both account-polld and ubuntu-push-client talk to OA, but we already don't show UI on failures AFAIK.
On 2 December 2014 at 12:01, Alberto Mardegan <[email protected]> wrote: > Hi all! > This mail is only relevant for people working on system services using > Online Accounts (OA); if you are an application developer, don't worry: > nothing changes for you. :-) > > There are a few processes which don't have a connection to Mir but are > using OA; I know of account-polld and sync-monitor, plus the scopes via > the unity-scopes-api, but there might be more. When these processes > request a token and OA finds that the current token has expired, OA > needs to popup a UI in order to obtain a new token. If the client > process is connected to Mir (as is the case for all click apps), then OA > opens a trusted prompt on top of the client application. But if the > client is not connected to Mir, creating a trusted session is not possible. > > The current fallback when opening a trusted session fails is to show a > snap decision, and once the user has activated it we show the OA UI and > continue with the authentication. But this has two problems: > > 1) The snap decision flow is not approved by design > 2) Various issues such as https://bugs.launchpad.net/bugs/1352251 cause > this solution to be suboptimal and work unreliably > > I would like to change OA so that the snap decision fallback is removed, > and instead we always return an error to the client when the client is > not connected to Mir and the authentication cannot proceed without user > interaction. > This implies that the clients must handle the authentication error (we > have a specific error code for this case), possibly by notifying the > user about the failure and the need to re-authenticate. The > re-authentication would then be started in a UI application which is > linked to the backend (for instance, for sync-monitor I would think that > the Calendar application could a good candidate, and the Dash would be > the Ui for the scopes), but how this really happens would have to be > decided by our UI designers. > > I would like to implement this change on the OA side as soon as > possible, so please let me know what impact this change would have on > your project, and if you have already a UI design about how to handle > authentication failures (if not, please try to get one). > > Ciao, > Alberto > > -- > Mailing list: https://launchpad.net/~ubuntu-phone > Post to : [email protected] > Unsubscribe : https://launchpad.net/~ubuntu-phone > More help : https://help.launchpad.net/ListHelp -- Mailing list: https://launchpad.net/~ubuntu-phone Post to : [email protected] Unsubscribe : https://launchpad.net/~ubuntu-phone More help : https://help.launchpad.net/ListHelp
