Snapcraft experimental login – new, secure Web-based authentication method

by Igor Ljubuncic on 20 October 2021

Some Snapcraft operations mandate that users identify themselves. For example, if you want to push your snap to the Snap Store, you need to login on the command line. The process relies on the internal login mechanism built into Snapcraft.

A preview functionality for a new Web-based authentication flow is available as an experimental feature in Snapcraft since release 4.6. This allows you to complete the login process in a simple, secure manner using the browser, and extends the macaroon-based authentication currently in use.

Get started

To try the experimental login feature, make sure you have the relevant release of Snapcraft installed. The easiest way is to refresh Snapcraft from the edge channel. Then, on the command line, your login procedure will look like this:

snapcraft login --experimental-login
Opening an authorization web page in your browser.

If it does not open, please open this URL:
https://api.jujucharms.com/identity/login?did=c0cf2e16bc2244001945a6b3fe6d56c4e35a8401a3678ecff9fce89ef6cd2583

Snapcraft should forward the query to your default browser and open the login page, where you can then identify. This could be Ubuntu SSO, optional MFA, and any other methods that you would use. Once you complete the authentication, you will see another line printed on the command line.

Login successful.

If you do not wish to use the experimental login feature anymore, you first need to logout and have the credentials cleared, and then, you can go back to the standard login process.

snapcraft logout
Credentials cleared.

In scenarios where the Web-based access may be restricted, developers can export the credentials with the export-login [file] command, and then use them on other systems by passing on the –with creds-file option to snapcraft login.

Summary

The experimental login allows Snapcraft users to authenticate through a Web-based flow. This provides extensibility and security that goes beyond the classic command-line login. However, in some scenarios, the Web-based method may not be ideal or available, which is why Snapcraft also allows the export of credentials, offering additional flexibility to the users. If you’d like to test the feature and provide feedback, please take Snapcraft for a spin, join our forum, and let us know your findings.

Photo by CDC on Unsplash.

Newsletter Signup

Related posts

Snapcraft offline mode – Build snaps while saving data

As part of the snap creation cycle, the Snapcraft tool creates isolated build instances inside which all of the necessary work – download of sources, compilation, packaging, etc. – is done in a safe manner, without touching the host system. While there are many advantages to the use of the virtual machines (via Multipass) or […]

The long ARM of KDE

With over 100 applications available in the Snap Store, KDE is by far the biggest publisher of snaps around. What unifies this impressive portfolio is the fact that all of these snaps are made for the x86 platform. Not anymore. Now, don’t panic! The x86 snaps are not going anywhere. But ARM-supported KDE snaps are […]

Star Developers are here!

We are happy to announce that the newest community feature of the Snap Store is here: Star Developers! Background  In the Snap Store, we have a fantastic community where members can discuss topics in the forum, develop snaps and help others. Currently, the Snap Store has verified accounts; verified companies have a green tick by […]