Open TheDcoder opened 1 year ago
xou816
commented
1 year ago This issue should be fairly easy to fix since I think it's just a quirk in spot's implementation of the secret service which might work with GNOME or KDE but not with KeePassXC.
That's one way to see it -- it could just as well be KeePassXC not implementing the secrets interface correctly :wink:
I don't have KeePassXC atm, it's worth investigating with a tool such as https://flathub.org/apps/org.gnome.dspy
TheDcoder
commented
1 year ago Fair enough, so I tested it with secret-tool from libsecret:
$ secret-tool lookup spot_credentials yes
{"username":"<REDACTED>","password":"<REDACTED>","token":"<REDACTED>","token_expiry_time":{"secs_since_epoch":1685608276,"nanos_since_epoch":271279756},"country":"<REDACTED>"}I think it's working properly :slightly_smiling_face:
xou816
commented
1 year ago Works fine if I disable the options to prompt before allowing a third party app to read password: (excuse my French)
So you're right, in a way, the integration could be better to support this kind of prompt to unlock the collection.
xou816
commented
1 year ago Probably this? https://freedesktop.org/wiki/Specifications/secret-storage-spec/secrets-api-0.1.html#authentication-unlocking
which doesn't seem to be supported by https://docs.rs/secret-service/latest/secret_service/ atm
xou816
commented
1 year ago Don't have much time atm, but could be interesting to contribute to the crate above, or switch to something different (ashpd would probably be a good idea)
TheDcoder
commented
1 year ago Works fine if I disable the options to prompt before allowing a third party app to read password: (excuse my French)
Ah, so that's the thing responsible for the issue! Also I think this is the first time I ever saw someone using "excuse my French" in a literal an unsarcastic manner :smile:
Probably this? https://freedesktop.org/wiki/Specifications/secret-storage-spec/secrets-api-0.1.html#authentication-unlocking
which doesn't seem to be supported by https://docs.rs/secret-service/latest/secret_service/ atm
Looks like the right thing to me, and it doesn't look like anyone has reported the lack of this feature to upstream yet. Maybe you can create an issue there to keep track?
xou816
commented
1 year ago (pun definitely intended :smile: )
Sure, I could do that, I'll need to check properly however, I just had a quick look and didn't see it, but I might have missed it!
TheDcoder
commented
1 year ago @xou816 By the way, this might be unrelated to this issue, but spot seems to be refreshing the login token each time, is this intended behavior?
I know that this is happening because KeePassXC prompts me when secrets are updated, and I also get an email from Spotify about the login each time.
spotifyd doesn't do this, it stores the token and reuses it on subsequent launches.
xou816
commented
1 year ago We do reuse the token, but it's got a very short lifetime (about half an hour iirc)
There are probably a few things we could do better with regards to authentication -- there are a couple issues open mentioning just that
Describe the bug spot doesn't seem to be able to recall credentials if the secret service provider is KeePassXC, but it can store them during initial attempt.
Closing it and launching it again results in spot asking for credentials again, even though the secret store is open with the credentials present in it.
There's no additional information in the console output from spot.
To Reproduce
Rootgroup underExpose entries under this group. At this point, the integration should be complete.Expected behavior Spot opens up without prompting for credentials
General information:
spot-client 0.4.0-1Stack trace: If applicable, run the application from a terminal and paste relevant log output.
Additional context This issue should be fairly easy to fix since I think it's just a quirk in spot's implementation of the secret service which might work with GNOME or KDE but not with KeePassXC.