AIM login

Mark Zeldis mark.zeldis at gmail.com
Tue Apr 11 11:40:50 EDT 2017 

Donald,

Can you confirm that you made the change last night?  I believe that the
MD5 login (and AIM 7.5) are gone.

Pidgin appears to be working still.  I guess there was no issue after all?
Are we good going forward?

Thanks everyone.

-Mark Zeldis


On Thu, Apr 6, 2017 at 9:05 AM, Donald Le <donald.le at teamaol.com> wrote:

> Eio et al,
>
> I was able to verify with Pidgin 2.12.0, startOSCARSession has the correct
> info *distId=1715&f=xml&k=do1UCeb5gNqxB1S1 *but they were not passed
> through our rules.
>
> Could you add to imApp=Pidgin/2.12.0 the devID? It should read:
> Pidgin/2.12.0 key=do1UCeb5gNqxB1S1.
>
> Our trace log should read:
> *Got FLAP CLIENT IDENTITY Pidgin/2.12.0 key=do1UCeb5gNqxB1S1*
> Note:...2.12.0(space)key...
>
>
> Thanks,
>
>
> *Donald Le*
> *Product Management and Support AIM Platform*
> *O*: 703-265-5645 <(703)%20265-5645> | *M*: 703-678-1073
> <(703)%20678-1073>
> *AIM*: donald.le at teamaol.com
> *AOL Inc**. 22070 Broderick Drive Dulles, VA 20166*
>
> On Mon, Apr 3, 2017 at 10:49 PM, Eion Robb <eion at robbmob.com> wrote:
>
>> Hi Donald,
>>
>> We've heard through a few of our support channels that you're still
>> seeing people not using the correct details when they're logging into AIM
>> from Pidgin.
>>
>> Dequis emailed you last month with the urls that we're fetching that are
>> indeed showing distId=1715 and devId=do1UCeb5gNqxB1S1 - he also asked if
>> you could send through the details of your Pidgin version that you were
>> testing with.
>>
>> Are you able to confirm which auth URLs we should be using so we can try
>> track down why you're not seeing the updated distId/devId?
>>
>> Cheers,
>> Eion
>>
>> On 14 March 2017 at 05:01, dequis <dx at dxzone.com.ar> wrote:
>>
>>> Hi, can confirm that finch is fixed now, thank you!
>>>
>>> That issue with pidgin 2.12.0 is really odd! I just tested both windows
>>> installers (online and offline) and they seem fine. We did have one user
>>> reporting a similar issue, but we couldn't reproduce it or explain it.
>>>
>>> Please verify the version with buddy list -> help menu -> about, the
>>> first line should say "Pidgin 2.12.0 (libpurple 2.12.0)" followed by
>>> "unknown". Also, help menu -> plugin information should say 2.12.0 for the
>>> AIM plugin. That kind of mixup is rare but who knows!
>>>
>>> You can also enable extra debug by opening cmd.exe and doing "set
>>> PURPLE_UNSAFE_DEBUG=1" before executing pidgin.
>>>
>>> Then open help menu -> debug window and connect the account. This is
>>> what I get:
>>>
>>> [...]
>>>> (12:27:52) certificate: Successfully verified certificate for
>>>> api.screenname.aol.com
>>>> (12:27:52) util: Request: 'POST /auth/clientLogin HTTP/1.0
>>>> Connection: close
>>>> Accept: */*
>>>> Content-Type: application/x-www-form-urlencoded; charset=UTF-8
>>>> Content-Length: 85
>>>>
>>>> devId=do1UCeb5gNqxB1S1&f=xml&pwd=[password]&s=dx%40dxzone.com.ar'
>>>> (12:27:53) util: Response headers: 'HTTP/1.1 200 OK
>>>> [...]
>>>> (12:27:53) util: requested to fetch (https://api.oscar.aol.com/aim
>>>> /startOSCARSession?a=[access token]&distId=1715&f=xml&k=do1
>>>> UCeb5gNqxB1S1&ts=1489418868&useTLS=1&sig_sha256=[signature]), full=1,
>>>> user_agent=((null)), http11=0
>>>>
>>>
>>> So as far as I can see everything is fine. I hope that helps narrow it
>>> down.
>>>
>>> By the way, is the message supposed to be shown on every login from a
