| Summary: | Can't connect to gtalk account (Authentication failed: invalid-authzid) | ||
|---|---|---|---|
| Product: | [Unmaintained] telepathy | Reporter: | Georgy <kirichenkoga> |
| Component: | auth-handler | Assignee: | Telepathy Bugs <kde-telepathy-bugs> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | aaronhoneycutt, costallat, emilsedgh, fabio.coatti, gonzalez.rod.a, ivan.cukic, kirichenkoga, martin.blumenstingl, miracle, mklapetek, monsieurantoine, nico.kruber, null, rdieter, sgmoore, steve.mckuhr, xeno |
| Priority: | NOR | ||
| Version: | 15.08.2 | ||
| Target Milestone: | Future | ||
| Platform: | Gentoo Packages | ||
| OS: | Linux | ||
| Latest Commit: | http://commits.kde.org/kaccounts-integration/fe6b9c7b2511ba5ebc15542b0b7280c55e17ffa4 | Version Fixed In: | 15.12.0 |
| Sentry Crash Report: | |||
| Attachments: |
kaccounts integration patch
Logfile while adding a new google jabber account with sessionResponse qDebugs in place new patch |
||
|
Description
Georgy
2015-11-06 14:18:34 UTC
Thanks for the report First of all please always put long logs into an attachment, there's a link below the reply box "Add an attachment", thanks. That said, I believe it may be due to some sasl packages being buggy. What's your libqca-qt5 version? Hi Martin > First of all please always put long logs into an attachment Oh, i am sorry, will do it in future > That said, I believe it may be due to some sasl packages being buggy. What's your libqca-qt5 version? I tried to use qca versions 2.1.0.3 and 2.1.1, but behaviour is the same. I tried this with new clean Gentoo and Kubuntu (live dvd from 2015-10-02) installations and nothing changed. > Oh, i am sorry, will do it in future
No worries, it's just that you have to scroooooooooll a lot to get to comments ;)
Looking around the internet, it has something to do with sasl things, eg. adium/libpurple had the same problem when using cyrus-sasl. And because it happens only for some users, I just need to pinpoint which lib and which version is affecting this.
Will look on Monday.
Scarlett Clark and I have this bug in 15.08.3 over at Kubuntu 15.10 as well so it is upstream and still there for sure. I think, i found the problem, the AccountUsername field is empty in received credentials data by ktp-auth-handler(x-telepathy-sso-google-operation.cpp):
void XTelepathySSOGoogleOperation::gotCredentials(KJob *kjob)
{
GetCredentialsJob *job = qobject_cast< GetCredentialsJob* >(kjob);
QVariantMap credentialsData = job->credentialsData();
QByteArray data;
data.append("\0", 1);
data.append(credentialsData["AccountUsername"].toByteArray());
qDebug() << "Acc name: " << credentialsData["AccountUsername"]; // output is empty
data.append("\0", 1);
data.append(credentialsData["AccessToken"].toByteArray());
qDebug() << "Received Google credentials, starting auth mechanism...";
m_saslIface->StartMechanismWithData(QLatin1String("X-OAUTH2"), data);
}
But i am not sure about root cause of this: signond oauth2 plugin (hasn't this attribute too in received token) or ktp-auth-handler bug
Created attachment 95543 [details]
kaccounts integration patch
KAccounts integration patch to support gtalk auth
I found possible root cause of problem - in GetCredentialsJob handler in kaccounts integration package we try to use "username" attribute of Accounts::Account class, but this is not existent. I think, we should use "name" attribute instead of "username". I can't check it for another accounts, but for gtalk this works fine. @Georgy The patch fixes the issue for me. If both string keys are possible, it might be wise to support both keys. The patch fixes the issue for me too. Nice investigation Georgy, this patch is not entirely correct though; "username" property does exist, it's being set during account creation in createaccounts.cpp line 183.
But apparently at the point it's being set, it's not yet in SignOn::IdentityInfo and so this patch just masks the actual bug. This is probably because of the needed roundtrips between the database and libsignon and a possible race condition.
Can you please try replacing the line 165 in createaccount.cpp
m_identity->queryInfo();
with this instead:
m_identity->storeCredentials();
connect(m_identity, &SignOn::Identity::credentialsStored, m_identity, &SignOn::Identity::queryInfo);
...then try adding the Google account again and see if that fixes it? Be sure to remove your patch first.
@Martin, this fix does not work for me, additionally after creating account has empty label. I will try to investigate your solution. Ok, can you try putting this block into sessionResponse()
qDebug() << "Response:";
qDebug() << "\tToken:" << data.getProperty("AccessToken");
qDebug() << "\tExpires:" << data.getProperty("ExpiresIn");
qDebug() << "\tCaption:" << data.Caption();
qDebug() << "\tControlTokens:" << data.getAccessControlTokens();
qDebug() << "\tPropertyNames:" << data.propertyNames();
qDebug() << "\tProxy:" << data.NetworkProxy();
qDebug() << "\tRealm:" << data.Realm();
qDebug() << "\tSecret:" << data.Secret();
qDebug() << "\tUsername:" << data.UserName();
qDebug() << "\t:" << data.getProperty("ScreenName");
and see if we get proper "Username" here? Then maybe we should take it from the session data.
