Ubuntu Online Accounts: credentials management for ......BackgroundDemoApplication developer...

Background Demo Application developer guide Summary

Ubuntu Online Accounts: credentialsmanagement for application developers

David King, amigadave@amigadave.com

2nd February 2013 11:45–12:05 / FOSDEM

Background Demo Application developer guide Summary

Outline

1 BackgroundOverviewComponentsUI components

2 Demo

3 Application developer guide

4 Summary

Background Demo Application developer guide Summary

Outline

1 BackgroundOverviewComponentsUI components

2 Demo

3 Application developer guide

4 Summary

Background Demo Application developer guide Summary

History of accounts-sso

non-UI components of UOApart of MeeGo and used in the N9will(?) be used in Tizen, KDE integration in progressLGPL 2.1 licensehosted on Google Code

Background Demo Application developer guide Summary

Terminology

account: given by a provider to a user, and allows accessto servicesprovider: gives out accounts to users, as well as allowingthem to use the accounts with a variety of servicesservice: hosted by a provider, and allows the user toperform some taskservice type: describes the primary functionality providedby a service, and is a useful way to group similar services

Background Demo Application developer guide Summary

Architectural overview

Background Demo Application developer guide Summary

Outline

1 BackgroundOverviewComponentsUI components

2 Demo

3 Application developer guide

4 Summary

Background Demo Application developer guide Summary

libaccounts-glib

C/GObject account database implementationC++/Qt bindings (libaccounts-qt)stores account settings, but no passwords/secretsno dependency on other UOA components

Background Demo Application developer guide Summary

libsignon

C/GObject and C++/Qt wrappers around signondforwards requests over D-Bus to signondthin wrapper over the (slightly ugly) D-Bus API

Background Demo Application developer guide Summary

Account plugins

helper modules loaded by the Control Center panel tocreate, edit, reauthenticate or delete an accountclient of both libaccounts and libsignonsimple API (especially for OAuth accounts)XML formats for describing providers, services and servicetypes

Background Demo Application developer guide Summary

Outline

1 BackgroundOverviewComponentsUI components

2 Demo

3 Application developer guide

4 Summary

Background Demo Application developer guide Summary

signon-ui

provides WebKit view for OAuth authentication processprovides simple dialogues for password authenticationintegrates with system indicator to prompt user forreauthentication

Background Demo Application developer guide Summary

gnome-control-center-signon

applet module for GNOME Control Center (requirespatched Control Cneter)also available as a standalone preferences applicationuse libaccounts to enumerate the accounts, and calls outto account-specific plugins as necessary

Background Demo Application developer guide Summary

UOA demo

Play demo video

Background Demo Application developer guide Summary

Basic concepts

no account management UI provided in the application;provide a dedicated account plugin and invoke the ControlCenter panel insteadenumerate the available accounts and select ones relevantto the applicationfetch the credentials and use them as normal(application-specific)

Background Demo Application developer guide Summary

Enumerating accounts

create a new AgManager for the desired service type, torestrict the emitted signals to be related only to that serviceconnect to the “enabled-event” handler on the managerfetch the currently-enabled services and process themignore the services which are disabled or part of a disabledaccount

Background Demo Application developer guide Summary

Logging in

fetch the AgAuthData from the AgAccountServiceoptionally add further authentication parameterspass the signon information to a new SignonAuthSession,together with a result callbackprocess the reply in the callback and either use theauthentication parameters or report the error

Background Demo Application developer guide Summary

Registering an application with UOA

add an XML .application manifest and install it to$(prefix)/share/accounts/applications

list services and service types if you want aservice-specific descriptionuse intltool to provide gettext translations

Background Demo Application developer guide Summary

Invoking the Online Accounts panel

call the credentials-preferences script, which will inturn call the Control Center or standalone preferencesbinaryuse the application=application-id argument tostart with an application selected at startupuse the account-details=account-id argument tostart with an account selected at startup

Background Demo Application developer guide Summary

Adding an application-specific options widget

replaces the in-application account optionssubclass the ApplicationPlugin class from libaccount-plugintied to the settings panel, so must be a GModule whichexports a GtkWidget (but could use XEmbed with aGtkSocket)

Background Demo Application developer guide Summary

Summary

UOA simplifies credentials management for applicationdevelopers

Outlookconvenience library for simpler UOA consumption byapplicationsapplication-specific OAuth API keys

Background Demo Application developer guide Summary

Acknowledgements

Alberto Mardegan, UOA tech leadFOSDEM and devroom organisersyou, for listening

Convenience library for applications

single library for applications to consume, rather thanseveralpossibility of different backends for non-UOA credentialsproviderseasier to test/mock for applications

Ubuntu contributor agreement

required for Launchpad-hosted UOA projectsgrants certain rights to Canonical

Web credentials indicator

used to report authentication failures to the usercan be queried by applications over D-Bus