>>> legacy auth method? I don't see it when I intentionally set pidgin to
>>> connect to "login.oscar.aol.com" with "don't use encryption" and
>>> "MD5-based" - it just succeeds without complaining.
>>>
>>> By the way, slogin.oscar.aol.com is down but login.oscar.aol.com isn't.
>>> I thought slogin.oscar.aol.com was supposed to die at the end of this
>>> month. I think that's breaking adium (mac OS X pidgin derivative) and we
>>> still haven't managed to contact their devs to fix it. So what is the fate
>>> of slogin supposed to be?
>>>
>>> Thanks.
>>>
>>> On 13 March 2017 at 09:38, Donald Le <donald.le at teamaol.com> wrote:
>>>
>>>> Hi again,
>>>>
>>>> I download Pidgin 2.12.0 and test login.
>>>>
>>>> The "new" distID and devID were not used, and I received the upgrade
>>>> message.
>>>> The client is still on the old distID and NO devID.
>>>> Could you double-check?
>>>>
>>>> LSI: PLOT  4224.8888   1502    10.172.189.32   Mon Mar 13 08:02:11 2017  bos_srv-l014b        Mon Mar 13 08:20:19 2017 bos_srv-l014b
>>>> LSI: PLOT  4224.8888   1502    10.172.189.32   Mon Mar 13 07:43:23 2017  bos_srv-l014b        Mon Mar 13 07:49:22 2017 bos_srv-l014b
>>>>
>>>>
>>>> Thanks,
>>>>
>>>>
>>>> *Donald Le*
>>>> *Product Management and Support AIM Platform*
>>>> *O*: 703-265-5645 <(703)%20265-5645> | *M*: 703-678-1073
>>>> <(703)%20678-1073>
>>>> *AIM*: donald.le at teamaol.com
>>>> *AOL Inc**. 22070 Broderick Drive Dulles, VA 20166*
>>>>
>>>> On Mon, Mar 13, 2017 at 7:33 AM, Donald Le <donald.le at teamaol.com>
>>>> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>>
>>>>> *The third said in the original email "No usage since August 2014 so
>>>>> no need new DistID and DevID", which is clearly wrong. There's also that
>>>>> "another libpurple" with distid 1502 which doesn't match any client we own,
>>>>> and we don't know how you found that one.*
>>>>> I can't explain but you did the right thing to use 1718 for Finch.
>>>>>
>>>>>
>>>>> *Did the 1718 distid get invalidated? Can you re-enable it so that we
>>>>> don't have to make another release?*
>>>>> Please try again now and let me know, I correct a typo in the devID
>>>>> just now.
>>>>>
>>>>> Thanks,
>>>>>
>>>>>
>>>>> *Donald Le*
>>>>> *Product Management and Support AIM Platform*
>>>>> *O*: 703-265-5645 <%28703%29%20265-5645> | *M*: 703-678-1073
>>>>> <%28703%29%20678-1073>
>>>>> *AIM*: donald.le at teamaol.com
>>>>> *AOL Inc**. 22070 Broderick Drive Dulles, VA 20166*
>>>>>
>>>>> On Sun, Mar 12, 2017 at 1:25 PM, dequis <dx at dxzone.com.ar> wrote:
>>>>>
>>>>>> Hey Donald!
>>>>>>
>>>>>> As you may have heard we already released pidgin 2.12.0 (together
>>>>>> with libpurple and finch 2.12.0), updating the distid/devids.
>>>>>>
>>>>>> Here's what we used:
>>>>>>
>>>>>> Pidgin:
>>>>>> Distid: 1715
>>>>>> Devid: do1UCeb5gNqxB1S1
>>>>>>
>>>>>> Libpurple:
>>>>>> Distid: 1717
>>>>>> Devid: ma19CwYN9i9Mw5nY
>>>>>>
>>>>>> Finch:
>>>>>> Distid: 1718
>>>>>> Devid: ma18nmEklXMR7Cj_
>>>>>>
>>>>>> The first two are normal.
>>>>>>
>>>>>> The third said in the original email "No usage since August 2014 so
>>>>>> no need new DistID and DevID", which is clearly wrong. There's also that
>>>>>> "another libpurple" with distid 1502 which doesn't match any client we own,
>>>>>> and we don't know how you found that one.
>>>>>>
>>>>>> So for the sake of avoiding a roundtrip in our communication and
>>>>>> getting the release packaged ASAP, we went ahead and used the remaining
