Confirmed. The change was made. Sent from my iPhone
On Apr 11, 2017, at 11:40 AM, Mark Zeldis <mark.zel...@gmail.com> wrote: Donald, Can you confirm that you made the change last night? I believe that the MD5 login (and AIM 7.5) are gone. Pidgin appears to be working still. I guess there was no issue after all? Are we good going forward? Thanks everyone. -Mark Zeldis On Thu, Apr 6, 2017 at 9:05 AM, Donald Le <donald...@teamaol.com> wrote: > Eio et al, > > I was able to verify with Pidgin 2.12.0, startOSCARSession has the correct > info *distId=1715&f=xml&k=do1UCeb5gNqxB1S1 *but they were not passed > through our rules. > > Could you add to imApp=Pidgin/2.12.0 the devID? It should read: > Pidgin/2.12.0 key=do1UCeb5gNqxB1S1. > > Our trace log should read: > *Got FLAP CLIENT IDENTITY Pidgin/2.12.0 key=do1UCeb5gNqxB1S1* > Note:...2.12.0(space)key... > > > Thanks, > > > *Donald Le* > *Product Management and Support AIM Platform* > *O*: 703-265-5645 <(703)%20265-5645> | *M*: 703-678-1073 > <(703)%20678-1073> > *AIM*: donald...@teamaol.com > *AOL Inc**. 22070 Broderick Drive Dulles, VA 20166* > > On Mon, Apr 3, 2017 at 10:49 PM, Eion Robb <e...@robbmob.com> wrote: > >> Hi Donald, >> >> We've heard through a few of our support channels that you're still >> seeing people not using the correct details when they're logging into AIM >> from Pidgin. >> >> Dequis emailed you last month with the urls that we're fetching that are >> indeed showing distId=1715 and devId=do1UCeb5gNqxB1S1 - he also asked if >> you could send through the details of your Pidgin version that you were >> testing with. >> >> Are you able to confirm which auth URLs we should be using so we can try >> track down why you're not seeing the updated distId/devId? >> >> Cheers, >> Eion >> >> On 14 March 2017 at 05:01, dequis <d...@dxzone.com.ar> wrote: >> >>> Hi, can confirm that finch is fixed now, thank you! >>> >>> That issue with pidgin 2.12.0 is really odd! I just tested both windows >>> installers (online and offline) and they seem fine. We did have one user >>> reporting a similar issue, but we couldn't reproduce it or explain it. >>> >>> Please verify the version with buddy list -> help menu -> about, the >>> first line should say "Pidgin 2.12.0 (libpurple 2.12.0)" followed by >>> "unknown". Also, help menu -> plugin information should say 2.12.0 for the >>> AIM plugin. That kind of mixup is rare but who knows! >>> >>> You can also enable extra debug by opening cmd.exe and doing "set >>> PURPLE_UNSAFE_DEBUG=1" before executing pidgin. >>> >>> Then open help menu -> debug window and connect the account. This is >>> what I get: >>> >>> [...] >>>> (12:27:52) certificate: Successfully verified certificate for >>>> api.screenname.aol.com >>>> (12:27:52) util: Request: 'POST /auth/clientLogin HTTP/1.0 >>>> Connection: close >>>> Accept: */* >>>> Content-Type: application/x-www-form-urlencoded; charset=UTF-8 >>>> Content-Length: 85 >>>> >>>> devId=do1UCeb5gNqxB1S1&f=xml&pwd=[password]&s=dx%40dxzone.com.ar' >>>> (12:27:53) util: Response headers: 'HTTP/1.1 200 OK >>>> [...] >>>> (12:27:53) util: requested to fetch (https://api.oscar.aol.com/aim >>>> /startOSCARSession?a=[access token]&distId=1715&f=xml&k=do1 >>>> UCeb5gNqxB1S1&ts=1489418868&useTLS=1&sig_sha256=[signature]), full=1, >>>> user_agent=((null)), http11=0 >>>> >>> >>> So as far as I can see everything is fine. I hope that