Snapcraft experimental login – new, secure Web-based authentication method

by Igor Ljubuncic on 20 October 2021

Some Snapcraft operations mandate that users identify themselves. For example, if you want to push your snap to the Snap Store, you need to login on the command line. The process relies on the internal login mechanism built into Snapcraft.

A preview functionality for a new Web-based authentication flow is available as an experimental feature in Snapcraft since release 4.6. This allows you to complete the login process in a simple, secure manner using the browser, and extends the macaroon-based authentication currently in use.

Get started

To try the experimental login feature, make sure you have the relevant release of Snapcraft installed. The easiest way is to refresh Snapcraft from the edge channel. Then, on the command line, your login procedure will look like this:

snapcraft login --experimental-login
Opening an authorization web page in your browser.

If it does not open, please open this URL:
https://api.jujucharms.com/identity/login?did=c0cf2e16bc2244001945a6b3fe6d56c4e35a8401a3678ecff9fce89ef6cd2583

Snapcraft should forward the query to your default browser and open the login page, where you can then identify. This could be Ubuntu SSO, optional MFA, and any other methods that you would use. Once you complete the authentication, you will see another line printed on the command line.

Login successful.

If you do not wish to use the experimental login feature anymore, you first need to logout and have the credentials cleared, and then, you can go back to the standard login process.

snapcraft logout
Credentials cleared.

In scenarios where the Web-based access may be restricted, developers can export the credentials with the export-login [file] command, and then use them on other systems by passing on the –with creds-file option to snapcraft login.

Summary

The experimental login allows Snapcraft users to authenticate through a Web-based flow. This provides extensibility and security that goes beyond the classic command-line login. However, in some scenarios, the Web-based method may not be ideal or available, which is why Snapcraft also allows the export of credentials, offering additional flexibility to the users. If you’d like to test the feature and provide feedback, please take Snapcraft for a spin, join our forum, and let us know your findings.

Photo by CDC on Unsplash.

Newsletter Signup

Related posts

Release management for snaps made simpler

Release management is the process of planning, scheduling, testing and deploying new versions of software. To make this process simpler for snap developers, we have released a new feature called progressive releases. Continue reading to understand what they are, why they are important and how you can use them in the Snap Store. What are […]

Craft team welcomes you to another episode of its adventures

Welcome to the second article in the Craft team saga. Previously, on Craft Team, we gave you a brief introduction into the team’s function, we announced our desire to share the ins and outs of our day-to-day work with the community, and gave you an overview of roughly two weeks of coding and fun. Today, […]

Snapcrafters: 2022 wrap-up

This article was written by Merlijn Sebrechts and Dani Llewellyn from the Snapcrafters community. ===== Last year, we officially re-launched the “Snapcrafters” initiative. We’re a community of volunteers who build and maintain unofficial snap packages. Although snaps make it easy for developers to publish their software directly to users, […]