Why not get rid of appspot dependency at all? about acd_cli HOT 10 CLOSED

Thanks @calisro and @flurischt, I'll see about what can be done locally if a key opens up.

from acd_cli.

The ticket is labeled as "why not...", so that was my devil's advocate hat. I'm with you on this one. More generally, since the model here is really users accessing their own files, we're hitting a strange case of oauth tokens since the third party access is the user.

from acd_cli.

Maybe one more comment about this: Another upside to moving the webserver to the client is the appspot api limit. The current proxy seems to be hitting the limit a lot. Only solution is to either pay or move away from there. I don't think yadayada would want to pay the resources of this proxy.

from acd_cli.

Yep. I was discussing this yesterday with others. Totally agree.

#1 (comment)

from acd_cli.

I'm going to learn about amazon's security profiles today; this approach may not be possible if amazon requires one whitelisted app; that proxy will need to run somewhere and I'd guess why the current system was built the way it was.

from acd_cli.

Rclone doesn't use a proxy. The proxy is done on the client.

from acd_cli.

I don't think an external proxy is needed. The client id (or however Amazon calls it) is just to identify what application is talking to the api and this way the user can see in the settings which applications have access to the drive. If Amazon allows any redirect urls then in my opinion there's no need for an external proxy. Let me know if I can be of any help.

from acd_cli.

Better answer: because the security profile would be publicly visible, and other apps could masquerade as acdcli. Rclone has this issue due to not running a proxy.

I'm not sure if that's a showstopper (especially if rclone does it), but it at least answers the ticket.

from acd_cli.

Instead of exposing the security profile ID, the thousands of clients instead incur the risk of an intermediate server spilling tokens due to either malicious or accidental reasons? ha. With that intermediate server there is NO WAY TO PREVENT the owner of that server (or anyone who has the means to access it) from viewing everyone's unencrypted files. Worse yet, you wouldn't even know it happened. 👍 oh and this also means you have a single point of failure outside of the actual ACD service.

"Fool me once, shame on you. Fool me twice, shame on me."

from acd_cli.

https://www.reddit.com/r/DataHoarder/comments/6c9fnj/acd_support_may_return_to_rclone/

Seems like having the secret local is not an option. Then a proxy is the only way. :(

from acd_cli.