10:39 p.m.
On Mon, 2013-07-29 at 09:39 +0000, Valluri, Amarnath wrote:
>-----Original Message-----
>From: Patrick Ohly [mailto:patrick.ohly@intel.com]
>Sent: Monday, July 29, 2013 11:51 AM
>To: Valluri, Amarnath
>Cc: Laako, Jussi; Kanavin, Alexander; SyncEvolution; ken(a)vandine.org;
>Alberto Mardegan
>Subject: Re: getting started with gSSO (was: Re: SyncEvolution + SSO +
>credentials)
>
>On Thu, 2013-07-25 at 09:47 +0000, Valluri, Amarnath wrote:
>> Please use oauth2 example in libgsignon-glib - examples branch, which
>is the complete working example.
>I tried it using the latest gsignond(devel), libgsignon-glib(examples),
>signonui-gtk and gsignond-plugin-oa from this morning.
[Amarnath] gsignond-plugin-oa: I hope you are using devel branch.
Yes.
>When I have signonui-gtk running when trying the command, that
error
>message does not show up, but there's no visible progress either.
>signonui-gtk then quits fairly quickly, as it always does when starting
>it manually. May I suggest adding a "--keep-running" option to simplify
>manual debugging?
[Amarnath] You can build UI with --disable-timeout option, that disables
auto kill timer.
Will do. I still find a runtime switch more useful, though.
>Speaking of terminating, I noticed that the GUI works if I start
>gsignond, then signonui-gtk and the example before that signonui-gtk
>instance terminates. After restarting signonui-gtk, it no longer works
>until I also restart gsignond. If I had to guess, then I would say
>gsignond does not properly handle restarting the UI.
[Amarnath] This is strange for me, It's atleast working fine in my testing.
I suspect its problem with gsignond<->gsignond-plugind interaction.
I suggest
to enable plugin timeout:
- build gsignond with --enable-debug option
- set SSO_PLUGIN_TIMEOUT=_timeout_in_seconds_
- then run gsignond
When doing that and using 5 seconds as timeout, I can restart the UI and
have it working on each attempt.
Let me know whether you need further information to debug this.
>When the GUI pops up, I can log in. But Google rejects to grant
the
>token. When using client ID/secret from Evolution (as pointed out before
>in this mail thread, those are publicly visible in
>https://git.gnome.org/browse/evolution-data-server/tree/modules/ubuntu-
>online-accounts/google-contacts.service.in.in) I get an error about the
>redirect URI "http://localhost" that is used by the example.
[Amaranth] I think you should replace the 'RedirectURI' in example code to use :
'https://live.gnome.org/Evolution'
That worked.
The Google web login told me that GNOME Evolution wants to retrieve
email addresses and wants to know who I am on Google. Is that the
"email" scope that is hard-coded into the libgsignond-glib example, or
is it related to how the client was registered with Google? Or both?
>When using my own client ID/secret for an app for which I have
enabled
>the CalDAV API, I get an error about the scope "email" hard-coded in the
>example. Not surprising. So, which Google API do I need to enable for
>the example? I looked for "GMail" or "mail", but that is not
currently
>offered to me.
[Amarnath] A wild guess : Scope is 'calendar' in this case.
I had an error in my command line (wrong combination of client
ID/secret). After fixing that, I was able to get a token for "email".
After recompiling with "calendar", it fails immediately without popping
up a dialog:
** (lt-google-oauth2-example:19038): WARNING **: get_google_token_cb:
GDBus.Error:com.google.code.AccountsSSO.gSingleSignOn.Error.NotAutherized: Authorization
server returned an error: invalid_request
Is that because "calendar" is invalid or because there is some cached
state somewhere?
--
Best Regards, Patrick Ohly
The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.