helps narrow it >>> down. >>> >>> By the way, is the message supposed to be shown on every login from a >>> legacy auth method? I don't see it when I intentionally set pidgin to >>> connect to "login.oscar.aol.com" with "don't use encryption" and >>> "MD5-based" - it just succeeds without complaining. >>> >>> By the way, slogin.oscar.aol.com is down but login.oscar.aol.com isn't. >>> I thought slogin.oscar.aol.com was supposed to die at the end of this >>> month. I think that's breaking adium (mac OS X pidgin derivative) and we >>> still haven't managed to contact their devs to fix it. So what is the fate >>> of slogin supposed to be? >>> >>> Thanks. >>> >>> On 13 March 2017 at 09:38, Donald Le <donald...@teamaol.com> wrote: >>> >>>> Hi again, >>>> >>>> I download Pidgin 2.12.0 and test login. >>>> >>>> The "new" distID and devID were not used, and I received the upgrade >>>> message. >>>> The client is still on the old distID and NO devID. >>>> Could you double-check? >>>> >>>> LSI: PLOT 4224.8888 1502 10.172.189.32 Mon Mar 13 08:02:11 2017 >>>> bos_srv-l014b Mon Mar 13 08:20:19 2017 bos_srv-l014b >>>> LSI: PLOT 4224.8888 1502 10.172.189.32 Mon Mar 13 07:43:23 2017 >>>> bos_srv-l014b Mon Mar 13 07:49:22 2017 bos_srv-l014b >>>> >>>> >>>> Thanks, >>>> >>>> >>>> *Donald Le* >>>> *Product Management and Support AIM Platform* >>>> *O*: 703-265-5645 <(703)%20265-5645> | *M*: 703-678-1073 >>>> <(703)%20678-1073> >>>> *AIM*: donald...@teamaol.com >>>> *AOL Inc**. 22070 Broderick Drive Dulles, VA 20166* >>>> >>>> On Mon, Mar 13, 2017 at 7:33 AM, Donald Le <donald...@teamaol.com> >>>> wrote: >>>> >>>>> Hi, >>>>> >>>>> >>>>> *The third said in the original email "No usage since August 2014 so >>>>> no need new DistID and DevID", which is clearly wrong. There's also that >>>>> "another libpurple" with distid 1502 which doesn't match any client we >>>>> own, >>>>> and we don't know how you found that one.* >>>>> I can't explain but you did the right thing to use 1718 for Finch. >>>>> >>>>> >>>>> *Did the 1718 distid get invalidated? Can you re-enable it so that we >>>>> don't have to make another release?* >>>>> Please try again now and let me know, I correct a typo in the devID >>>>> just now. >>>>> >>>>> Thanks, >>>>> >>>>> >>>>> *Donald Le* >>>>> *Product Management and Support AIM Platform* >>>>> *O*: 703-265-5645 <%28703%29%20265-5645> | *M*: 703-678-1073 >>>>> <%28703%29%20678-1073> >>>>> *AIM*: donald...@teamaol.com >>>>> *AOL Inc**. 22070 Broderick Drive Dulles, VA 20166* >>>>> >>>>> On Sun, Mar 12, 2017 at 1:25 PM, dequis <d...@dxzone.com.ar> wrote: >>>>> >>>>>> Hey Donald! >>>>>> >>>>>> As you may have heard we already released pidgin 2.12.0 (together >>>>>> with libpurple and finch 2.12.0), updating the distid/devids. >>>>>> >>>>>> Here's what we used: >>>>>> >>>>>> Pidgin: >>>>>> Distid: 1715 >>>>>> Devid: do1UCeb5gNqxB1S1 >>>>>> >>>>>> Libpurple: >>>>>> Distid: 1717 >>>>>> Devid: ma19CwYN9i9Mw5nY >>>>>> >>>>>> Finch: >>>>>> Distid: 1718 >>>>>> Devid: ma18nmEklXMR7Cj_ >>>>>> >>>>>> The first two are normal. >>>>>> >>>>>> The third said in the original email "No usage since August 2014 so >>>>>> no need new DistID and DevID", which is clearly wrong. There's also that >>>>>> "another libpurple" with distid 1502 which doesn't match any client we >>>>>> own, >>>>>> and we don't know how you found that one. >>>>>> >>>>>> So for the sake of