On Thu, Oct 2, 2014 at 7:14 AM, Alberto Mardegan < alberto.marde...@canonical.com> wrote:
> On 10/02/2014 01:22 PM, James Henstridge wrote: > > I don't know the exact details of the scope Chris ran into this with, > > but I am curious about how this ACL is being checked. I do know that > > Chris's scopes are Click packaged, so they will be running with an > > AppArmor profile name of the form "$packagename_$scopename_$version", > > even if that profile is equivalent to "unconfined". Is that going to > > pass this ACL check? > > Mmm... this is interesting. So, regardless of the contents of the > profile, OA will see the app as "$packagename_$scopename_$version", and > it will let it access the desired account only if > "$packagename_$scopename_*" is present in the account's ACL. > > > I'd imagine the same issue is going to affect any application that > > uses Click packaging too. > > If you mean to say that any application that uses Click packaging can't > just access any account it wishes, that's indeed true. We have an API to > request access to an account (and I realize just now that's not listed > in developer.ubuntu.com), and that's via the "Setup" element of the > "Ubuntu.OnlineAccounts.Client 0.1" QML module. > The UI flow is described here: > https://wiki.ubuntu.com/OnlineAccounts#App_access > > Scopes need to call this method as well, if they want to access the > account. IIRC, the plan was to have a scope-config tool which would do > that on their behalf. > (the other option is to go to the Accounts panel in the system settings, > click on the desired account and enable the application/scope from there) > I've done that for these scopes (which used to work) but am still not able to get an access token > > Ciao, > Alberto >
-- Mailing list: https://launchpad.net/~ubuntu-phone Post to : ubuntu-phone@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-phone More help : https://help.launchpad.net/ListHelp
