- name: open-authenticator
- description: A cross-platform OTP app, free and open-source.
- snapcraft: OpenAuthenticator/snap/snapcraft.yaml at main · Skyost/OpenAuthenticator · GitHub
- upstream: GitHub - Skyost/OpenAuthenticator: Secure your online accounts with Open Authenticator : a free, open-source and lovely-crafted TOTP manager.
- upstream-relation: snap publisher is also the upstream developer
- interfaces:
- polkit:
- request-type: installation, auto-connection
- reasoning: Open Authenticator uses a Polkit-based authentication mechanism to authorize access to sensitive operations, such as unlocking stored OTP secrets using local user credentials (see how everything is handled here : OpenAuthenticator/linux/my_application.cc at main · Skyost/OpenAuthenticator · GitHub). Without this interface, the app cannot trigger system authentication prompts, degrading user experience and usability. Auto-connecting this interface ensures that security-sensitive operations are properly authorized with Polkit out of the box, without requiring users to manually connect interfaces post-install.
- polkit:
This request has been added to the queue for review by the @reviewers team.
Also, here’s the polkit.app.openauthenticator.policy :
<?xml version="1.0" encoding="UTF-8"?>
<policyconfig>
<action id="app.openauthenticator.openApp">
<description gettext-domain="polkit.app.openauthenticator">Authentication required</description>
<message gettext-domain="polkit.app.openauthenticator">Authenticate to access the app.</message>
<defaults>
<allow_any>auth_self</allow_any>
<allow_inactive>auth_self</allow_inactive>
<allow_active>auth_self</allow_active>
</defaults>
</action>
<action id="app.openauthenticator.sensibleAction">
<description gettext-domain="polkit.app.openauthenticator">Authentication required</description>
<message gettext-domain="polkit.app.openauthenticator">Authenticate to continue.</message>
<defaults>
<allow_any>auth_self</allow_any>
<allow_inactive>auth_self</allow_inactive>
<allow_active>auth_self</allow_active>
</defaults>
</action>
<action id="app.openauthenticator.enable">
<description gettext-domain="polkit.app.openauthenticator">Authentication required</description>
<message gettext-domain="polkit.app.openauthenticator">Authenticate to enable local authentication.</message>
<defaults>
<allow_any>auth_self</allow_any>
<allow_inactive>auth_self</allow_inactive>
<allow_active>auth_self</allow_active>
</defaults>
</action>
<action id="app.openauthenticator.disable">
<description gettext-domain="polkit.app.openauthenticator">Authentication required</description>
<message gettext-domain="polkit.app.openauthenticator">Authenticate to disable local authentication.</message>
<defaults>
<allow_any>auth_self</allow_any>
<allow_inactive>auth_self</allow_inactive>
<allow_active>auth_self</allow_active>
</defaults>
</action>
</policyconfig>
+1 from me for open-authenticator snap on auto-connection of polkit interface. The snap has legitimate use-case for this. #voteFor
1 Like
+1 from me as well (#voteFor) as this seems a legitimate use-case for the polkit interface.
1 Like
Voting period has ended. This request is approved with 2 votes for and 0 votes against.
I will begin publisher vetting. For reference, @Skyost what is your github user attached with upstream?
@cav It’s also Skyost (https://github.com/Skyost).
Publisher is vetted. The request will be granted.
@Skyost - let me know once you upload a revision of the snapcraft.yaml to the store that includes the polkit interface as the current one does not include it. I’ll go ahead and update the declaration to make the changes live once that has happened! Thanks
Sure @cav, I’ll upload it during the week-end ! It takes some additional days because it still needs a little bit of work (eg. taking some screenshots of the app for linux).
Hello @cav, I just uploaded a revised build to snapcraft.io.
1 Like
Request has been granted. This is now live.
1 Like