AIM login

Eion Robb eion at robbmob.com
Mon Apr 3 22:49:40 EDT 2017 

Hi Donald,

We've heard through a few of our support channels that you're still seeing
people not using the correct details when they're logging into AIM from
Pidgin.

Dequis emailed you last month with the urls that we're fetching that are
indeed showing distId=1715 and devId=do1UCeb5gNqxB1S1 - he also asked if
you could send through the details of your Pidgin version that you were
testing with.

Are you able to confirm which auth URLs we should be using so we can try
track down why you're not seeing the updated distId/devId?

Cheers,
Eion

On 14 March 2017 at 05:01, dequis <dx at dxzone.com.ar> wrote:

> Hi, can confirm that finch is fixed now, thank you!
>
> That issue with pidgin 2.12.0 is really odd! I just tested both windows
> installers (online and offline) and they seem fine. We did have one user
> reporting a similar issue, but we couldn't reproduce it or explain it.
>
> Please verify the version with buddy list -> help menu -> about, the first
> line should say "Pidgin 2.12.0 (libpurple 2.12.0)" followed by "unknown".
> Also, help menu -> plugin information should say 2.12.0 for the AIM plugin.
> That kind of mixup is rare but who knows!
>
> You can also enable extra debug by opening cmd.exe and doing "set
> PURPLE_UNSAFE_DEBUG=1" before executing pidgin.
>
> Then open help menu -> debug window and connect the account. This is what
> I get:
>
> [...]
>> (12:27:52) certificate: Successfully verified certificate for
>> api.screenname.aol.com
>> (12:27:52) util: Request: 'POST /auth/clientLogin HTTP/1.0
>> Connection: close
>> Accept: */*
>> Content-Type: application/x-www-form-urlencoded; charset=UTF-8
>> Content-Length: 85
>>
>> devId=do1UCeb5gNqxB1S1&f=xml&pwd=[password]&s=dx%40dxzone.com.ar'
>> (12:27:53) util: Response headers: 'HTTP/1.1 200 OK
>> [...]
>> (12:27:53) util: requested to fetch (https://api.oscar.aol.com/
>> aim/startOSCARSession?a=[access token]&distId=1715&f=xml&k=
>> do1UCeb5gNqxB1S1&ts=1489418868&useTLS=1&sig_sha256=[signature]), full=1,
>> user_agent=((null)), http11=0
>>
>
> So as far as I can see everything is fine. I hope that helps narrow it
> down.
>
> By the way, is the message supposed to be shown on every login from a
> legacy auth method? I don't see it when I intentionally set pidgin to
> connect to "login.oscar.aol.com" with "don't use encryption" and
> "MD5-based" - it just succeeds without complaining.
>
> By the way, slogin.oscar.aol.com is down but login.oscar.aol.com isn't. I
> thought slogin.oscar.aol.com was supposed to die at the end of this
> month. I think that's breaking adium (mac OS X pidgin derivative) and we
> still haven't managed to contact their devs to fix it. So what is the fate
> of slogin supposed to be?
>
> Thanks.
>
> On 13 March 2017 at 09:38, Donald Le <donald.le at teamaol.com> wrote:
>
>> Hi again,
>>
>> I download Pidgin 2.12.0 and test login.
>>
>> The "new" distID and devID were not used, and I received the upgrade
>> message.
>> The client is still on the old distID and NO devID.
>> Could you double-check?
>>
>> LSI: PLOT  4224.8888   1502    10.172.189.32   Mon Mar 13 08:02:11 2017  bos_srv-l014b        Mon Mar 13 08:20:19 2017 bos_srv-l014b
>> LSI: PLOT  4224.8888   1502    10.172.189.32   Mon Mar 13 07:43:23 2017  bos_srv-l014b        Mon Mar 13 07:49:22 2017 bos_srv-l014b
>>
>>
>> Thanks,
>>
>>
>> *Donald Le*
>> *Product Management and Support AIM Platform*
>> *O*: 703-265-5645 | *M*: 703-678-1073
>> *AIM*: donald.le at teamaol.com
>> *AOL Inc**. 22070 Broderick Drive Dulles, VA 20166*
>>
>> On Mon, Mar 13, 2017 at 7:33 AM, Donald Le <donald.le at teamaol.com> wrote:
>>
>>> Hi,
>>>
>>>
>>> *The third said in the original email "No usage since August 2014 so no
>>> need new DistID and DevID", which is clearly wrong. There's also that
>>> "another libpurple" with distid 1502 which doesn't match any client we own,
>>> and we don't know how you found that one.*