>>>>>> 1718 distid for finch.
>>>>>>
>>>>>> This looks like it was a mistake, since we're now getting "Method not
>>>>>> allowed - clientLogin Not Allowed for this devId" errors in finch.
>>>>>>
>>>>>> Did the 1718 distid get invalidated? Can you re-enable it so that we
>>>>>> don't have to make another release?
>>>>>>
>>>>>> Thanks
>>>>>>
>>>>>> On 27 January 2017 at 01:54, Donald Le <donald.le at teamaol.com> wrote:
>>>>>>
>>>>>>> All,
>>>>>>>
>>>>>>> My comments are inline.
>>>>>>>
>>>>>>> Thanks,
>>>>>>>
>>>>>>>
>>>>>>> *Donald Le*
>>>>>>> *Tech Director | Product Management and Support AIM Platform*
>>>>>>> *O*: 703-265-5645 <%28703%29%20265-5645> | *M*: 703-678-1073
>>>>>>> <%28703%29%20678-1073>
>>>>>>> *AIM*: donald.le at teamaol.com
>>>>>>> *AOL Inc*. 22070 Broderick Drive Dulles, VA 20166
>>>>>>>
>>>>>>> On Thu, Oct 27, 2016 at 8:45 AM, Donald Le <donald.le at teamaol.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> All,
>>>>>>>>
>>>>>>>> Quick update: we had to delay AIM client upgrade due to other
>>>>>>>> integration, the date is tbd.
>>>>>>>> I will answer your questions in the coming weeks.
>>>>>>>>
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>>
>>>>>>>>
>>>>>>>> *Donald Le*
>>>>>>>> *Tech Director | Product Management and Support AIM Platform*
>>>>>>>> *O*: 703-265-5645 <%28703%29%20265-5645> | *M*: 703-678-1073
>>>>>>>> <%28703%29%20678-1073>
>>>>>>>> *AIM*: donald.le at teamaol.com
>>>>>>>> *AOL Inc*. 22070 Broderick Drive Dulles, VA 20166
>>>>>>>>
>>>>>>>> On Fri, Oct 14, 2016 at 2:58 AM, dequis <dx at dxzone.com.ar> wrote:
>>>>>>>>
>>>>>>>>> Hi, I have a couple of questions, since there may have been a
>>>>>>>>> misunderstanding here.
>>>>>>>>>
>>>>>>>>> Pidgin currently supports three auth methods for AIM:
>>>>>>>>>
>>>>>>>>> - MD5 using slogin.oscar.aol.com. Uses the DistID, does not use
>>>>>>>>> the DevID
>>>>>>>>>
>>>>>>>>
>>>>>>> <Donald> All DistID used for login.oscar.aol.com and
>>>>>>> slogin.oscar.aol.com will be blocked. The date is tbd and AIM
>>>>>>> client upgrade will start Feb 24th 2017.
>>>>>>>
>>>>>>>>
>>>>>>>>> - clientLogin aka OpenAuth using
>>>>>>>>> api.screenname.aol.com/auth/clientLogin. Uses DistID and DevID.
>>>>>>>>> Has
>>>>>>>>> been the default setting for pidgin releases since 2009
>>>>>>>>>
>>>>>>>>
>>>>>>> <Donald> This login path will stay but you need to update the DistID
>>>>>>> and DevID. We will give you a new set.
>>>>>>>
>>>>>>>>
>>>>>>>>> - Kerberos using kdc.uas.aol.com. Uses DistID and DevID.
>>>>>>>>> Introduced in
>>>>>>>>> pidgin 2.11.0, released four months ago.
>>>>>>>>>
>>>>>>>>
>>>>>>> <Donald> Same as above with OpenAuth.
>>>>>>>
>>>>>>>>
>>>>>>>>> If I'm understanding this right, the first method is being
>>>>>>>>> discontinued and the other two will continue working. It's
>>>>>>>>> possible a
>>>>>>>>> lot of users are using that - the account setting is a bit too
>>>>>>>>> visible, so users might just switch to it for the sake of changing
>>>>>>>>> settings. But as far as I can see, pidgin with the default
>>>>>>>>> configuration won't stop working.
>>>>>>>>>
>>>>>>>>
>>>>>>> <Donald> If Pidgin uses DistID = 1502 or 0, the login will be
>>>>>>> blocked.
>>>>>>>
>>>>>>>>
>>>>>>>>> What I don't understand is why we're changing the DistID and DevID.
>>>>>>>>> I'm 90% sure that clientlogin sends both in the same way as the
>>>>>>>>> official client. Did the previous ones get invalidated?
