Request polkit auto-connection for open-authenticator

Skyost · May 10, 2025, 11:49am

name: open-authenticator
description: A cross-platform OTP app, free and open-source.
snapcraft: OpenAuthenticator/snap/snapcraft.yaml at main · Skyost/OpenAuthenticator · GitHub
upstream: GitHub - Skyost/OpenAuthenticator: Secure your online accounts with Open Authenticator : a free, open-source and lovely-crafted TOTP manager.
upstream-relation: snap publisher is also the upstream developer
interfaces:
- polkit:
  - request-type: installation, auto-connection
  - reasoning: Open Authenticator uses a Polkit-based authentication mechanism to authorize access to sensitive operations, such as unlocking stored OTP secrets using local user credentials (see how everything is handled here : OpenAuthenticator/linux/my_application.cc at main · Skyost/OpenAuthenticator · GitHub). Without this interface, the app cannot trigger system authentication prompts, degrading user experience and usability. Auto-connecting this interface ensures that security-sensitive operations are properly authorized with Polkit out of the box, without requiring users to manually connect interfaces post-install.

store-requests-bot · May 10, 2025, 11:50am

This request has been added to the queue for review by the @reviewers team.

Skyost · May 12, 2025, 7:29am

Also, here’s the polkit.app.openauthenticator.policy :

<?xml version="1.0" encoding="UTF-8"?>
<policyconfig>
  <action id="app.openauthenticator.openApp">
    <description gettext-domain="polkit.app.openauthenticator">Authentication required</description>
    <message gettext-domain="polkit.app.openauthenticator">Authenticate to access the app.</message>
    <defaults>
      <allow_any>auth_self</allow_any>
      <allow_inactive>auth_self</allow_inactive>
      <allow_active>auth_self</allow_active>
    </defaults>
  </action>
  <action id="app.openauthenticator.sensibleAction">
    <description gettext-domain="polkit.app.openauthenticator">Authentication required</description>
    <message gettext-domain="polkit.app.openauthenticator">Authenticate to continue.</message>
    <defaults>
      <allow_any>auth_self</allow_any>
      <allow_inactive>auth_self</allow_inactive>
      <allow_active>auth_self</allow_active>
    </defaults>
  </action>
  <action id="app.openauthenticator.enable">
    <description gettext-domain="polkit.app.openauthenticator">Authentication required</description>
    <message gettext-domain="polkit.app.openauthenticator">Authenticate to enable local authentication.</message>
    <defaults>
      <allow_any>auth_self</allow_any>
      <allow_inactive>auth_self</allow_inactive>
      <allow_active>auth_self</allow_active>
    </defaults>
  </action>
  <action id="app.openauthenticator.disable">
    <description gettext-domain="polkit.app.openauthenticator">Authentication required</description>
    <message gettext-domain="polkit.app.openauthenticator">Authenticate to disable local authentication.</message>
    <defaults>
      <allow_any>auth_self</allow_any>
      <allow_inactive>auth_self</allow_inactive>
      <allow_active>auth_self</allow_active>
    </defaults>
  </action>
</policyconfig>