Thanks Crystal. I don't believe the pidgin team made any additional changes, so I assume you found a way to work around the issue below?
> On Apr 11, 2017, at 11:52 AM, Crystal Birnie <crystal.bir...@teamaol.com> > wrote: > > Confirmed. The change was made. > > Sent from my iPhone > >> On Apr 11, 2017, at 11:40 AM, Mark Zeldis <mark.zel...@gmail.com> wrote: >> >> >> Donald, >> >> Can you confirm that you made the change last night? I believe that the MD5 >> login (and AIM 7.5) are gone. >> >> Pidgin appears to be working still. I guess there was no issue after all? >> Are we good going forward? >> >> Thanks everyone. >> >> -Mark Zeldis >> >> >>> On Thu, Apr 6, 2017 at 9:05 AM, Donald Le <donald...@teamaol.com> wrote: >>> Eio et al, >>> >>> I was able to verify with Pidgin 2.12.0, startOSCARSession has the correct >>> info distId=1715&f=xml&k=do1UCeb5gNqxB1S1 but they were not passed through >>> our rules. >>> >>> Could you add to imApp=Pidgin/2.12.0 the devID? It should read: >>> Pidgin/2.12.0 key=do1UCeb5gNqxB1S1. >>> >>> Our trace log should read: Got FLAP CLIENT IDENTITY Pidgin/2.12.0 >>> key=do1UCeb5gNqxB1S1 >>> Note:...2.12.0(space)key... >>> >>> >>> Thanks, >>> >>> Donald Le >>> Product Management and Support AIM Platform >>> O: 703-265-5645 | M: 703-678-1073 >>> AIM: donald...@teamaol.com >>> AOL Inc. 22070 Broderick Drive Dulles, VA 20166 >>> >>>> On Mon, Apr 3, 2017 at 10:49 PM, Eion Robb <e...@robbmob.com> wrote: >>>> Hi Donald, >>>> >>>> We've heard through a few of our support channels that you're still seeing >>>> people not using the correct details when they're logging into AIM from >>>> Pidgin. >>>> >>>> Dequis emailed you last month with the urls that we're fetching that are >>>> indeed showing distId=1715 and devId=do1UCeb5gNqxB1S1 - he also asked if >>>> you could send through the details of your Pidgin version that you were >>>> testing with. >>>> >>>> Are you able to confirm which auth URLs we should be using so we can try >>>> track down why you're not seeing the updated distId/devId? >>>> >>>> Cheers, >>>> Eion >>>> >>>>> On 14 March 2017 at 05:01, dequis <d...@dxzone.com.ar> wrote: >>>>> Hi, can confirm that finch is fixed now, thank you! >>>>> >>>>> That issue with pidgin 2.12.0 is really odd! I just tested both windows >>>>> installers (online and offline) and they seem fine. We did have one user >>>>> reporting a similar issue, but we couldn't reproduce it or explain it. >>>>> >>>>> Please verify the version with buddy list -> help menu -> about, the >>>>> first line should say "Pidgin 2.12.0 (libpurple 2.12.0)" followed by >>>>> "unknown". Also, help menu -> plugin information should say 2.12.0 for >>>>> the AIM plugin. That kind of mixup is rare but who knows! >>>>> >>>>> You can also enable extra debug by opening cmd.exe and doing "set >>>>> PURPLE_UNSAFE_DEBUG=1" before executing pidgin. >>>>> >>>>> Then open help menu -> debug window and connect the account. This is what >>>>> I get: >>>>> >>>>>> [...] >>>>>> (12:27:52) certificate: Successfully verified certificate for >>>>>> api.screenname.aol.com >>>>>> (12:27:52) util: Request: 'POST /auth/clientLogin HTTP/1.0 >>>>>> Connection: close >>>>>> Accept: */* >>>>>> Content-Type: application/x-www-form-urlencoded; charset=UTF-8 >>>>>> Content-Length: 85 >>>>>> >>>>>> devId=do1UCeb5gNqxB1S1&f=xml&pwd=[password]&s=dx%40dxzone.com.ar' >>>>>> (12:27:53) util: Response headers: 'HTTP/1.1 200 OK >>>>>> [...] >>>>>> (12:27:53) util: requested to fetch >>>>>> (https://api.oscar.aol.com/aim/startOSCARSession?a=[access >>>>>> token]&distId=1715&f=xml&k=do1UCeb5gNqxB1S1&ts=1489418868&useTLS=1&sig_sha256=[signature]), >>>>>> full=1, user_agent=((null)), http11=0 >>>>> >>>>> >>>>> So as far as I can see everything is fine. I hope that helps narrow it >>>>> down. >>>>> >>>>> By the way, is the message supposed to be shown on every login from a >>>>> legacy auth method? I don't see it when I intentionally set pidgin to >>>>> connect to "login.oscar.aol.com" with "don't use encryption" and >>>>> "MD5-based" - it just succeeds without complaining. >>>>> >>>>> By the way, slogin.oscar.aol.com is down but login.oscar.aol.com isn't. I >>>>> thought slogin.oscar.aol.com was supposed to die at the end of this >>>>> month. I think that's breaking adium (mac OS X pidgin derivative) and we >>>>> still haven't managed to contact their devs to fix it. So what is the >>>>> fate of slogin supposed to be? >>>>> >>>>> Thanks. >>>>> >>>>>> On 13 March 2017 at 09:38, Donald Le <donald...@teamaol.com> wrote: >>>>>> Hi again, >>>>>> >>>>>> I download Pidgin 2.12.0 and test login. >>>>>> >>>>>> The "new" distID and devID were not used, and I received the upgrade >>>>>> message. >>>>>> The client is still on the old distID and NO devID. >>>>>> Could you double-check? >>>>>> >>>>>> LSI: PLOT 4224.8888 1502 10.172.189.32 Mon Mar 13 08:02:11 2017 >>>>>> bos_srv-l014b Mon Mar 13 08:20:19 2017 bos_srv-l014b >>>>>> >>>>>> LSI: PLOT 4224.8888 1502 10.172.189.32 Mon Mar 13 07:43:23 2017 >>>>>> bos_srv-l014b Mon Mar 13 07:49:22 2017 bos_srv-l014b >>>>>> >>>>>> Thanks, >>>>>> >>>>>> Donald Le >>>>>> Product Management and Support AIM Platform >>>>>> O: 703-265-5645 | M: 703-678-1073 >>>>>> AIM: donald...@teamaol.com >>>>>> AOL Inc. 22070 Broderick Drive Dulles, VA 20166 >>>>>> >>>>>>> On Mon, Mar 13, 2017 at 7:33 AM, Donald Le <donald...@teamaol.com> >>>>>>> wrote: >>>>>>> Hi, >>>>>>> >>>>>>> The third said in the original email "No usage since August 2014 so no >>>>>>> need new DistID and DevID", which is clearly wrong. There's also that >>>>>>> "another libpurple" with distid 1502 which doesn't match any client we >>>>>>> own, and we don't know how you found that one. >>>>>>> I can't explain but you did the right thing to use 1718 for Finch. >>>>>>> >>>>>>> Did the 1718 distid get invalidated? Can you re-enable it so that we >>>>>>> don't have to make another release? >>>>>>> Please try again now and let me know, I correct a typo in the devID >>>>>>> just now. >>>>>>> >>>>>>> Thanks, >>>>>>> >>>>>>> Donald Le >>>>>>> Product Management and Support AIM Platform >>>>>>> O: 703-265-5645 | M: 703-678-1073 >>>>>>> AIM: donald...@teamaol.com >>>>>>> AOL Inc. 22070 Broderick Drive Dulles, VA 20166 >>>>>>> >>>>>>>> On Sun, Mar 12, 2017 at 1:25 PM, dequis <d...@dxzone.com.ar> wrote: >>>>>>>> Hey Donald! >>>>>>>> >>>>>>>> As you may have heard we already released pidgin 2.12.0 (together with >>>>>>>> libpurple and finch 2.12.0), updating the distid/devids. >>>>>>>> >>>>>>>> Here's what we used: >>>>>>>> >>>>>>>> Pidgin: >>>>>>>> Distid: 1715 >>>>>>>> Devid: do1UCeb5gNqxB1S1 >>>>>>>> >>>>>>>> Libpurple: >>>>>>>> Distid: 1717 >>>>>>>> Devid: ma19CwYN9i9Mw5nY >>>>>>>> >>>>>>>> Finch: >>>>>>>> Distid: 1718 >>>>>>>> Devid: ma18nmEklXMR7Cj_ >>>>>>>> >>>>>>>> The first two are normal. >>>>>>>> >>>>>>>> The third said in the original email "No usage since August 2014 so no >>>>>>>> need new DistID and DevID", which is clearly wrong. There's also that >>>>>>>> "another