Help with adding a new provider in accounts SSO

bernardogn · January 23, 2024, 11:05pm

Hello,

I’ve been trying to add a Microsoft provider to accounts-sso so I can make a OneDrive kio plugin.
Microsoft uses a fairly standard OAUTH2 flow for authentication, very similar to Google’s. It is documented here.
I tried to add this to /usr/share/accounts/providers/kde/:

<?xml version="1.0" encoding="UTF-8"?>
<provider id="microsoft">
  <name>Microsoft</name>
  
  <description>Includes Microsoft OneDrive</description>
  <icon>im-google</icon>
  <translations>kaccounts-providers</translations>
  <domains>.*microsoftonline\.com|.*live\.com|.*microsoft\.com</domains>

  <template>
    <group name="auth">
      <setting name="method">oauth2</setting>
      <setting name="mechanism">web_server</setting>
      <group name="oauth2">
        <group name="web_server">
          <setting name="Host">login.microsoftonline.com</setting>
          <setting name="AuthPath">common/oauth2/v2.0/authorize?prompt=select_account</setting>
          <setting name="TokenPath">common/oauth2/v2.0/token</setting>
          <setting name="RedirectUri">http://localhost/oauth2callback</setting>
          
          <setting name="ResponseType">code</setting>
          <setting type="as" name="Scope">[
              'files.readwrite.all',
              'offline_access'
          ]</setting>
          <setting type="as" name="AllowedSchemes">['https']</setting>
          <setting name="ClientId">CLIENTID_OMITTED</setting>
          <setting type="b" name="ForceClientAuthViaRequestBody">true</setting>
        </group>
      </group>
    </group>
  </template>
</provider>

An entry correctly appears in System Settings, and upon clicking, it does open a window, but the window is completely blank. Right-clicking only offers a “reload” button that briefly shows a spinning loading symbol then returns to the same blank screen.

Monitoring D-Bus using dbus-monitor, everything seems fine.

broulik · January 24, 2024, 1:31pm

There is a KIO and KGAPI (Google API) fork for One Drive, maybe we could salvage and upstream some of it

bernardogn · January 24, 2024, 2:20pm

Nice find. However, it looks like that needs a Microsoft KAccounts provider to already be installed (src/kaccountsmanager.cpp line 135) and there does not seem to be a mechanism in this repository to add a Microsoft KAccounts provider.

nicolasfella · January 27, 2024, 12:18am

There’s nothing obviously wrong in your snippet.

When running it on Fedora Rawhide (Plasma 6) Wayland I get the same empty window. Running the same thing on OpenSUSE, Plasma 5, X11, I get a microsoft login window.

It appears the problem is due to Qt6 (Webengine) or Wayland.

Edit: It also works on OpenSUSE Plasma 5 Wayland

bernardogn · January 31, 2024, 1:49pm

I think I found the issue: Fedora uses a very old version of signon-ui (here) instead of the updated version here. Thankfully, they’re discussing migrating to the newer version in this bug report.
When installing the newest version, everything works