Desktop: Confusing user agent during desktop app authentication flow

Created on 24 May 2020  路  9Comments  路  Source: nextcloud/desktop

When you log in to your server, you are at some point faced with this page:
auth user agent

That鈥檚 downright scary. ;) Instead the regular client should simply say "Nextcloud desktop client" and the nightly one "Nextcloud desktop client nightly".

cc @rullzer @er-vin @misch7 as I鈥檓 not sure if this is so easy, or requires server adjustments as well.

enhancement
Source
picture jancborchardt
👍2

Most helpful comment

I think this should be addressed on the server side since it's basically the user-agent string sent by the client. If we modify it on the client side, we're going to lose this info for the server (and the update server etc.).

But yeah, it might look scary for the average user indeed ;)

picture misch7 on 24 May 2020
👍2

All 9 comments

I think this should be addressed on the server side since it's basically the user-agent string sent by the client. If we modify it on the client side, we're going to lose this info for the server (and the update server etc.).

But yeah, it might look scary for the average user indeed ;)

misch7 picture misch7 on 24 May 2020
👍2

@misch7 right, thanks! Then I鈥檒l transfer it to the server repository. :)

jancborchardt picture jancborchardt on 24 May 2020

When logging in with the Android app, it already looks nice like Phone model (Android), so possibly we can use the same mechanism there. cc @rullzer @tobiasKaminsky

jancborchardt picture jancborchardt on 24 May 2020

The "trick" is to use a custom user agent only for login flow, in desktop case it could be something like "PC-Name ($platform)", which should be specific enough to find it in the list, if needed.

tobiasKaminsky picture tobiasKaminsky on 25 May 2020
👍1

Thanks for the trick, feels almost like a one liner :-)

er-vin picture er-vin on 25 May 2020

The "trick" is to use a custom user agent only for login flow, in desktop case it could be something like "PC-Name ($platform)", which should be specific enough to find it in the list, if needed.

Hmm, feels like kind of a "cheat" in regard what the server admins may like to see in their auth logs.
But I guess it might be okay since they still can see the related logging around the auth requests.

misch7 picture misch7 on 27 May 2020

in regard what the server admins may like to see in their auth logs

This is mostly about what end users see, and that should be clean and understandable. :) If we need additional stuff for server logs that could be separate and not visible in the interface?

jancborchardt picture jancborchardt on 27 May 2020

in regard what the server admins may like to see in their auth logs

This is mostly about what end users see, and that should be clean and understandable. :)

I know ;-)

If we need additional stuff for server logs that could be separate and not visible in the interface?

When we modify the user-agent then this is what the server gets (logs) and is visible for the user.

misch7 picture misch7 on 27 May 2020

Since the Android app already does this for some time: Did we have any server admin reports about this being off? Because if not we can just go for the same approach anyway?

jancborchardt picture jancborchardt on 27 May 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

unix0r picture unix0r  路  43Comments
vberger picture vberger  路  41Comments
klada picture klada  路  80Comments
finius picture finius  路  63Comments
Dennis1993 picture Dennis1993  路  59Comments