** Description changed: - Hello! I'm the maintainer of Deja Dup. I was recently made aware that - Google is removing an oauth workflow that Deja Dup uses, in September. + * Impact + + The method Deja-Dup is using to authentificate to google account will + stop working in september. + + * Test case + + Configure deja-dup to do backups on a google drive account. After + confirming the authorization through the web browser it should be + possible to start the backup. + + Check on the webview that the files are correctly added. + + Restore some data and unsure that's working. + + * Regression + + The codepath is used for oauth authentification and integration with the + system mimetype. Check that the webbrowser auth workflow works as + expected, testing deb and snap based browsers + + ------------------------------------------ + + + Hello! I'm the maintainer of Deja Dup. I was recently made aware that Google is removing an oauth workflow that Deja Dup uses, in September. Here's their blog post about it: https://developers.googleblog.com/2022/02/making-oauth-flows-safer.html Here's the upstream bug about switching to a new oauth flow: https://gitlab.gnome.org/World/deja-dup/-/issues/222 I've released version 43.3 with a new oauth workflow. This basically switches us from redirecting the oauth page to a local http://localhost:xxxx/ page being served by deja-dup and instead has the browser launch a custom URI like 'com.googlecontent.xxx:/oauth2redirect?code=yyy', which then launches deja-dup and gives it the correct oauth token. The key differences for packagers is just to note that now deja-dup will register itself as a handler for those weird URI schemes (they are specific to deja-dup, as they include its client ids for the service). I think this deserves a backport to all supported releases. I can whip up a patch for you in a bit, just wanted to get this registered as an issue. To be a bit more specific about what will break: - Existing users that have already granted deja-dup access to Google will continue to work without any issue. - In August, users will see a warning on the oauth screen. - And then in September, any new attempt to connect deja-dup to Google will not work.
** Description changed: * Impact The method Deja-Dup is using to authentificate to google account will stop working in september. * Test case Configure deja-dup to do backups on a google drive account. After confirming the authorization through the web browser it should be possible to start the backup. Check on the webview that the files are correctly added. Restore some data and unsure that's working. - * Regression + * Regression potential The codepath is used for oauth authentification and integration with the system mimetype. Check that the webbrowser auth workflow works as expected, testing deb and snap based browsers ------------------------------------------ - - Hello! I'm the maintainer of Deja Dup. I was recently made aware that Google is removing an oauth workflow that Deja Dup uses, in September. + Hello! I'm the maintainer of Deja Dup. I was recently made aware that + Google is removing an oauth workflow that Deja Dup uses, in September. Here's their blog post about it: https://developers.googleblog.com/2022/02/making-oauth-flows-safer.html Here's the upstream bug about switching to a new oauth flow: https://gitlab.gnome.org/World/deja-dup/-/issues/222 I've released version 43.3 with a new oauth workflow. This basically switches us from redirecting the oauth page to a local http://localhost:xxxx/ page being served by deja-dup and instead has the browser launch a custom URI like 'com.googlecontent.xxx:/oauth2redirect?code=yyy', which then launches deja-dup and gives it the correct oauth token. The key differences for packagers is just to note that now deja-dup will register itself as a handler for those weird URI schemes (they are specific to deja-dup, as they include its client ids for the service). I think this deserves a backport to all supported releases. I can whip up a patch for you in a bit, just wanted to get this registered as an issue. To be a bit more specific about what will break: - Existing users that have already granted deja-dup access to Google will continue to work without any issue. - In August, users will see a warning on the oauth screen. - And then in September, any new attempt to connect deja-dup to Google will not work. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1973816 Title: Deja Dup's Google support will break in September 2022 for versions < 43.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/deja-dup/+bug/1973816/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
