AIM login

Donald Le donald.le at teamaol.com
Thu Apr 6 09:05:47 EDT 2017


Eio et al,

I was able to verify with Pidgin 2.12.0, startOSCARSession has the correct
info *distId=1715&f=xml&k=do1UCeb5gNqxB1S1 *but they were not passed
through our rules.

Could you add to imApp=Pidgin/2.12.0 the devID? It should read:
Pidgin/2.12.0 key=do1UCeb5gNqxB1S1.

Our trace log should read:
*Got FLAP CLIENT IDENTITY Pidgin/2.12.0 key=do1UCeb5gNqxB1S1*
Note:...2.12.0(space)key...


Thanks,


*Donald Le*
*Product Management and Support AIM Platform*
*O*: 703-265-5645 | *M*: 703-678-1073
*AIM*: donald.le at teamaol.com
*AOL Inc**. 22070 Broderick Drive Dulles, VA 20166*

On Mon, Apr 3, 2017 at 10:49 PM, Eion Robb <eion at robbmob.com> wrote:

> Hi Donald,
>
> We've heard through a few of our support channels that you're still seeing
> people not using the correct details when they're logging into AIM from
> Pidgin.
>
> Dequis emailed you last month with the urls that we're fetching that are
> indeed showing distId=1715 and devId=do1UCeb5gNqxB1S1 - he also asked if
> you could send through the details of your Pidgin version that you were
> testing with.
>
> Are you able to confirm which auth URLs we should be using so we can try
> track down why you're not seeing the updated distId/devId?
>
> Cheers,
> Eion
>
> On 14 March 2017 at 05:01, dequis <dx at dxzone.com.ar> wrote:
>
>> Hi, can confirm that finch is fixed now, thank you!
>>
>> That issue with pidgin 2.12.0 is really odd! I just tested both windows
>> installers (online and offline) and they seem fine. We did have one user
>> reporting a similar issue, but we couldn't reproduce it or explain it.
>>
>> Please verify the version with buddy list -> help menu -> about, the
>> first line should say "Pidgin 2.12.0 (libpurple 2.12.0)" followed by
>> "unknown". Also, help menu -> plugin information should say 2.12.0 for the
>> AIM plugin. That kind of mixup is rare but who knows!
>>
>> You can also enable extra debug by opening cmd.exe and doing "set
>> PURPLE_UNSAFE_DEBUG=1" before executing pidgin.
>>
>> Then open help menu -> debug window and connect the account. This is what
>> I get:
>>
>> [...]
>>> (12:27:52) certificate: Successfully verified certificate for
>>> api.screenname.aol.com
>>> (12:27:52) util: Request: 'POST /auth/clientLogin HTTP/1.0
>>> Connection: close
>>> Accept: */*
>>> Content-Type: application/x-www-form-urlencoded; charset=UTF-8
>>> Content-Length: 85
>>>
>>> devId=do1UCeb5gNqxB1S1&f=xml&pwd=[password]&s=dx%40dxzone.com.ar'
>>> (12:27:53) util: Response headers: 'HTTP/1.1 200 OK
>>> [...]
>>> (12:27:53) util: requested to fetch (https://api.oscar.aol.com/aim
>>> /startOSCARSession?a=[access token]&distId=1715&f=xml&k=do1
>>> UCeb5gNqxB1S1&ts=1489418868&useTLS=1&sig_sha256=[signature]), full=1,
>>> user_agent=((null)), http11=0
>>>
>>
>> So as far as I can see everything is fine. I hope that helps narrow it
>> down.
>>
>> By the way, is the message supposed to be shown on every login from a
>> legacy auth method? I don't see it when I intentionally set pidgin to
>> connect to "login.oscar.aol.com" with "don't use encryption" and
>> "MD5-based" - it just succeeds without complaining.
>>
>> By the way, slogin.oscar.aol.com is down but login.oscar.aol.com isn't.