avoiding a roundtrip in our communication and >>>>>> getting the release packaged ASAP, we went ahead and used the remaining >>>>>> 1718 distid for finch. >>>>>> >>>>>> This looks like it was a mistake, since we're now getting "Method not >>>>>> allowed - clientLogin Not Allowed for this devId" errors in finch. >>>>>> >>>>>> Did the 1718 distid get invalidated? Can you re-enable it so that we >>>>>> don't have to make another release? >>>>>> >>>>>> Thanks >>>>>> >>>>>> On 27 January 2017 at 01:54, Donald Le <donald...@teamaol.com> wrote: >>>>>> >>>>>>> All, >>>>>>> >>>>>>> My comments are inline. >>>>>>> >>>>>>> Thanks, >>>>>>> >>>>>>> >>>>>>> *Donald Le* >>>>>>> *Tech Director | Product Management and Support AIM Platform* >>>>>>> *O*: 703-265-5645 <%28703%29%20265-5645> | *M*: 703-678-1073 >>>>>>> <%28703%29%20678-1073> >>>>>>> *AIM*: donald...@teamaol.com >>>>>>> *AOL Inc*. 22070 Broderick Drive Dulles, VA 20166 >>>>>>> <image001.png> >>>>>>> >>>>>>> On Thu, Oct 27, 2016 at 8:45 AM, Donald Le <donald...@teamaol.com> >>>>>>> wrote: >>>>>>> >>>>>>>> All, >>>>>>>> >>>>>>>> Quick update: we had to delay AIM client upgrade due to other >>>>>>>> integration, the date is tbd. >>>>>>>> I will answer your questions in the coming weeks. >>>>>>>> >>>>>>>> >>>>>>>> Thanks, >>>>>>>> >>>>>>>> >>>>>>>> *Donald Le* >>>>>>>> *Tech Director | Product Management and Support AIM Platform* >>>>>>>> *O*: 703-265-5645 <%28703%29%20265-5645> | *M*: 703-678-1073 >>>>>>>> <%28703%29%20678-1073> >>>>>>>> *AIM*: donald...@teamaol.com >>>>>>>> *AOL Inc*. 22070 Broderick Drive Dulles, VA 20166 >>>>>>>> <image001.png> >>>>>>>> >>>>>>>> On Fri, Oct 14, 2016 at 2:58 AM, dequis <d...@dxzone.com.ar> wrote: >>>>>>>> >>>>>>>>> Hi, I have a couple of questions, since there may have been a >>>>>>>>> misunderstanding here. >>>>>>>>> >>>>>>>>> Pidgin currently supports three auth methods for AIM: >>>>>>>>> >>>>>>>>> - MD5 using slogin.oscar.aol.com. Uses the DistID, does not use >>>>>>>>> the DevID >>>>>>>>> >>>>>>>> >>>>>>> <Donald> All DistID used for login.oscar.aol.com and >>>>>>> slogin.oscar.aol.com will be blocked. The date is tbd and AIM >>>>>>> client upgrade will start Feb 24th 2017. >>>>>>> >>>>>>>> >>>>>>>>> - clientLogin aka OpenAuth using >>>>>>>>> api.screenname.aol.com/auth/clientLogin. Uses DistID and DevID. >>>>>>>>> Has >>>>>>>>> been the default setting for pidgin releases since 2009 >>>>>>>>> >>>>>>>> >>>>>>> <Donald> This login path will stay but you need to update the DistID >>>>>>> and DevID. We will give you a new set. >>>>>>> >>>>>>>> >>>>>>>>> - Kerberos using kdc.uas.aol.com. Uses DistID and DevID. >>>>>>>>> Introduced in >>>>>>>>> pidgin 2.11.0, released four months ago. >>>>>>>>> >>>>>>>> >>>>>>> <Donald> Same as above with OpenAuth. >>>>>>> >>>>>>>> >>>>>>>>> If I'm understanding this right, the first method is being >>>>>>>>> discontinued and the other two will continue working. It's >>>>>>>>> possible a >>>>>>>>> lot of users are using that - the account setting is a bit too >>>>>>>>> visible, so users might just switch to it for the sake of changing >>>>>>>>> settings. But as far as I can see, pidgin with the default >>>>>>>>> configuration won't stop working. >>>>>>>>> >>>>>>>> >>>>>>> <Donald> If Pidgin uses DistID = 1502 or 0, the login will be >>>>>>> blocked. >>>>>>> >>>>>>>> >>>>>>>>> What I don't understand is why we're changing the DistID and DevID. >>>>>>>>> I'm 90% sure that clientlogin sends both in the same way as the >>>>>>>>> official client. Did the previous ones get invalidated? >>>>>>>>> >>>>>>>> >>>>>>> <Donald> Yes. >>>>>>> >>>>>>>> >>>>>>>>> We're currently using these: >>>>>>>>> >>>>>>>>> Pidgin >>>>>>>>> DistID: 1550 >>>>>>>>> DevID: ma1cSASNCKFtrdv9 >>>>>>>>> >>>>>>>> >>>>>>> <Donald> I reached out to Pidgin, see below. >>>>>>> >>>>>>> From: Donald Le <donald...