>>> I can't explain but you did the right thing to use 1718 for Finch.
>>>
>>>
>>> *Did the 1718 distid get invalidated? Can you re-enable it so that we
>>> don't have to make another release?*
>>> Please try again now and let me know, I correct a typo in the devID just
>>> now.
>>>
>>> Thanks,
>>>
>>>
>>> *Donald Le*
>>> *Product Management and Support AIM Platform*
>>> *O*: 703-265-5645 <%28703%29%20265-5645> | *M*: 703-678-1073
>>> <%28703%29%20678-1073>
>>> *AIM*: donald.le at teamaol.com
>>> *AOL Inc**. 22070 Broderick Drive Dulles, VA 20166*
>>>
>>> On Sun, Mar 12, 2017 at 1:25 PM, dequis <dx at dxzone.com.ar> wrote:
>>>
>>>> Hey Donald!
>>>>
>>>> As you may have heard we already released pidgin 2.12.0 (together with
>>>> libpurple and finch 2.12.0), updating the distid/devids.
>>>>
>>>> Here's what we used:
>>>>
>>>> Pidgin:
>>>> Distid: 1715
>>>> Devid: do1UCeb5gNqxB1S1
>>>>
>>>> Libpurple:
>>>> Distid: 1717
>>>> Devid: ma19CwYN9i9Mw5nY
>>>>
>>>> Finch:
>>>> Distid: 1718
>>>> Devid: ma18nmEklXMR7Cj_
>>>>
>>>> The first two are normal.
>>>>
>>>> The third said in the original email "No usage since August 2014 so no
>>>> need new DistID and DevID", which is clearly wrong. There's also that
>>>> "another libpurple" with distid 1502 which doesn't match any client we own,
>>>> and we don't know how you found that one.
>>>>
>>>> So for the sake of avoiding a roundtrip in our communication and
>>>> getting the release packaged ASAP, we went ahead and used the remaining
>>>> 1718 distid for finch.
>>>>
>>>> This looks like it was a mistake, since we're now getting "Method not
>>>> allowed - clientLogin Not Allowed for this devId" errors in finch.
>>>>
>>>> Did the 1718 distid get invalidated? Can you re-enable it so that we
>>>> don't have to make another release?
>>>>
>>>> Thanks
>>>>
>>>> On 27 January 2017 at 01:54, Donald Le <donald.le at teamaol.com> wrote:
>>>>
>>>>> All,
>>>>>
>>>>> My comments are inline.
>>>>>
>>>>> Thanks,
>>>>>
>>>>>
>>>>> *Donald Le*
>>>>> *Tech Director | Product Management and Support AIM Platform*
>>>>> *O*: 703-265-5645 <%28703%29%20265-5645> | *M*: 703-678-1073
>>>>> <%28703%29%20678-1073>
>>>>> *AIM*: donald.le at teamaol.com
>>>>> *AOL Inc*. 22070 Broderick Drive Dulles, VA 20166
>>>>>
>>>>> On Thu, Oct 27, 2016 at 8:45 AM, Donald Le <donald.le at teamaol.com>
>>>>> wrote:
>>>>>
>>>>>> All,
>>>>>>
>>>>>> Quick update: we had to delay AIM client upgrade due to other
>>>>>> integration, the date is tbd.
>>>>>> I will answer your questions in the coming weeks.
>>>>>>
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>>
>>>>>> *Donald Le*
>>>>>> *Tech Director | Product Management and Support AIM Platform*
>>>>>> *O*: 703-265-5645 <%28703%29%20265-5645> | *M*: 703-678-1073
>>>>>> <%28703%29%20678-1073>
>>>>>> *AIM*: donald.le at teamaol.com
>>>>>> *AOL Inc*. 22070 Broderick Drive Dulles, VA 20166
>>>>>>
>>>>>> On Fri, Oct 14, 2016 at 2:58 AM, dequis <dx at dxzone.com.ar> wrote:
>>>>>>
>>>>>>> Hi, I have a couple of questions, since there may have been a
>>>>>>> misunderstanding here.
>>>>>>>
>>>>>>> Pidgin currently supports three auth methods for AIM:
>>>>>>>
>>>>>>> - MD5 using slogin.oscar.aol.com. Uses the DistID, does not use the
>>>>>>> DevID
>>>>>>>
>>>>>>
>>>>> <Donald> All DistID used for login.oscar.aol.com and
>>>>> slogin.oscar.aol.com will be blocked. The date is tbd and AIM client
>>>>> upgrade will start Feb 24th 2017.
>>>>>
>>>>>>
>>>>>>> - clientLogin aka OpenAuth using
>>>>>>> api.screenname.aol.com/auth/clientLogin. Uses DistID and DevID. Has
>>>>>>> been the default setting for pidgin releases since 2009
>>>>>>>
>>>>>>
>>>>> <Donald> This login path will stay but you need to update the DistID
>>>>> and DevID. We will give you a new set.
>>>>>
>>>>>>
>>>>>>> - Kerberos using kdc.uas.aol.com. Uses DistID and DevID. Introduced
>>>>>>> in
>>>>>>> pidgin 2.11.0, released four months ago.
>>>>>>>
>>>>>>
>>>>> <Donald> Same as above with OpenAuth.
