weechat-matrix icon indicating copy to clipboard operation
weechat-matrix copied to clipboard
verified publisher icon poljar

Persistent session

Open Mic92 opened this issue 4 years ago • 5 comments

I saw that I with had to perform single-sign-on on every restart of weechat. Since the device id is already persisted I guess the same could be done for the access token?

https://github.com/poljar/weechat-matrix/blob/79805d02c4fae473dac41e377b9c97c74e4cff92/matrix/server.py#L1345

This would also allow to store an access token instead of a password, which would make revocation easier.

Mic92 avatar Jul 11 '21 05:07 Mic92

The problem with this is that we don't really have a secure place where to store the access token, /secure isn't programmatically available to us.

Users of course can store stuff in /secure manually and that's where passwords end up being.

poljar avatar Jul 30 '21 17:07 poljar

But are passwords are not stored in plain text as well? Just storing an access token seems safer as it can be revoked.

Mic92 avatar Jul 30 '21 17:07 Mic92

They are not stored in plaintext, well not quite correct, you have the choice to store them in plaintext or you can store them encrypted using /secure. Take a look at the docs over here: https://weechat.org/files/doc/stable/weechat_user.en.html#secured_data

poljar avatar Jul 30 '21 18:07 poljar

Things that we should consider for the Rust rewrite, if we're using SSO:

  • Try to use the OS keystore and store the access token there
  • If there isn't a keystore, store it in plaintext somewhere

poljar avatar Jul 30 '21 18:07 poljar

What if the access token is provided by the user. There could be a script written that does the SSO once and prints the access token. This also has the advantage that it can be executed on a machine different from where weechat is running.

Mic92 avatar Jul 31 '21 11:07 Mic92