Btw. if you're on irc, ping mck182 in #kde-telepathy, we could get through it faster that way.
I am suffering from the same problem, using the official Arch Linux packages: kaccounts-integration 15.08.3-1 kaccounts-providers 15.08.3-1 libsignon-glib 1.12-2 signon 8.58-1 signon-kwallet-extension 15.08.3-1 signon-plugin-oauth2 0.23-1 signon-ui 0.17+15.10.20150810-1 telepathy-accounts-signon 1.0-1 ... Using the "Google" login method (OAuth2 I guess) works fine as a workaround. @Martin Klapetek: I have added those lines to kaccounts-integration-15.08.3/src/jobs/createaccount.cpp, however I'm not sure where those qDebug()s should be shown. I even went for a version that writes the result to a file (https://paste.kde.org/ptjfwqmsy), but that file is not written when I: # Delete the existing account # Create a new "Jabber" account # Connect to this new jabber accocunt When using the Google authentication method that file does get written. *** Bug 355802 has been marked as a duplicate of this bug. *** > @Martin Klapetek: I have added those lines to kaccounts-integration-15.08.3/src/jobs/createaccount.cpp, however I'm not sure where those qDebug()s should be shown.
You need to run "kcmshell5 kcm_kaccounts" from konsole, it would show up there.
I don't know if it is still relevant, however this is what I got with the above debug code:
Response:
Token: QVariant(QString, "ws25.-STRIPPED-")
Expires: QVariant(int, 3600)
Caption: ""
ControlTokens: ()
PropertyNames: ("AccessToken", "ExpiresIn", "RefreshToken")
Proxy: ""
Realm: ""
Secret: ""
Username: ""
: QVariant(Invalid)
Created attachment 95783 [details]
Logfile while adding a new google jabber account with sessionResponse qDebugs in place
@Martin K.: I have added those qDebugs but I don't get any of that output (= same result as with my "write to file" solution).
I attached the logfile here, see add-jabber-account-with-sessionResponse-qdebugs.txt
I did some investigation and found that username parameter was written in service params in accounts db instead of account params. After fixing i can connect to gtalk account. New patch is attached. Created attachment 95864 [details]
new patch
(In reply to Georgy from comment #19) > Created attachment 95864 [details] > new patch Just tried this patch and indeed I'm able to login, thanks! However, in service configuration popup, the email address is still displayed incorrectly (gmail.com). Does both patches must be applied or it is a different issue? Many thanks again for the patch *** Bug 354206 has been marked as a duplicate of this bug. *** Georgy - yes, this patch is spot on. Good work! Do you have commit access? Otherwise I'll push it for you (I just need your full name for the commit, you can send that in private). *** Bug 356243 has been marked as a duplicate of this bug. *** (In reply to Martin Klapetek from comment #22) > Georgy - yes, this patch is spot on. Good work! Do you have commit access? > Otherwise I'll push it for you (I just need your full name for the commit, > you can send that in private). Hi Martin, i don't have commit access yet, my full name is Georgy Kirichenko Git commit fcc6aa7dd630cf6be1a2085426920ad9bbb2b57a by Martin Klapetek, on behalf of Georgy Kirichenko. Committed on 04/12/2015 at 19:01. Pushed by mklapetek into branch 'Applications/15.12'. [createaccount] Fix wrongly set username on a service instead of account FIXED-IN: 15.12.0 M +3 -3 src/jobs/createaccount.cpp http://commits.kde.org/kaccounts-integration/fcc6aa7dd630cf6be1a2085426920ad9bbb2b57a Git commit fe6b9c7b2511ba5ebc15542b0b7280c55e17ffa4 by Martin Klapetek, on behalf of Georgy Kirichenko. Committed on 04/12/2015 at 19:01. Pushed by mklapetek into branch 'master'. [createaccount] Fix wrongly set username on a service instead of account FIXED-IN: 15.12.0 M +3 -3 src/jobs/createaccount.cpp http://commits.kde.org/kaccounts-integration/fe6b9c7b2511ba5ebc15542b0b7280c55e17ffa4 Not sure how this propagates so I would like to ask: When can we expect to have the fixed version in openSUSE 42.1 Leap repo? I'm sorry but you'll have to ask your distro packagers that question. I've notified the KDE distro packagers that this should be backported, if/how/when is fully up to them. Sorry. (everybody try nagging your distros though) Thanks Martin! actually, I still cannot connect to my gtalk account although I am on 15.12.1 using openSUSE Leap 42.1 with KDE:Applications repo (amongst others). Maybe I'm using a wrong configuration? (the same I was using with Kopete) I configured my account as Jabber/XMPP with Jabber ID xxx@gmail.com, Server talk.google.com, Port 5223, "Require encrypted connection" and "Use old-style SSL" both ticked. FYI: I do not have the 2-phase verification enabled and have "Allow less secure apps ON" |