>> I thought slogin.oscar.aol.com was supposed to die at the end of this
>> month. I think that's breaking adium (mac OS X pidgin derivative) and we
>> still haven't managed to contact their devs to fix it. So what is the fate
>> of slogin supposed to be?
>>
>> Thanks.
>>
>> On 13 March 2017 at 09:38, Donald Le <donald.le at teamaol.com> wrote:
>>
>>> Hi again,
>>>
>>> I download Pidgin 2.12.0 and test login.
>>>
>>> The "new" distID and devID were not used, and I received the upgrade
>>> message.
>>> The client is still on the old distID and NO devID.
>>> Could you double-check?
>>>
>>> LSI: PLOT  4224.8888   1502    10.172.189.32   Mon Mar 13 08:02:11 2017  bos_srv-l014b        Mon Mar 13 08:20:19 2017 bos_srv-l014b
>>> LSI: PLOT  4224.8888   1502    10.172.189.32   Mon Mar 13 07:43:23 2017  bos_srv-l014b        Mon Mar 13 07:49:22 2017 bos_srv-l014b
>>>
>>>
>>> Thanks,
>>>
>>>
>>> *Donald Le*
>>> *Product Management and Support AIM Platform*
>>> *O*: 703-265-5645 <(703)%20265-5645> | *M*: 703-678-1073
>>> <(703)%20678-1073>
>>> *AIM*: donald.le at teamaol.com
>>> *AOL Inc**. 22070 Broderick Drive Dulles, VA 20166*
>>>
>>> On Mon, Mar 13, 2017 at 7:33 AM, Donald Le <donald.le at teamaol.com>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>>
>>>> *The third said in the original email "No usage since August 2014 so no
>>>> need new DistID and DevID", which is clearly wrong. There's also that
>>>> "another libpurple" with distid 1502 which doesn't match any client we own,
>>>> and we don't know how you found that one.*
>>>> I can't explain but you did the right thing to use 1718 for Finch.
>>>>
>>>>
>>>> *Did the 1718 distid get invalidated? Can you re-enable it so that we
>>>> don't have to make another release?*
>>>> Please try again now and let me know, I correct a typo in the devID
>>>> just now.
>>>>
>>>> Thanks,
>>>>
>>>>
>>>> *Donald Le*
>>>> *Product Management and Support AIM Platform*
>>>> *O*: 703-265-5645 <%28703%29%20265-5645> | *M*: 703-678-1073
>>>> <%28703%29%20678-1073>
>>>> *AIM*: donald.le at teamaol.com
>>>> *AOL Inc**. 22070 Broderick Drive Dulles, VA 20166*
>>>>
>>>> On Sun, Mar 12, 2017 at 1:25 PM, dequis <dx at dxzone.com.ar> wrote:
>>>>
>>>>> Hey Donald!
>>>>>
>>>>> As you may have heard we already released pidgin 2.12.0 (together with
>>>>> libpurple and finch 2.12.0), updating the distid/devids.
>>>>>
>>>>> Here's what we used:
>>>>>
>>>>> Pidgin:
>>>>> Distid: 1715
>>>>> Devid: do1UCeb5gNqxB1S1
>>>>>
>>>>> Libpurple:
>>>>> Distid: 1717
>>>>> Devid: ma19CwYN9i9Mw5nY
>>>>>
>>>>> Finch:
>>>>> Distid: 1718
>>>>> Devid: ma18nmEklXMR7Cj_
>>>>>
>>>>> The first two are normal.
>>>>>
>>>>> The third said in the original email "No usage since August 2014 so no
>>>>> need new DistID and DevID", which is clearly wrong. There's also that
>>>>> "another libpurple" with distid 1502 which doesn't match any client we own,
>>>>> and we don't know how you found that one.
>>>>>
>>>>> So for the sake of avoiding a roundtrip in our communication and
>>>>> getting the release packaged ASAP, we went ahead and used the remaining
>>>>> 1718 distid for finch.
>>>>>
>>>>> This looks like it was a mistake, since we're now getting "Method not
