[aur-general] Oauth client IDs inside AUR package

Giancarlo Razzolini grazzolini at archlinux.org
Sat Sep 4 13:44:04 UTC 2021

Em setembro 4, 2021 10:27 j.r via aur-general escreveu:
> Hi,
> I'm currently trying to package multimc5 as VCS package. They recently
> added support for logging into your Minecraft account via a Microsoft
> account. But this requires a Microsoft client ID during compile. Now the
> devs decided to not make the client ID for their own builds public.
> Which they are okay to do, but this now comes with the problem that
> there is no client ID that a AUR package could use for oauth with
> Microsoft. I'm able to build it with my own client ID locally, but my
> question is now if there is any best practice on how to include such
> things into a package? Should we require users to create their own
> client secret, which is pretty bad UX?
> Best regards
> j.r

I think that, since this is an AUR package, you should tell the users to generate
and use their own keys. Having said that, there are plenty of packages on the official
repositories, specially browsers, that ship with distro obtained keys.

Giancarlo Razzolini
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20210904/51063e6d/attachment.sig>

More information about the aur-general mailing list