>>>>>
>>>>>>
>>>>>>> If I'm understanding this right, the first method is being
>>>>>>> discontinued and the other two will continue working. It's possible a
>>>>>>> lot of users are using that - the account setting is a bit too
>>>>>>> visible, so users might just switch to it for the sake of changing
>>>>>>> settings. But as far as I can see, pidgin with the default
>>>>>>> configuration won't stop working.
>>>>>>>
>>>>>>
>>>>> <Donald> If Pidgin uses DistID = 1502 or 0, the login will be blocked.
>>>>>
>>>>>>
>>>>>>> What I don't understand is why we're changing the DistID and DevID.
>>>>>>> I'm 90% sure that clientlogin sends both in the same way as the
>>>>>>> official client. Did the previous ones get invalidated?
>>>>>>>
>>>>>>
>>>>> <Donald> Yes.
>>>>>
>>>>>>
>>>>>>> We're currently using these:
>>>>>>>
>>>>>>> Pidgin
>>>>>>> DistID: 1550
>>>>>>> DevID: ma1cSASNCKFtrdv9
>>>>>>>
>>>>>>
>>>>> <Donald> I reached out to Pidgin, see below.
>>>>>
>>>>> From: Donald Le <donald.le at teamaol.com>
>>>>> Date: Thu, Sep 22, 2016 at 6:20 PM
>>>>> Subject: Re: AIM login
>>>>> To: Richard Vickery <rmv1 at sfu.ca>, pidgin at alexoren.com, Pidgin
>>>>> Support List <support at pidgin.im>
>>>>>
>>>>> new DevID = do1UCeb5gNqxB1S1
>>>>> new distID = 1715
>>>>>
>>>>>
>>>>>>> Finch:
>>>>>>> DistID: 1552
>>>>>>> DevID: ma19sqWV9ymU6UYc
>>>>>>>
>>>>>>
>>>>> <Donald> No usage since August 2014 so no need new DistID and DevID.
>>>>>
>>>>>>
>>>>>>> Libpurple:
>>>>>>> DistID: 1553
>>>>>>> DevID: ma15d7JTxbmVG-RP
>>>>>>>
>>>>>>
>>>>> <Donald> new DistID = 1717, new DevID = ma19CwYN9i9Mw5nY
>>>>>
>>>>> I found another Libpurple
>>>>> DistID: 1502 with no DevID >> new DistID = 1718, new DevID =
>>>>> ma18nmEklXMR7Cj_
>>>>>
>>>>>>
>>>>>>> The source code says they are owned by the AIM account "markdoliner".
>>>>>>>
>>>>>>> Are these still valid? If they are, I think you can go ahead and pull
>>>>>>> the plug of the old auth method.
>>>>>>>
>>>>>>> Thanks
>>>>>>>
>>>>>>>
>>>>>>> On 14 October 2016 at 01:11, Gary Kramlich <grim at reaperworld.com>
>>>>>>> wrote:
>>>>>>> > Hi Donald,
>>>>>>> >
>>>>>>> > This is Gary Kramlich the current maintainer of Pidgin.  Please
>>>>>>> excuse
>>>>>>> > my tardiness in this matter as I haven't had much time to dedicate
>>>>>>> to
>>>>>>> > Pidgin in the past few weeks.
>>>>>>> >
>>>>>>> > That said.  We are staging a new version which will have this
>>>>>>> updates,
>>>>>>> > but we will most likely miss the 20161016 date.  If we could get
>>>>>>> that
>>>>>>> > extended it would be great.
>>>>>>> >
>>>>>>> > Also our code base has contains two clients that connect to AIM
>>>>>>> and as
>>>>>>> > I've learned recently they do not share keys.  The other clients
>>>>>>> name
>>>>>>> > is Finch and if we could get a set of keys for it that would be
>>>>>>> > awesome.  Otherwise we'll just reuse the Pidgin ones for the time
>>>>>>> > being.
>>>>>>> >
>>>>>>> > Also is there a web portal or something where we can manage this
>>>>>>> keys?
>>>>>>> >  If so, please respond to me directly as I assume we'll want to
>>>>>>> > control access to it.
>>>>>>> >
>>>>>>> > Thanks,
>>>>>>> >
>>>>>>> > --
>>>>>>> > Gary Kramlich <grim at reaperworld.com>
>>>>>>> >
>>>>>>> > _______________________________________________
>>>>>>> > Support at pidgin.im mailing list
>>>>>>> > Want to unsubscribe?  Use this link:
>>>>>>> > https://pidgin.im/cgi-bin/mailman/listinfo/support
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
> _______________________________________________
> Devel mailing list
> Devel at pidgin.im
> https://pidgin.im/cgi-bin/mailman/listinfo/devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/pipermail/support/attachments/20170404/662cb38f/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 5882 bytes
Desc: not available
URL: <https://pidgin.im/pipermail/support/attachments/20170404/662cb38f/attachment-0001.png>

More information about the Support mailing list