3.10 (in freeze, not released yet) will have support for
CardDAV (https://bugzilla.gnome.org/show_bug.cgi?id=707916). CalDAV is
already possible since 3.8. There is a hacky way to add CardDAV to 3.8
binaries - see attached README.
Ubuntu Online Accounts is not supported at the moment; I'm still hoping
to get patches for that.
Overall it'll be harder to users to get a working setup. Thus my
question to users: how much do you depend on CalDAV and/or CardDAV sync
with Google? On which platforms?
--
Best Regards, Patrick Ohly
The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.
Google CalDAV/CardDAV via OAuth2 with GNOME Online Accounts (GOA)
=================================================================
Setup
-----
SyncEvolution depends on a GNOME Online Accounts with CalDAV *and*
CardDAV enabled for Google. This is hard-coded in the source code, so
recompiling is the only (sane) way to change that. CalDAV has been
enabled for a while, CardDAV is recent (>= 3.10).
It is possible to patch 3.8 without recompiling (see below). Versions
older than 3.8 do not work because they lack OAuth2 support.
SyncEvolution needs an active account for Google in the GNOME Control
Center, under "online accounts". Enable the different data categories
if and only if you want to access the data with the core GNOME
apps. SyncEvolution ignores these settings.
Usage
-----
OAuth2 authentication with GNOME Online Accounts is enabled by setting
username or databaseUser to a string of the format
goa:<GOA account presentation ID = email address | account ID>
Typically there is only one account using a Google email address, so
that can be used to select the account. SyncEvolution checks if it is
really unique and if not, provides a list of all accounts with their
account ID. Then the unique account ID should be used instead.
The base URL for each service currently needs to be given via syncURL:
syncevolution --print-databases \
backend=carddav \
username=goa:[email protected] \
syncURL=https://www.googleapis.com/.well-known/carddav
src/syncevolution --print-databases \
backend=caldav \
username=goa:[email protected] \
syncURL=https://apidata.googleusercontent.com/caldav/v2
Once that works, follow the "CalDAV and CardDAV" instructions from the
README with the different username and syncURL.
Debugging
---------
Add --daemon=no to the command line to prevent shifting the actual
command executing into syncevo-dbus-server and (from there)
syncevo-dbus-helper.
Set SYNCEVOLUTION_DEBUG=1 to see all debug messages and increase the
loglevel to see HTTP requests:
SYNCEVOLUTION_DEBUG=1 syncevolution --daemon=no \
loglevel=4 \
--print-databases \
...
Known Problems
--------------
When accessing CardDAV:
status-line] < HTTP/1.1 401 Unauthorized
[hdr] WWW-Authenticate: AuthSub
realm="https://www.google.com/accounts/AuthSubRequest";
allowed-scopes="https://www.googleapis.com/auth/carddav";
...
<?xml version="1.0" encoding="UTF-8"?>
<errors xmlns="http://schemas.google.com/g/2005";>
<error>
<domain>GData</domain>
<code>authError</code>
<location type="header">Authorization</location>
<internalReason>Invalid Credentials</internalReason>
</error>
</errors>
...
[INFO] operation temporarily (?) failed, going to retry in 5.0s before giving
up in 295.8s: PROPFIND: Neon error code 3 = NE_AUTH, HTTP status 401: Could not
authenticate to server: ignored AuthSub challenge
...
This happens when using a GNOME Online Accounts which does (or did)
not request CardDAV access when logging into Google. Install GNOME
Online Accounts >= 3.10 or patch it (see below), "killall goa-daemon",
then re-create the account in the GNOME Control Center.
Patching GOA 3.8
----------------
It is possible to add CardDAV support to 3.8 without recompiling GNOME
Online Accounts. However, the downside is that this approach has to
disable access to some other kind of data and breaks when updating or
reinstalling GOA.
1. Locate libgoa-backend-1.0.so.0.0.0: typically it is in /usr/lib or
/usr/lib64.
2. Open it in a text editor which can handle binary data (like emacs).
3. Switch to "overwrite mode".
4. Find the string starting with https://www.googleapis.com/auth/userinfo.email
6. Overwrite the part which you don't need with
https://www.googleapis.com/auth/carddav
and spaces.
For example, if Google Docs access is not needed, replace
"https://docs.google.com/feeds/ https://docs.googleusercontent.com/
https://spreadsheets.google.com/feeds/ "
with
"https://www.googleapis.com/auth/carddav
"
Here's a perl command which replaces Google Docs with CardDAV:
perl -pi -e 's;https://docs.google.com/feeds/
https://docs.googleusercontent.com/ https://spreadsheets.google.com/feeds/
;https://www.googleapis.com/auth/carddav
;' /usr/lib*/libgoa-backend-1.0.so.0.0.0
_______________________________________________
SyncEvolution mailing list
[email protected]
https://lists.syncevolution.org/mailman/listinfo/syncevolution