libpurple" with distid 1502 which doesn't match any client we >>>>>>>> own, and we don't know how you found that one. >>>>>>>> >>>>>>>> So for the sake of avoiding a roundtrip in our communication and >>>>>>>> getting the release packaged ASAP, we went ahead and used the >>>>>>>> remaining 1718 distid for finch. >>>>>>>> >>>>>>>> This looks like it was a mistake, since we're now getting "Method not >>>>>>>> allowed - clientLogin Not Allowed for this devId" errors in finch. >>>>>>>> >>>>>>>> Did the 1718 distid get invalidated? Can you re-enable it so that we >>>>>>>> don't have to make another release? >>>>>>>> >>>>>>>> Thanks >>>>>>>> >>>>>>>>> On 27 January 2017 at 01:54, Donald Le <donald...@teamaol.com> wrote: >>>>>>>>> All, >>>>>>>>> >>>>>>>>> My comments are inline. >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> >>>>>>>>> Donald Le >>>>>>>>> Tech Director | Product Management and Support AIM Platform >>>>>>>>> O: 703-265-5645 | M: 703-678-1073 >>>>>>>>> AIM: donald...@teamaol.com >>>>>>>>> AOL Inc. 22070 Broderick Drive Dulles, VA 20166 >>>>>>>>> <image001.png> >>>>>>>>> >>>>>>>>>> On Thu, Oct 27, 2016 at 8:45 AM, Donald Le <donald...@teamaol.com> >>>>>>>>>> wrote: >>>>>>>>>> All, >>>>>>>>>> >>>>>>>>>> Quick update: we had to delay AIM client upgrade due to other >>>>>>>>>> integration, the date is tbd. >>>>>>>>>> I will answer your questions in the coming weeks. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> >>>>>>>>>> Donald Le >>>>>>>>>> Tech Director | Product Management and Support AIM Platform >>>>>>>>>> O: 703-265-5645 | M: 703-678-1073 >>>>>>>>>> AIM: donald...@teamaol.com >>>>>>>>>> AOL Inc. 22070 Broderick Drive Dulles, VA 20166 >>>>>>>>>> <image001.png> >>>>>>>>>> >>>>>>>>>>> On Fri, Oct 14, 2016 at 2:58 AM, dequis <d...@dxzone.com.ar> wrote: >>>>>>>>>>> Hi, I have a couple of questions, since there may have been a >>>>>>>>>>> misunderstanding here. >>>>>>>>>>> >>>>>>>>>>> Pidgin currently supports three auth methods for AIM: >>>>>>>>>>> >>>>>>>>>>> - MD5 using slogin.oscar.aol.com. Uses the DistID, does not use the >>>>>>>>>>> DevID >>>>>>>>> >>>>>>>>> <Donald> All DistID used for login.oscar.aol.com and >>>>>>>>> slogin.oscar.aol.com will be blocked. The date is tbd and AIM client >>>>>>>>> upgrade will start Feb 24th 2017. >>>>>>>>>>> >>>>>>>>>>> - clientLogin aka OpenAuth using >>>>>>>>>>> api.screenname.aol.com/auth/clientLogin. Uses DistID and DevID. Has >>>>>>>>>>> been the default setting for pidgin releases since 2009 >>>>>>>>> >>>>>>>>> <Donald> This login path will stay but you need to update the DistID >>>>>>>>> and DevID. We will give you a new set. >>>>>>>>>>> >>>>>>>>>>> - Kerberos using kdc.uas.aol.com. Uses DistID and DevID. Introduced >>>>>>>>>>> in >>>>>>>>>>> pidgin 2.11.0, released four months ago. >>>>>>>>> >>>>>>>>> <Donald> Same as above with OpenAuth. >>>>>>>>>>> >>>>>>>>>>> If I'm understanding this right, the first method is being >>>>>>>>>>> discontinued and the other two will continue working. It's possible >>>>>>>>>>> a >>>>>>>>>>> lot of users are using that - the account setting is a bit too >>>>>>>>>>> visible, so users might just switch to it for the sake of changing >>>>>>>>>>> settings. But as far as I can see, pidgin with the default >>>>>>>>>>> configuration won't stop working. >>>>>>>>> >>>>>>>>> <Donald> If Pidgin uses DistID = 1502 or 0, the login will be >>>>>>>>> blocked. >>>>>>>>>>> >>>>>>>>>>> What I don't understand is why we're changing the DistID and DevID. >>>>>>>>>>> I'm 90% sure that clientlogin sends both in the same way as the >>>>>>>>>>> official client. Did the previous ones get invalidated? >>>>>>>>> >>>>>>>>> <Donald> Yes. >>>>>>>>>>> >>>>>>>>>>> We're currently using these: >>>>>>>>>>> >>>>>>>>>>> Pidgin >>>>>>>>>>> DistID: 1550 >>>>>>>>>>> DevID: ma1cSASNCKFtrdv9 >>>>>>>>> >>>>>>>>> <Donald> I reached out to Pidgin, see below. >>>>>>>>> >>>>>>>>> From: Donald Le <donald...