SUMMARY upper case letters of the encoded ID in the protocol link for signing into a Slack workspace are being incorrectly set to lowercase when using Chromium based browsers (e.g., Chrome Brave (Version 1.33.106, Chromium: 96.0.4664.110 (Official Build))) STEPS TO REPRODUCE 1. Install slack desktop app 2. Install a chromium based browser and set it as the default browser 3. Launch Slack and sign in 4. Focus is switched to the default browser 5. user signs in and focus switches back to the slack desktop app OBSERVED RESULT Focus transfer back to the desktop app but the user is not signed in to slack in the desktop app. We have determined this is caused by the encoded ID being converted to lowercase. EXPECTED RESULT The token from the browser is accepted by the desktop app and the user is signed into their workspace in the Slack desktop app SOFTWARE/OS VERSIONS Windows: macOS: Linux/KDE Plasma: Kubuntu 20.04.4, Fedora 35 (available in About System) KDE Plasma Version: 5.18.8 KDE Frameworks Version: 5.68.0 Qt Version: 5.12.8 ADDITIONAL INFORMATION the encoded value/token in the browser is uppercase, but at some point, it is converted to lowercase which is not accepted by the desktop app. Firefox does not convert the encoded id to lowercase. This only happens on KDE Plasma using Chromium based browsers and not on any other Desktop Environment. We found an issue filed against the cli-tools for kde-open5 which might be similar but we aren't sure (https://bugs.kde.org/show_bug.cgi?id=429408)
Hi, The problem is the following: Chrome calls xdg-open, which calls kde-open5, which uses KIO::OpenUrlJob internally. That uses QUrl everywhere to parse and store urls. The problem is that QUrl internally sanitizes the hostname part of the url (anything between the slack:// and the next /) and thereby converts it to lowercase. Whether that behavior makes sense can probably debated a lot, but it makes some kind of sense when thinking about the hostname in terms of a DNS name. Firefox does not use xdg-open for this and instead implements the opening itself, which is why it works fine there. I can think of three approaches to address this problem: 1. QUrl is changed to preserve uppercase letters in the hostname. Should be technically doable, but my gut feeling tells me such a change would not be accepted by the QUrl maintainers since the behavior makes some kind of sense. Also it would take quite a while for the fix to arrive at end users 2. Rewrite OpenUrlJob to not use QUrl for this. This would require touching a lot of code, including public API, and be quite complex, so I'd really like to avoid that 3. Slack is changed to not use uppercase letters in the hostname part of the URL or compares the received URL case-insensitively. This is IMHO the most pragmatic and straight-forward solution, and there might be other systems that behave like KDE does. However it's out of my control so I can't judge how feasible it is
I agree with Nicolas (amazing investigation, BTW!). Slack itself should be fixed here. If not, trying a Qt fix would be the better option that changing openUrlJob and everything that uses it.
(In reply to Nate Graham from comment #2) > I agree with Nicolas (amazing investigation, BTW!). Slack itself should be > fixed here. If not, trying a Qt fix would be the better option that changing > openUrlJob and everything that uses it. Here is a work-around. Drop it in /usr/local/bin/xdg-open so it gets opened first. You will need to make it executable. #!/bin/bash # Wrapper for xdg-open which fixes auth for Slack URLs # if [[ "${1:-}" =~ ^slack:// ]]; then exec /usr/lib/slack/slack "$@"; fi exec /usr/bin/xdg-open "$@";
Since the favourite solution involves a change in Slack, has the company of Slack been notified of this issue?
I've submitted "Support request #4634800" to slack for this.
Is there any update on the submitted support request? It seems I still have this problem.
A simple experiment demonstrates how xdg-open works: [code] $ xdg-mime query default x-scheme-handler/mock mock.desktop $ cat .local/share/applications/mock.desktop [Desktop Entry] Name=Mock URI Handler Exec=echo %u >> ~/mockfile Type=Application MimeType=x-scheme-handler/mock $ xdg-open mock://SLACKISBUGGY $ xdg-open mock:/SLACKISBUGGY $ xdg-open mock:SLACKISBUGGY $ cat mockfile mock://slackisbuggy mock:/SLACKISBUGGY mock:SLACKISBUGGY [/code] RFC 3986 defines whats between "//" and "/" as an authority (*The host subcomponent is case-insensitive. The presence of a host subcomponent within a URI does not imply that the scheme requires access to the given host on the Internet.* and *Although host is case-insensitive, producers and normalizers should use lowercase for registered names and hexadecimal addresses for the sake of uniformity, while only using uppercase letters for percent-encodings.*). As such, Slack, as a consumer of an URI needs to handle the host part of the authority component case-insensitive. Or opt into other URI forms that don't rely on authority component e.g. "slack:" or "slack:/". Also, notice the verbiage used (normalizers SHOULD use lowercase). If QUrl did not lowercase hostnames, that wouldn't make QUrl less conformant to the RFC as the final consumer should be guaranteeing that. TLDR; Slack is clearly non-complaint to URI RFC, QUrl doesn't need to be so strict and is it even necessary to rely on QUrl to figure out the scheme handler?