[Libreoffice-bugs] [Bug 101630] Google Drive two-factor authentication (2FA) not working again

Fri Feb 5 10:41:58 UTC 2021

https://bugs.documentfoundation.org/show_bug.cgi?id=101630

--- Comment #73 from Christian Lohmaier <cloph at documentfoundation.org> ---
(In reply to Colin from comment #70)
> This from Google drive support in response to me asking them how to gain
> access;
> 
> When you contact Libre Office Support, please let them know that you need
> help with the 6 digit PIN so that it will allow remote access from your
> Libre Office account.
> 
> Where does the 6 digit pin originate?

That pin was part of the now no longer supported login mechanism into your
gdrive account, it wasn't used by LibreOffice as a pin or password to protect
the documents, but rather just how the login worked..

> I imagine even if LO fixes the issue then "newer" LO users who haven't
> previously availed themselves of the service simply won't have a 6 Digit PIN.

And they won't need that pin.

> That's certainly my situation. I'm not trying to access existing files, just
> trying to implement the cloud storage for some CALCs by File> Open Remote>
> Add Service (from the dropdown menu defaulting to Manage services.

Both cases will be solved when the login/token generation is changed as
described in comment#67, similar as it has been done for onedrive for 7.1.0
(fixing gdrive login is on the todo, but just didn't make it into 7.1.0).

So then the user-experience would be (for the time being): 
* User chossed to open/save to remote service
* LO asks to copy the login URL to browser
* User logs in to the service using their browser, granting LibreOffice the
access privileges if not already done so in the past
* browser will return a code that has to be pasted back into the LibreOffice
window
→ for the duration of the LO session, LO can then create access tokens and
won't have to ask the user again.

To be fully clear: I know that this is not a great user-experience, so the
copy-the-code-back to the LibreOffice window can be solved by having
LibreOffice listen on a localhost address and setting the redirect URL to that
localhost address, so that would eliminate the need for manually copy'n'paste.
But the bigger drawback is that currently LibreOffice doesn't store the
refresh_token, so it will have to ask every time LO is started and the files
are accessed. (typically they are valid for multiple weeks/months)
They should be securely stored locally, so the most natural way would be to use
LibreOffice's password-store for that, so the user only would have to unlock it
using the master password and not do the login-dance.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/libreoffice-bugs/attachments/20210205/bdee6789/attachment.htm>