Snapcraft experimental login – new, secure Web-based authentication method

by Igor Ljubuncic on 20 October 2021

Some Snapcraft operations mandate that users identify themselves. For example, if you want to push your snap to the Snap Store, you need to login on the command line. The process relies on the internal login mechanism built into Snapcraft.

A preview functionality for a new Web-based authentication flow is available as an experimental feature in Snapcraft since release 4.6. This allows you to complete the login process in a simple, secure manner using the browser, and extends the macaroon-based authentication currently in use.

Get started

To try the experimental login feature, make sure you have the relevant release of Snapcraft installed. The easiest way is to refresh Snapcraft from the edge channel. Then, on the command line, your login procedure will look like this:

snapcraft login --experimental-login
Opening an authorization web page in your browser.

If it does not open, please open this URL:
https://api.jujucharms.com/identity/login?did=c0cf2e16bc2244001945a6b3fe6d56c4e35a8401a3678ecff9fce89ef6cd2583

Snapcraft should forward the query to your default browser and open the login page, where you can then identify. This could be Ubuntu SSO, optional MFA, and any other methods that you would use. Once you complete the authentication, you will see another line printed on the command line.

Login successful.

If you do not wish to use the experimental login feature anymore, you first need to logout and have the credentials cleared, and then, you can go back to the standard login process.

snapcraft logout
Credentials cleared.

In scenarios where the Web-based access may be restricted, developers can export the credentials with the export-login [file] command, and then use them on other systems by passing on the –with creds-file option to snapcraft login.

Summary

The experimental login allows Snapcraft users to authenticate through a Web-based flow. This provides extensibility and security that goes beyond the classic command-line login. However, in some scenarios, the Web-based method may not be ideal or available, which is why Snapcraft also allows the export of credentials, offering additional flexibility to the users. If you’d like to test the feature and provide feedback, please take Snapcraft for a spin, join our forum, and let us know your findings.

Photo by CDC on Unsplash.

Newsletter Signup

Related posts

Snap usage metrics now available on the command line

For years now, developers and publishers could view how well their snaps are performing in terms of usage and popularity through the Snap Store Web interface, using the metrics tab. This functionality allows people to examine the cause and effect of their work, like software updates, marketing campaigns, or other events. But it requires m […]

Snapcraft offline mode – Build snaps while saving data

As part of the snap creation cycle, the Snapcraft tool creates isolated build instances inside which all of the necessary work – download of sources, compilation, packaging, etc. – is done in a safe manner, without touching the host system. While there are many advantages to the use of the virtual machines (via Multipass) or […]

Better snap metadata handling coming your way soon

Open the Snap Store, click on any application you like – you will now see a page full of useful tidbits – screenshots and videos, application description, last update, license, contact data, and other information. The data shown here is often the first impression the user gets about the software, and can be a deciding […]