@teamaol.com> >>>>>>>>> Date: Thu, Sep 22, 2016 at 6:20 PM >>>>>>>>> Subject: Re: AIM login >>>>>>>>> To: Richard Vickery <r...@sfu.ca>, pid...@alexoren.com, Pidgin >>>>>>>>> Support List <support@pidgin.im> >>>>>>>>> >>>>>>>>> new DevID = do1UCeb5gNqxB1S1 >>>>>>>>> new distID = 1715 >>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Finch: >>>>>>>>>>> DistID: 1552 >>>>>>>>>>> DevID: ma19sqWV9ymU6UYc >>>>>>>>> >>>>>>>>> <Donald> No usage since August 2014 so no need new DistID and DevID. >>>>>>>>>>> >>>>>>>>>>> Libpurple: >>>>>>>>>>> DistID: 1553 >>>>>>>>>>> DevID: ma15d7JTxbmVG-RP >>>>>>>>> >>>>>>>>> <Donald> new DistID = 1717, new DevID = ma19CwYN9i9Mw5nY >>>>>>>>> >>>>>>>>> I found another Libpurple >>>>>>>>> DistID: 1502 with no DevID >> new DistID = 1718, new DevID = >>>>>>>>> ma18nmEklXMR7Cj_ >>>>>>>>>>> >>>>>>>>>>> The source code says they are owned by the AIM account >>>>>>>>>>> "markdoliner". >>>>>>>>>>> >>>>>>>>>>> Are these still valid? If they are, I think you can go ahead and >>>>>>>>>>> pull >>>>>>>>>>> the plug of the old auth method. >>>>>>>>>>> >>>>>>>>>>> Thanks >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On 14 October 2016 at 01:11, Gary Kramlich <g...@reaperworld.com> >>>>>>>>>>> wrote: >>>>>>>>>>> > Hi Donald, >>>>>>>>>>> > >>>>>>>>>>> > This is Gary Kramlich the current maintainer of Pidgin. Please >>>>>>>>>>> > excuse >>>>>>>>>>> > my tardiness in this matter as I haven't had much time to >>>>>>>>>>> > dedicate to >>>>>>>>>>> > Pidgin in the past few weeks. >>>>>>>>>>> > >>>>>>>>>>> > That said. We are staging a new version which will have this >>>>>>>>>>> > updates, >>>>>>>>>>> > but we will most likely miss the 20161016 date. If we could get >>>>>>>>>>> > that >>>>>>>>>>> > extended it would be great. >>>>>>>>>>> > >>>>>>>>>>> > Also our code base has contains two clients that connect to AIM >>>>>>>>>>> > and as >>>>>>>>>>> > I've learned recently they do not share keys. The other clients >>>>>>>>>>> > name >>>>>>>>>>> > is Finch and if we could get a set of keys for it that would be >>>>>>>>>>> > awesome. Otherwise we'll just reuse the Pidgin ones for the time >>>>>>>>>>> > being. >>>>>>>>>>> > >>>>>>>>>>> > Also is there a web portal or something where we can manage this >>>>>>>>>>> > keys? >>>>>>>>>>> > If so, please respond to me directly as I assume we'll want to >>>>>>>>>>> > control access to it. >>>>>>>>>>> > >>>>>>>>>>> > Thanks, >>>>>>>>>>> > >>>>>>>>>>> > -- >>>>>>>>>>> > Gary Kramlich <g...@reaperworld.com> >>>>>>>>>>> > >>>>>>>>>>> > _______________________________________________ >>>>>>>>>>> > Support@pidgin.im mailing list >>>>>>>>>>> > Want to unsubscribe? Use this link: >>>>>>>>>>> > https://pidgin.im/cgi-bin/mailman/listinfo/support >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Devel mailing list >>>>> de...@pidgin.im >>>>> https://pidgin.im/cgi-bin/mailman/listinfo/devel >>>> >>> >>
_______________________________________________ Support@pidgin.im mailing list Want to unsubscribe? Use this link: https://pidgin.im/cgi-bin/mailman/listinfo/support
