GNOME Bugzilla – Bug 647007
Gmail two step authentication system
Last modified: 2014-10-22 09:03:48 UTC
Created attachment 185404 [details] This is a screenshot for that The 2 step authentication system is a PIN based login system which Google has integrated recently. In this system,we get a pin in our mobile via message( genrally 6 digits) or call ( generally 5 digits). This is this PIN which has to provided at the Authentication page to view mail' and use the chat service.Currently empathy gives a message of 'Disconnected-Authentication failed' and with the implementation of this any one with two step authentication system can easily use empathy for chatting
Do you have documentation about this auth system? Does it implement a SASL mechanism?
I dont have much clue on that, but as of now I can provide these http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html http://www.google.com/support/accounts/bin/static.py?page=guide.cs&guide=1056283&topic=1056287 Also I am willing to contribute empathy on these bugs. So how should I proceed and resolve this and commit to the project! :)
First step would be to understand the underlying protocol and see how it works. Then we should probably extend the Telepathy specification in order to support such auth mechanism.
<cassidy> wjt, so we should a) implement this mechanism in Gabble b) implement it in Empathy ? <wjt> (b) <wjt> based entirely on guesswork, you use the regular web-based google account authentication thing to get a token <wjt> and then you use that token to use the X-GOOGLE-TOKEN SASL mechanism <wjt> and it would just so happen that, if the user has enabled two-step auth, the web-based auth thing would involve two steps <cassidy> wjt, Gabble shoudln't be patched to recognize this mechanism and expose it in the SASL channel ? <wjt> cassidy: no; it exposes every sasl mechanism it sees, and people have already written auth channel handlers for X-GOOGLE-TOKEN, so this isn't even hypothetical :)
*** Bug 647160 has been marked as a duplicate of this bug. ***
Reopening as I can't see any open non developer question.
I think this is a GOA's job. Empathy will just take the access-token from GOA (bug #652546).
The two step verification remembers each computer via cookie[1]. Maybe GOA doesn't save cookies and that make this problem. [1] http://support.google.com/accounts/bin/answer.py?hl=en&topic=1056283&answer=1185133#remembercomp
*** Bug 679899 has been marked as a duplicate of this bug. ***
From GNOME 3.8 we use OAuth2 for Google, including GTalk (if you use Empathy and GOA). It should work for those using 2-factor authentication. See bug 652546 Strictly speaking 2-factor authentication worked even before but not in Empathy, because GTalk needed OAuth2 tokens while we had OAuth1. *** This bug has been marked as a duplicate of bug 652546 ***
might be related to a larger auth issue. I've filed a bug: Bug 738995