>>>>> allowed - clientLogin Not Allowed for this devId" errors in finch.
>>>>>
>>>>> Did the 1718 distid get invalidated? Can you re-enable it so that we
>>>>> don't have to make another release?
>>>>>
>>>>> Thanks
>>>>>
>>>>> On 27 January 2017 at 01:54, Donald Le <donald.le at teamaol.com> wrote:
>>>>>
>>>>>> All,
>>>>>>
>>>>>> My comments are inline.
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>>
>>>>>> *Donald Le*
>>>>>> *Tech Director | Product Management and Support AIM Platform*
>>>>>> *O*: 703-265-5645 <%28703%29%20265-5645> | *M*: 703-678-1073
>>>>>> <%28703%29%20678-1073>
>>>>>> *AIM*: donald.le at teamaol.com
>>>>>> *AOL Inc*. 22070 Broderick Drive Dulles, VA 20166
>>>>>>
>>>>>> On Thu, Oct 27, 2016 at 8:45 AM, Donald Le <donald.le at teamaol.com>
>>>>>> wrote:
>>>>>>
>>>>>>> All,
>>>>>>>
>>>>>>> Quick update: we had to delay AIM client upgrade due to other
>>>>>>> integration, the date is tbd.
>>>>>>> I will answer your questions in the coming weeks.
>>>>>>>
>>>>>>>
>>>>>>> Thanks,
>>>>>>>
>>>>>>>
>>>>>>> *Donald Le*
>>>>>>> *Tech Director | Product Management and Support AIM Platform*
>>>>>>> *O*: 703-265-5645 <%28703%29%20265-5645> | *M*: 703-678-1073
>>>>>>> <%28703%29%20678-1073>
>>>>>>> *AIM*: donald.le at teamaol.com
>>>>>>> *AOL Inc*. 22070 Broderick Drive Dulles, VA 20166
>>>>>>>
>>>>>>> On Fri, Oct 14, 2016 at 2:58 AM, dequis <dx at dxzone.com.ar> wrote:
>>>>>>>
>>>>>>>> Hi, I have a couple of questions, since there may have been a
>>>>>>>> misunderstanding here.
>>>>>>>>
>>>>>>>> Pidgin currently supports three auth methods for AIM:
>>>>>>>>
>>>>>>>> - MD5 using slogin.oscar.aol.com. Uses the DistID, does not use
>>>>>>>> the DevID
>>>>>>>>
>>>>>>>
>>>>>> <Donald> All DistID used for login.oscar.aol.com and
>>>>>> slogin.oscar.aol.com will be blocked. The date is tbd and AIM client
>>>>>> upgrade will start Feb 24th 2017.
>>>>>>
>>>>>>>
>>>>>>>> - clientLogin aka OpenAuth using
>>>>>>>> api.screenname.aol.com/auth/clientLogin. Uses DistID and DevID. Has
>>>>>>>> been the default setting for pidgin releases since 2009
>>>>>>>>
>>>>>>>
>>>>>> <Donald> This login path will stay but you need to update the DistID
>>>>>> and DevID. We will give you a new set.
>>>>>>
>>>>>>>
>>>>>>>> - Kerberos using kdc.uas.aol.com. Uses DistID and DevID.
>>>>>>>> Introduced in
>>>>>>>> pidgin 2.11.0, released four months ago.
>>>>>>>>
>>>>>>>
>>>>>> <Donald> Same as above with OpenAuth.
>>>>>>
>>>>>>>
>>>>>>>> If I'm understanding this right, the first method is being
>>>>>>>> discontinued and the other two will continue working. It's possible
>>>>>>>> a
>>>>>>>> lot of users are using that - the account setting is a bit too
>>>>>>>> visible, so users might just switch to it for the sake of changing
>>>>>>>> settings. But as far as I can see, pidgin with the default
>>>>>>>> configuration won't stop working.
>>>>>>>>
>>>>>>>
>>>>>> <Donald> If Pidgin uses DistID = 1502 or 0, the login will be
>>>>>> blocked.
>>>>>>
>>>>>>>
>>>>>>>> What I don't understand is why we're changing the DistID and DevID.
>>>>>>>> I'm 90% sure that clientlogin sends both in the same way as the
>>>>>>>> official client. Did the previous ones get invalidated?
>>>>>>>>
>>>>>>>
>>>>>> <Donald> Yes.
>>>>>>
>>>>>>>
>>>>>>>> We're currently using these:
