Snapcraft experimental login – new, secure Web-based authentication method

This article is more than 3 years old.


Some Snapcraft operations mandate that users identify themselves. For example, if you want to push your snap to the Snap Store, you need to login on the command line. The process relies on the internal login mechanism built into Snapcraft.

A preview functionality for a new Web-based authentication flow is available as an experimental feature in Snapcraft since release 4.6. This allows you to complete the login process in a simple, secure manner using the browser, and extends the macaroon-based authentication currently in use.

Get started

To try the experimental login feature, make sure you have the relevant release of Snapcraft installed. The easiest way is to refresh Snapcraft from the edge channel. Then, on the command line, your login procedure will look like this:

snapcraft login --experimental-login
Opening an authorization web page in your browser.

If it does not open, please open this URL:
https://api.jujucharms.com/identity/login?did=c0cf2e16bc2244001945a6b3fe6d56c4e35a8401a3678ecff9fce89ef6cd2583

Snapcraft should forward the query to your default browser and open the login page, where you can then identify. This could be Ubuntu SSO, optional MFA, and any other methods that you would use. Once you complete the authentication, you will see another line printed on the command line.

Login successful.

If you do not wish to use the experimental login feature anymore, you first need to logout and have the credentials cleared, and then, you can go back to the standard login process.

snapcraft logout
Credentials cleared.

In scenarios where the Web-based access may be restricted, developers can export the credentials with the export-login [file] command, and then use them on other systems by passing on the –with creds-file option to snapcraft login.

Summary

The experimental login allows Snapcraft users to authenticate through a Web-based flow. This provides extensibility and security that goes beyond the classic command-line login. However, in some scenarios, the Web-based method may not be ideal or available, which is why Snapcraft also allows the export of credentials, offering additional flexibility to the users. If you’d like to test the feature and provide feedback, please take Snapcraft for a spin, join our forum, and let us know your findings.

Photo by CDC on Unsplash.

Talk to us today

Interested in running Ubuntu in your organisation?

Newsletter signup

Get the latest Ubuntu news and updates in your inbox.

By submitting this form, I confirm that I have read and agree to Canonical's Privacy Policy.

Related posts

Managing software in complex network environments: the Snap Store Proxy

As enterprises grapple with the evolving landscape of security threats, the need to safeguard internal networks from the broader internet is increasingly...

Snapcraft.io reloaded: check out the new look and feel

We’re happy to announce that snapcraft.io has a fresh, new look! Time for an update After keeping the same user interface and style for several years, we...

Snapcraft 8.0 and the respectable end of core18

‘E’s not pinin’! ‘E’s passed on! This base is no more! He has ceased to be! ‘E’s expired and gone to meet ‘is maker! ‘E’s a stiff! Bereft of life, ‘e rests in...