Use without keyring

[lzap]

Hey, I don't use keyring actively, I have gnome-keyring installed however is is empty. Now, when I started my bar for the first time, it asked for a password which I gave it. Honestly I am not even sure if it was correct, however it does not ask anymore. Everytime I try to start my gnome keyring it crashes so I have no idea what's stored there.

Now, I configured my github oauth in my code but I am getting error: open /home/xxx/.config/barista/oauth/github.com_XXXX-XXXX.json: no file or directory all the time and the module does not work. I struggle to understand how this really works:

• How this is related to github? I gave the module both secret and token?
• What should create this file and when?
• Is there some way not using keyring and simply storing those on my filesystem? I am willing to accept the risk.

Thanks for explanation

[soumya92]

How this is related to github? I gave the module both secret and token?

You should not be able to specify the token directly, since it can expire and embedding it in the binary would require frequent re-compiling.
In the binary you can specify the Client ID and Secret, both of which are only specific to the application, but not a user. You can then store a token using my-bar setup-oauth, which will prompt you to login and grant permissions to the app to access your account.

What should create this file and when?

The bar will create this file when run with the setup-oauth argument, and will update this file with a fresh token anytime the currently stored token expires.

Is there some way not using keyring and simply storing those on my filesystem? I am willing to accept the risk.

If you're building from source, then you can just replace

barista/samples/sample-bar/sample-bar.go

Lines 203 to 233 in 90a3419

	func setupOauthEncryption() error {
	const service = "barista-sample-bar"
	var username string
	if u, err := user.Current(); err == nil {
	username = u.Username
	} else {
	username = fmt.Sprintf("user-%d", os.Getuid())
	}
	var secretBytes []byte
	// IMPORTANT: The oauth tokens used by some modules are very sensitive, so
	// we encrypt them with a random key and store that random key using
	// libsecret (gnome-keyring or equivalent). If no secret provider is
	// available, there is no way to store tokens (since the version of
	// sample-bar used for setup-oauth will have a different key from the one
	// running in i3bar). See also https://github.com/zalando/go-keyring#linux.
	secret, err := keyring.Get(service, username)
	if err == nil {
	secretBytes, err = base64.RawURLEncoding.DecodeString(secret)
	}
	if err != nil {
	secretBytes = make([]byte, 64)
	_, err := rand.Read(secretBytes)
	if err != nil {
	return err
	}
	secret = base64.RawURLEncoding.EncodeToString(secretBytes)
	keyring.Set(service, username, secret)
	}
	oauth.SetEncryptionKey(secretBytes)
	return nil
	}

with

func setupOauthEncryption() error {
	oauth.SetEncryptionKey([]byte{/* some random numbers, e.g. */ 151,196,88,136,147,3,152})
	return nil
}

This would skip the keyring entirely, and still keep the tokens somewhat secure, if you permission the go file appropriately. Storing unencrypted tokens is not something I want to support/enable here.

[lzap]

Thanks for explanation, the encryption key built into the binary is fine for me, I actually love that. My HDD is encrypted anyway and it's a PC.

However when I try to configure oauth, github gives me 404:

https://github.com/login/oauth/authorize?access_type=offline&client_id=xxxxxx&response_type=code&scope=notifications&state=no-state

[lzap]

Oh I had to create those on my account. Thanks!