AIM login
Mark Zeldis
mark.zeldis at gmail.com
Tue Apr 11 12:17:00 EDT 2017
Thanks Crystal. I don't believe the pidgin team made any additional changes, so I assume you found a way to work around the issue below?
> On Apr 11, 2017, at 11:52 AM, Crystal Birnie <crystal.birnie at teamaol.com> wrote:
>
> Confirmed. The change was made.
>
> Sent from my iPhone
>
>> On Apr 11, 2017, at 11:40 AM, Mark Zeldis <mark.zeldis at gmail.com> wrote:
>>
>>
>> Donald,
>>
>> Can you confirm that you made the change last night? I believe that the MD5 login (and AIM 7.5) are gone.
>>
>> Pidgin appears to be working still. I guess there was no issue after all? Are we good going forward?
>>
>> Thanks everyone.
>>
>> -Mark Zeldis
>>
>>
>>> On Thu, Apr 6, 2017 at 9:05 AM, Donald Le <donald.le at teamaol.com> wrote:
>>> Eio et al,
>>>
>>> I was able to verify with Pidgin 2.12.0, startOSCARSession has the correct info distId=1715&f=xml&k=do1UCeb5gNqxB1S1 but they were not passed through our rules.
>>>
>>> Could you add to imApp=Pidgin/2.12.0 the devID? It should read: Pidgin/2.12.0 key=do1UCeb5gNqxB1S1.
>>>
>>> Our trace log should read: Got FLAP CLIENT IDENTITY Pidgin/2.12.0 key=do1UCeb5gNqxB1S1
>>> Note:...2.12.0(space)key...
>>>
>>>
>>> Thanks,
>>>
>>> Donald Le
>>> Product Management and Support AIM Platform
>>> O: 703-265-5645 | M: 703-678-1073
>>> AIM: donald.le at teamaol.com
>>> AOL Inc. 22070 Broderick Drive Dulles, VA 20166
>>>
>>>> On Mon, Apr 3, 2017 at 10:49 PM, Eion Robb <eion at robbmob.com> wrote:
>>>> Hi Donald,
>>>>
>>>> We've heard through a few of our support channels that you're still seeing people not using the correct details when they're logging into AIM from Pidgin.
>>>>
>>>> Dequis emailed you last month with the urls that we're fetching that are indeed showing distId=1715 and devId=do1UCeb5gNqxB1S1 - he also asked if you could send through the details of your Pidgin version that you were testing with.
>>>>
>>>> Are you able to confirm which auth URLs we should be using so we can try track down why you're not seeing the updated distId/devId?
>>>>
>>>> Cheers,
>>>> Eion
>>>>
>>>>> On 14 March 2017 at 05:01, dequis <dx at dxzone.com.ar> wrote:
>>>>> Hi, can confirm that finch is fixed now, thank you!
>>>>>
>>>>> That issue with pidgin 2.12.0 is really odd! I just tested both windows installers (online and offline) and they seem fine. We did have one user reporting a similar issue, but we couldn't reproduce it or explain it.
>>>>>
>>>>> Please verify the version with buddy list -> help menu -> about, the first line should say "Pidgin 2.12.0 (libpurple 2.12.0)" followed by "unknown". Also, help menu -> plugin information should say 2.12.0 for the AIM plugin. That kind of mixup is rare but who knows!
>>>>>
>>>>> You can also enable extra debug by opening cmd.exe and doing "set PURPLE_UNSAFE_DEBUG=1" before executing pidgin.
>>>>>
>>>>> Then open help menu -> debug window and connect the account. This is what I get:
>>>>>
>>>>>> [...]
>>>>>> (12:27:52) certificate: Successfully verified certificate for api.screenname.aol.com
>>>>>> (12:27:52) util: Request: 'POST /auth/clientLogin HTTP/1.0
>>>>>> Connection: close
>>>>>> Accept: */*
>>>>>> Content-Type: application/x-www-form-urlencoded; charset=UTF-8
>>>>>> Content-Length: 85
>>>>>>
>>>>>> devId=do1UCeb5gNqxB1S1&f=xml&pwd=[password]&s=dx%40dxzone.com.ar'
>>>>>> (12:27:53) util: Response headers: 'HTTP/1.1 200 OK
>>>>>> [...]