>>>>>>>>
>>>>>>>> Pidgin
>>>>>>>> DistID: 1550
>>>>>>>> DevID: ma1cSASNCKFtrdv9
>>>>>>>>
>>>>>>>
>>>>>> <Donald> I reached out to Pidgin, see below.
>>>>>>
>>>>>> From: Donald Le <donald.le at teamaol.com>
>>>>>> Date: Thu, Sep 22, 2016 at 6:20 PM
>>>>>> Subject: Re: AIM login
>>>>>> To: Richard Vickery <rmv1 at sfu.ca>, pidgin at alexoren.com, Pidgin
>>>>>> Support List <support at pidgin.im>
>>>>>>
>>>>>> new DevID = do1UCeb5gNqxB1S1
>>>>>> new distID = 1715
>>>>>>
>>>>>>
>>>>>>>> Finch:
>>>>>>>> DistID: 1552
>>>>>>>> DevID: ma19sqWV9ymU6UYc
>>>>>>>>
>>>>>>>
>>>>>> <Donald> No usage since August 2014 so no need new DistID and DevID.
>>>>>>
>>>>>>>
>>>>>>>> Libpurple:
>>>>>>>> DistID: 1553
>>>>>>>> DevID: ma15d7JTxbmVG-RP
>>>>>>>>
>>>>>>>
>>>>>> <Donald> new DistID = 1717, new DevID = ma19CwYN9i9Mw5nY
>>>>>>
>>>>>> I found another Libpurple
>>>>>> DistID: 1502 with no DevID >> new DistID = 1718, new DevID =
>>>>>> ma18nmEklXMR7Cj_
>>>>>>
>>>>>>>
>>>>>>>> The source code says they are owned by the AIM account
>>>>>>>> "markdoliner".
>>>>>>>>
>>>>>>>> Are these still valid? If they are, I think you can go ahead and
>>>>>>>> pull
>>>>>>>> the plug of the old auth method.
>>>>>>>>
>>>>>>>> Thanks
>>>>>>>>
>>>>>>>>
>>>>>>>> On 14 October 2016 at 01:11, Gary Kramlich <grim at reaperworld.com>
>>>>>>>> wrote:
>>>>>>>> > Hi Donald,
>>>>>>>> >
>>>>>>>> > This is Gary Kramlich the current maintainer of Pidgin.  Please
>>>>>>>> excuse
>>>>>>>> > my tardiness in this matter as I haven't had much time to
>>>>>>>> dedicate to
>>>>>>>> > Pidgin in the past few weeks.
>>>>>>>> >
>>>>>>>> > That said.  We are staging a new version which will have this
>>>>>>>> updates,
>>>>>>>> > but we will most likely miss the 20161016 date.  If we could get
>>>>>>>> that
>>>>>>>> > extended it would be great.
>>>>>>>> >
>>>>>>>> > Also our code base has contains two clients that connect to AIM
>>>>>>>> and as
>>>>>>>> > I've learned recently they do not share keys.  The other clients
>>>>>>>> name
>>>>>>>> > is Finch and if we could get a set of keys for it that would be
>>>>>>>> > awesome.  Otherwise we'll just reuse the Pidgin ones for the time
>>>>>>>> > being.
>>>>>>>> >
>>>>>>>> > Also is there a web portal or something where we can manage this
>>>>>>>> keys?
>>>>>>>> >  If so, please respond to me directly as I assume we'll want to
>>>>>>>> > control access to it.
>>>>>>>> >
>>>>>>>> > Thanks,
>>>>>>>> >
>>>>>>>> > --
>>>>>>>> > Gary Kramlich <grim at reaperworld.com>
>>>>>>>> >
>>>>>>>> > _______________________________________________
>>>>>>>> > Support at pidgin.im mailing list
>>>>>>>> > Want to unsubscribe?  Use this link:
>>>>>>>> > https://pidgin.im/cgi-bin/mailman/listinfo/support
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>> _______________________________________________
>> Devel mailing list
>> Devel at pidgin.im
>> https://pidgin.im/cgi-bin/mailman/listinfo/devel
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/pipermail/support/attachments/20170406/6afda6a8/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 5882 bytes
Desc: not available
URL: <https://pidgin.im/pipermail/support/attachments/20170406/6afda6a8/attachment-0001.png>


More information about the Support mailing list