@teamaol.com> >>>>>>> Date: Thu, Sep 22, 2016 at 6:20 PM >>>>>>> Subject: Re: AIM login >>>>>>> To: Richard Vickery <r...@sfu.ca>, pid...@alexoren.com, Pidgin >>>>>>> Support List <support@pidgin.im> >>>>>>> >>>>>>> new DevID = do1UCeb5gNqxB1S1 >>>>>>> new distID = 1715 >>>>>>> >>>>>>> >>>>>>>>> Finch: >>>>>>>>> DistID: 1552 >>>>>>>>> DevID: ma19sqWV9ymU6UYc >>>>>>>>> >>>>>>>> >>>>>>> <Donald> No usage since August 2014 so no need new DistID and DevID. >>>>>>> >>>>>>>> >>>>>>>>> Libpurple: >>>>>>>>> DistID: 1553 >>>>>>>>> DevID: ma15d7JTxbmVG-RP >>>>>>>>> >>>>>>>> >>>>>>> <Donald> new DistID = 1717, new DevID = ma19CwYN9i9Mw5nY >>>>>>> >>>>>>> I found another Libpurple >>>>>>> DistID: 1502 with no DevID >> new DistID = 1718, new DevID = >>>>>>> ma18nmEklXMR7Cj_ >>>>>>> >>>>>>>> >>>>>>>>> The source code says they are owned by the AIM account >>>>>>>>> "markdoliner". >>>>>>>>> >>>>>>>>> Are these still valid? If they are, I think you can go ahead and >>>>>>>>> pull >>>>>>>>> the plug of the old auth method. >>>>>>>>> >>>>>>>>> Thanks >>>>>>>>> >>>>>>>>> >>>>>>>>> On 14 October 2016 at 01:11, Gary Kramlich <g...@reaperworld.com> >>>>>>>>> wrote: >>>>>>>>> > Hi Donald, >>>>>>>>> > >>>>>>>>> > This is Gary Kramlich the current maintainer of Pidgin. Please >>>>>>>>> excuse >>>>>>>>> > my tardiness in this matter as I haven't had much time to >>>>>>>>> dedicate to >>>>>>>>> > Pidgin in the past few weeks. >>>>>>>>> > >>>>>>>>> > That said. We are staging a new version which will have this >>>>>>>>> updates, >>>>>>>>> > but we will most likely miss the 20161016 date. If we could get >>>>>>>>> that >>>>>>>>> > extended it would be great. >>>>>>>>> > >>>>>>>>> > Also our code base has contains two clients that connect to AIM >>>>>>>>> and as >>>>>>>>> > I've learned recently they do not share keys. The other clients >>>>>>>>> name >>>>>>>>> > is Finch and if we could get a set of keys for it that would be >>>>>>>>> > awesome. Otherwise we'll just reuse the Pidgin ones for the time >>>>>>>>> > being. >>>>>>>>> > >>>>>>>>> > Also is there a web portal or something where we can manage this >>>>>>>>> keys? >>>>>>>>> > If so, please respond to me directly as I assume we'll want to >>>>>>>>> > control access to it. >>>>>>>>> > >>>>>>>>> > Thanks, >>>>>>>>> > >>>>>>>>> > -- >>>>>>>>> > Gary Kramlich <g...@reaperworld.com> >>>>>>>>> > >>>>>>>>> > _______________________________________________ >>>>>>>>> > Support@pidgin.im mailing list >>>>>>>>> > Want to unsubscribe? Use this link: >>>>>>>>> > https://pidgin.im/cgi-bin/mailman/listinfo/support >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >>> _______________________________________________ >>> Devel mailing list >>> de...@pidgin.im >>> https://pidgin.im/cgi-bin/mailman/listinfo/devel >>> >> >> >
_______________________________________________ Support@pidgin.im mailing list Want to unsubscribe? Use this link: https://pidgin.im/cgi-bin/mailman/listinfo/support