>>>>>> (12:27:53) util: requested to fetch (https://api.oscar.aol.com/aim/startOSCARSession?a=[access token]&distId=1715&f=xml&k=do1UCeb5gNqxB1S1&ts=1489418868&useTLS=1&sig_sha256=[signature]), full=1, user_agent=((null)), http11=0
>>>>>
>>>>>
>>>>> So as far as I can see everything is fine. I hope that helps narrow it down.
>>>>>
>>>>> By the way, is the message supposed to be shown on every login from a legacy auth method? I don't see it when I intentionally set pidgin to connect to "login.oscar.aol.com" with "don't use encryption" and "MD5-based" - it just succeeds without complaining.
>>>>>
>>>>> By the way, slogin.oscar.aol.com is down but login.oscar.aol.com isn't. I thought slogin.oscar.aol.com was supposed to die at the end of this month. I think that's breaking adium (mac OS X pidgin derivative) and we still haven't managed to contact their devs to fix it. So what is the fate of slogin supposed to be?
>>>>>
>>>>> Thanks.
>>>>>
>>>>>> On 13 March 2017 at 09:38, Donald Le <donald.le at teamaol.com> wrote:
>>>>>> Hi again,
>>>>>>
>>>>>> I download Pidgin 2.12.0 and test login.
>>>>>>
>>>>>> The "new" distID and devID were not used, and I received the upgrade message.
>>>>>> The client is still on the old distID and NO devID.
>>>>>> Could you double-check?
>>>>>>
>>>>>> LSI: PLOT 4224.8888 1502 10.172.189.32 Mon Mar 13 08:02:11 2017 bos_srv-l014b Mon Mar 13 08:20:19 2017 bos_srv-l014b
>>>>>> LSI: PLOT 4224.8888 1502 10.172.189.32 Mon Mar 13 07:43:23 2017 bos_srv-l014b Mon Mar 13 07:49:22 2017 bos_srv-l014b
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> Donald Le
>>>>>> Product Management and Support AIM Platform
>>>>>> O: 703-265-5645 | M: 703-678-1073
>>>>>> AIM: donald.le at teamaol.com
>>>>>> AOL Inc. 22070 Broderick Drive Dulles, VA 20166
>>>>>>
>>>>>>> On Mon, Mar 13, 2017 at 7:33 AM, Donald Le <donald.le at teamaol.com> wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> The third said in the original email "No usage since August 2014 so no need new DistID and DevID", which is clearly wrong. There's also that "another libpurple" with distid 1502 which doesn't match any client we own, and we don't know how you found that one.
>>>>>>> I can't explain but you did the right thing to use 1718 for Finch.
>>>>>>>
>>>>>>> Did the 1718 distid get invalidated? Can you re-enable it so that we don't have to make another release?
>>>>>>> Please try again now and let me know, I correct a typo in the devID just now.
>>>>>>>
>>>>>>> Thanks,
>>>>>>>
>>>>>>> Donald Le
>>>>>>> Product Management and Support AIM Platform
>>>>>>> O: 703-265-5645 | M: 703-678-1073
>>>>>>> AIM: donald.le at teamaol.com
>>>>>>> AOL Inc. 22070 Broderick Drive Dulles, VA 20166
>>>>>>>
>>>>>>>> On Sun, Mar 12, 2017 at 1:25 PM, dequis <dx at dxzone.com.ar> wrote:
>>>>>>>> Hey Donald!
>>>>>>>>
>>>>>>>> As you may have heard we already released pidgin 2.12.0 (together with libpurple and finch 2.12.0), updating the distid/devids.
>>>>>>>>
>>>>>>>> Here's what we used:
>>>>>>>>
>>>>>>>> Pidgin:
>>>>>>>> Distid: 1715
>>>>>>>> Devid: do1UCeb5gNqxB1S1
>>>>>>>>
>>>>>>>> Libpurple:
>>>>>>>> Distid: 1717
>>>>>>>> Devid: ma19CwYN9i9Mw5nY
>>>>>>>>
>>>>>>>> Finch:
>>>>>>>> Distid: 1718
>>>>>>>> Devid: ma18nmEklXMR7Cj_
>>>>>>>>
>>>>>>>> The first two are normal.
>>>>>>>>
>>>>>>>> The third said in the original email "No usage since August 2014 so no need new DistID and DevID", which is clearly wrong. There's also that "another libpurple" with distid 1502 which doesn't match any client we own, and we don't know how you found that one.
