Open TheDcoder opened 1 year ago
This issue should be fairly easy to fix since I think it's just a quirk in spot's implementation of the secret service which might work with GNOME or KDE but not with KeePassXC.
That's one way to see it -- it could just as well be KeePassXC not implementing the secrets interface correctly :wink:
I don't have KeePassXC atm, it's worth investigating with a tool such as https://flathub.org/apps/org.gnome.dspy
Fair enough, so I tested it with secret-tool
from libsecret:
$ secret-tool lookup spot_credentials yes
{"username":"<REDACTED>","password":"<REDACTED>","token":"<REDACTED>","token_expiry_time":{"secs_since_epoch":1685608276,"nanos_since_epoch":271279756},"country":"<REDACTED>"}
I think it's working properly :slightly_smiling_face:
Works fine if I disable the options to prompt before allowing a third party app to read password: (excuse my French)
So you're right, in a way, the integration could be better to support this kind of prompt to unlock the collection.
Probably this? https://freedesktop.org/wiki/Specifications/secret-storage-spec/secrets-api-0.1.html#authentication-unlocking
which doesn't seem to be supported by https://docs.rs/secret-service/latest/secret_service/ atm
Don't have much time atm, but could be interesting to contribute to the crate above, or switch to something different (ashpd would probably be a good idea)
Works fine if I disable the options to prompt before allowing a third party app to read password: (excuse my French)
Ah, so that's the thing responsible for the issue! Also I think this is the first time I ever saw someone using "excuse my French" in a literal an unsarcastic manner :smile:
Probably this? https://freedesktop.org/wiki/Specifications/secret-storage-spec/secrets-api-0.1.html#authentication-unlocking
which doesn't seem to be supported by https://docs.rs/secret-service/latest/secret_service/ atm
Looks like the right thing to me, and it doesn't look like anyone has reported the lack of this feature to upstream yet. Maybe you can create an issue there to keep track?
(pun definitely intended :smile: )
Sure, I could do that, I'll need to check properly however, I just had a quick look and didn't see it, but I might have missed it!
@xou816 By the way, this might be unrelated to this issue, but spot seems to be refreshing the login token each time, is this intended behavior?
I know that this is happening because KeePassXC prompts me when secrets are updated, and I also get an email from Spotify about the login each time.
spotifyd
doesn't do this, it stores the token and reuses it on subsequent launches.
We do reuse the token, but it's got a very short lifetime (about half an hour iirc)
There are probably a few things we could do better with regards to authentication -- there are a couple issues open mentioning just that
Describe the bug spot doesn't seem to be able to recall credentials if the secret service provider is KeePassXC, but it can store them during initial attempt.
Closing it and launching it again results in spot asking for credentials again, even though the secret store is open with the credentials present in it.
There's no additional information in the console output from spot.
To Reproduce
Root
group underExpose entries under this group
. At this point, the integration should be complete.Expected behavior Spot opens up without prompting for credentials
General information:
spot-client 0.4.0-1
Stack trace: If applicable, run the application from a terminal and paste relevant log output.
Additional context This issue should be fairly easy to fix since I think it's just a quirk in spot's implementation of the secret service which might work with GNOME or KDE but not with KeePassXC.