[aur-general] Oauth client IDs inside AUR package
Hi, I'm currently trying to package multimc5 as VCS package. They recently added support for logging into your Minecraft account via a Microsoft account. But this requires a Microsoft client ID during compile. Now the devs decided to not make the client ID for their own builds public. Which they are okay to do, but this now comes with the problem that there is no client ID that a AUR package could use for oauth with Microsoft. I'm able to build it with my own client ID locally, but my question is now if there is any best practice on how to include such things into a package? Should we require users to create their own client secret, which is pretty bad UX? Best regards j.r
Em setembro 4, 2021 10:27 j.r via aur-general escreveu:
Hi,
I'm currently trying to package multimc5 as VCS package. They recently added support for logging into your Minecraft account via a Microsoft account. But this requires a Microsoft client ID during compile. Now the devs decided to not make the client ID for their own builds public. Which they are okay to do, but this now comes with the problem that there is no client ID that a AUR package could use for oauth with Microsoft. I'm able to build it with my own client ID locally, but my question is now if there is any best practice on how to include such things into a package? Should we require users to create their own client secret, which is pretty bad UX?
Best regards j.r
I think that, since this is an AUR package, you should tell the users to generate and use their own keys. Having said that, there are plenty of packages on the official repositories, specially browsers, that ship with distro obtained keys. Regards, Giancarlo Razzolini
On Sat Sep 4, 2021 at 3:44 PM CEST, Giancarlo Razzolini wrote:
I think that, since this is an AUR package, you should tell the users to generate and use their own keys. Having said that, there are plenty of packages on the official repositories, specially browsers, that ship with distro obtained keys.
Following up this answer, I'm thinking about what is the best way to get the client key during the build phase without the user needing to edit the PKGBUILD? Best regard j.r
Op 2021-09-11 om 22:14 heeft j.r via aur-general <aur-general@lists.archlinux.org> het volgende geschreven:
On Sat Sep 4, 2021 at 3:44 PM CEST, Giancarlo Razzolini wrote:
I think that, since this is an AUR package, you should tell the users to generate and use their own keys. Having said that, there are plenty of packages on the official repositories, specially browsers, that ship with distro obtained keys.
Following up this answer, I'm thinking about what is the best way to get the client key during the build phase without the user needing to edit the PKGBUILD?
Best regard j.r
This will likely be problematic with AUR helpers, since the build process isn't generally designed to be interactive. I think editing the PKGBUILD is less likely to draw confusion.
participants (3)
-
Giancarlo Razzolini
-
Hugo Osvaldo Barrera
-
j.r