>>>>>>>>
>>>>>>>> So for the sake of avoiding a roundtrip in our communication and getting the release packaged ASAP, we went ahead and used the remaining 1718 distid for finch.
>>>>>>>>
>>>>>>>> This looks like it was a mistake, since we're now getting "Method not allowed - clientLogin Not Allowed for this devId" errors in finch.
>>>>>>>>
>>>>>>>> Did the 1718 distid get invalidated? Can you re-enable it so that we don't have to make another release?
>>>>>>>>
>>>>>>>> Thanks
>>>>>>>>
>>>>>>>>> On 27 January 2017 at 01:54, Donald Le <donald.le at teamaol.com> wrote:
>>>>>>>>> All,
>>>>>>>>>
>>>>>>>>> My comments are inline.
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>>
>>>>>>>>> Donald Le
>>>>>>>>> Tech Director | Product Management and Support AIM Platform
>>>>>>>>> O: 703-265-5645 | M: 703-678-1073
>>>>>>>>> AIM: donald.le at teamaol.com
>>>>>>>>> AOL Inc. 22070 Broderick Drive Dulles, VA 20166
>>>>>>>>> <image001.png>
>>>>>>>>>
>>>>>>>>>> On Thu, Oct 27, 2016 at 8:45 AM, Donald Le <donald.le at teamaol.com> wrote:
>>>>>>>>>> All,
>>>>>>>>>>
>>>>>>>>>> Quick update: we had to delay AIM client upgrade due to other integration, the date is tbd.
>>>>>>>>>> I will answer your questions in the coming weeks.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Thanks,
>>>>>>>>>>
>>>>>>>>>> Donald Le
>>>>>>>>>> Tech Director | Product Management and Support AIM Platform
>>>>>>>>>> O: 703-265-5645 | M: 703-678-1073
>>>>>>>>>> AIM: donald.le at teamaol.com
>>>>>>>>>> AOL Inc. 22070 Broderick Drive Dulles, VA 20166
>>>>>>>>>> <image001.png>
>>>>>>>>>>
>>>>>>>>>>> On Fri, Oct 14, 2016 at 2:58 AM, dequis <dx at dxzone.com.ar> wrote:
>>>>>>>>>>> Hi, I have a couple of questions, since there may have been a
>>>>>>>>>>> misunderstanding here.
>>>>>>>>>>>
>>>>>>>>>>> Pidgin currently supports three auth methods for AIM:
>>>>>>>>>>>
>>>>>>>>>>> - MD5 using slogin.oscar.aol.com. Uses the DistID, does not use the DevID
>>>>>>>>>
>>>>>>>>> <Donald> All DistID used for login.oscar.aol.com and slogin.oscar.aol.com will be blocked. The date is tbd and AIM client upgrade will start Feb 24th 2017.
>>>>>>>>>>>
>>>>>>>>>>> - clientLogin aka OpenAuth using
>>>>>>>>>>> api.screenname.aol.com/auth/clientLogin. Uses DistID and DevID. Has
>>>>>>>>>>> been the default setting for pidgin releases since 2009
>>>>>>>>>
>>>>>>>>> <Donald> This login path will stay but you need to update the DistID and DevID. We will give you a new set.
>>>>>>>>>>>
>>>>>>>>>>> - Kerberos using kdc.uas.aol.com. Uses DistID and DevID. Introduced in
>>>>>>>>>>> pidgin 2.11.0, released four months ago.
>>>>>>>>>
>>>>>>>>> <Donald> Same as above with OpenAuth.
>>>>>>>>>>>
>>>>>>>>>>> If I'm understanding this right, the first method is being
>>>>>>>>>>> discontinued and the other two will continue working. It's possible a
>>>>>>>>>>> lot of users are using that - the account setting is a bit too
>>>>>>>>>>> visible, so users might just switch to it for the sake of changing
>>>>>>>>>>> settings. But as far as I can see, pidgin with the default
>>>>>>>>>>> configuration won't stop working.
>>>>>>>>>
>>>>>>>>> <Donald> If Pidgin uses DistID = 1502 or 0, the login will be blocked.
>>>>>>>>>>>
>>>>>>>>>>> What I don't understand is why we're changing the DistID and DevID.
>>>>>>>>>>> I'm 90% sure that clientlogin sends both in the same way as the
>>>>>>>>>>> official client. Did the previous ones get invalidated?