>>>>>>>>>
>>>>>>>>
>>>>>>> <Donald> Yes.
>>>>>>>
>>>>>>>>
>>>>>>>>> We're currently using these:
>>>>>>>>>
>>>>>>>>> Pidgin
>>>>>>>>> DistID: 1550
>>>>>>>>> DevID: ma1cSASNCKFtrdv9
>>>>>>>>>
>>>>>>>>
>>>>>>> <Donald> I reached out to Pidgin, see below.
>>>>>>>
>>>>>>> From: Donald Le <donald.le at teamaol.com>
>>>>>>> Date: Thu, Sep 22, 2016 at 6:20 PM
>>>>>>> Subject: Re: AIM login
>>>>>>> To: Richard Vickery <rmv1 at sfu.ca>, pidgin at alexoren.com, Pidgin
>>>>>>> Support List <support at pidgin.im>
>>>>>>>
>>>>>>> new DevID = do1UCeb5gNqxB1S1
>>>>>>> new distID = 1715
>>>>>>>
>>>>>>>
>>>>>>>>> Finch:
>>>>>>>>> DistID: 1552
>>>>>>>>> DevID: ma19sqWV9ymU6UYc
>>>>>>>>>
>>>>>>>>
>>>>>>> <Donald> No usage since August 2014 so no need new DistID and DevID.
>>>>>>>
>>>>>>>>
>>>>>>>>> Libpurple:
>>>>>>>>> DistID: 1553
>>>>>>>>> DevID: ma15d7JTxbmVG-RP
>>>>>>>>>
>>>>>>>>
>>>>>>> <Donald> new DistID = 1717, new DevID = ma19CwYN9i9Mw5nY
>>>>>>>
>>>>>>> I found another Libpurple
>>>>>>> DistID: 1502 with no DevID >> new DistID = 1718, new DevID =
>>>>>>> ma18nmEklXMR7Cj_
>>>>>>>
>>>>>>>>
>>>>>>>>> The source code says they are owned by the AIM account
>>>>>>>>> "markdoliner".
>>>>>>>>>
>>>>>>>>> Are these still valid? If they are, I think you can go ahead and
>>>>>>>>> pull
>>>>>>>>> the plug of the old auth method.
>>>>>>>>>
>>>>>>>>> Thanks
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 14 October 2016 at 01:11, Gary Kramlich <grim at reaperworld.com>
>>>>>>>>> wrote:
>>>>>>>>> > Hi Donald,
>>>>>>>>> >
>>>>>>>>> > This is Gary Kramlich the current maintainer of Pidgin.  Please
>>>>>>>>> excuse
>>>>>>>>> > my tardiness in this matter as I haven't had much time to
>>>>>>>>> dedicate to
>>>>>>>>> > Pidgin in the past few weeks.
>>>>>>>>> >
>>>>>>>>> > That said.  We are staging a new version which will have this
>>>>>>>>> updates,
>>>>>>>>> > but we will most likely miss the 20161016 date.  If we could get
>>>>>>>>> that
>>>>>>>>> > extended it would be great.
>>>>>>>>> >
>>>>>>>>> > Also our code base has contains two clients that connect to AIM
>>>>>>>>> and as
>>>>>>>>> > I've learned recently they do not share keys.  The other clients
>>>>>>>>> name
>>>>>>>>> > is Finch and if we could get a set of keys for it that would be
>>>>>>>>> > awesome.  Otherwise we'll just reuse the Pidgin ones for the time
>>>>>>>>> > being.
>>>>>>>>> >
>>>>>>>>> > Also is there a web portal or something where we can manage this
>>>>>>>>> keys?
>>>>>>>>> >  If so, please respond to me directly as I assume we'll want to
>>>>>>>>> > control access to it.
>>>>>>>>> >
>>>>>>>>> > Thanks,
>>>>>>>>> >
>>>>>>>>> > --
>>>>>>>>> > Gary Kramlich <grim at reaperworld.com>
>>>>>>>>> >
>>>>>>>>> > _______________________________________________
>>>>>>>>> > Support at pidgin.im mailing list
>>>>>>>>> > Want to unsubscribe?  Use this link:
>>>>>>>>> > https://pidgin.im/cgi-bin/mailman/listinfo/support
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>> _______________________________________________
>>> Devel mailing list
>>> Devel at pidgin.im
>>> https://pidgin.im/cgi-bin/mailman/listinfo/devel
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/pipermail/devel/attachments/20170411/daa24469/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 5882 bytes
Desc: not available
URL: <https://pidgin.im/pipermail/devel/attachments/20170411/daa24469/attachment-0001.png>

More information about the Devel mailing list