>>>>>>>>>
>>>>>>>>> <Donald> Yes.
>>>>>>>>>>>
>>>>>>>>>>> We're currently using these:
>>>>>>>>>>>
>>>>>>>>>>> Pidgin
>>>>>>>>>>> DistID: 1550
>>>>>>>>>>> DevID: ma1cSASNCKFtrdv9
>>>>>>>>>
>>>>>>>>> <Donald> I reached out to Pidgin, see below.
>>>>>>>>>
>>>>>>>>> From: Donald Le <donald.le at teamaol.com>
>>>>>>>>> Date: Thu, Sep 22, 2016 at 6:20 PM
>>>>>>>>> Subject: Re: AIM login
>>>>>>>>> To: Richard Vickery <rmv1 at sfu.ca>, pidgin at alexoren.com, Pidgin Support List <support at pidgin.im>
>>>>>>>>>
>>>>>>>>> new DevID = do1UCeb5gNqxB1S1
>>>>>>>>> new distID = 1715
>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Finch:
>>>>>>>>>>> DistID: 1552
>>>>>>>>>>> DevID: ma19sqWV9ymU6UYc
>>>>>>>>>
>>>>>>>>> <Donald> No usage since August 2014 so no need new DistID and DevID.
>>>>>>>>>>>
>>>>>>>>>>> Libpurple:
>>>>>>>>>>> DistID: 1553
>>>>>>>>>>> DevID: ma15d7JTxbmVG-RP
>>>>>>>>>
>>>>>>>>> <Donald> new DistID = 1717, new DevID = ma19CwYN9i9Mw5nY
>>>>>>>>>
>>>>>>>>> I found another Libpurple
>>>>>>>>> DistID: 1502 with no DevID >> new DistID = 1718, new DevID = ma18nmEklXMR7Cj_
>>>>>>>>>>>
>>>>>>>>>>> The source code says they are owned by the AIM account "markdoliner".
>>>>>>>>>>>
>>>>>>>>>>> Are these still valid? If they are, I think you can go ahead and pull
>>>>>>>>>>> the plug of the old auth method.
>>>>>>>>>>>
>>>>>>>>>>> Thanks
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On 14 October 2016 at 01:11, Gary Kramlich <grim at reaperworld.com> wrote:
>>>>>>>>>>> > Hi Donald,
>>>>>>>>>>> >
>>>>>>>>>>> > This is Gary Kramlich the current maintainer of Pidgin. Please excuse
>>>>>>>>>>> > my tardiness in this matter as I haven't had much time to dedicate to
>>>>>>>>>>> > Pidgin in the past few weeks.
>>>>>>>>>>> >
>>>>>>>>>>> > That said. We are staging a new version which will have this updates,
>>>>>>>>>>> > but we will most likely miss the 20161016 date. If we could get that
>>>>>>>>>>> > extended it would be great.
>>>>>>>>>>> >
>>>>>>>>>>> > Also our code base has contains two clients that connect to AIM and as
>>>>>>>>>>> > I've learned recently they do not share keys. The other clients name
>>>>>>>>>>> > is Finch and if we could get a set of keys for it that would be
>>>>>>>>>>> > awesome. Otherwise we'll just reuse the Pidgin ones for the time
>>>>>>>>>>> > being.
>>>>>>>>>>> >
>>>>>>>>>>> > Also is there a web portal or something where we can manage this keys?
>>>>>>>>>>> > If so, please respond to me directly as I assume we'll want to
>>>>>>>>>>> > control access to it.
>>>>>>>>>>> >
>>>>>>>>>>> > Thanks,
>>>>>>>>>>> >
>>>>>>>>>>> > --
>>>>>>>>>>> > Gary Kramlich <grim at reaperworld.com>
>>>>>>>>>>> >
>>>>>>>>>>> > _______________________________________________
>>>>>>>>>>> > Support at pidgin.im mailing list
>>>>>>>>>>> > Want to unsubscribe? Use this link:
>>>>>>>>>>> > https://pidgin.im/cgi-bin/mailman/listinfo/support
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Devel mailing list
>>>>> Devel at pidgin.im
>>>>> https://pidgin.im/cgi-bin/mailman/listinfo/devel
>>>>
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/pipermail/devel/attachments/20170411/d91a3dd0/attachment-0001.html>
More information about the Devel
mailing list