GNOME 3.6: GNOME Online Accounts and Google two-factor authentication

goa-panel In GNOME 3.4 (Fedora 17), GNOME Online Accounts (GOA) worked great with Google two-factor authentication (you really should enable that, if you value your data). In GNOME 3.6 (Fedora 18) it works no more, and it might be fixed in GNOME 3.8. When developers break some existing functionality for the sake of “progress”, but don’t bother fixing it or providing an alternative way before an official release, I always feel a bit… disenchanted.

Fortunately you can work around the broken code.

  1. Open Seahorse, filter your passwords for “GOA”, you should see one or two items of “Gnome Online Accounts password” type. Delete them.
  2. Re-login to Gnome session.
  3. Open Online Accounts and log in to your Google account. It will fail.
  4. Create an application-specific password for your Google account in the web browser.
  5. Open Seahorse, filter your password for “GOA”, you should see a single item. Open it and display the password. It will be very long, find the following section: 'password': <'your_password'>.
  6. Replace your_password with your application-specific password you’ve generated.
  7. Close Seahorse and re-login to your Gnome session.
  8. Online accounts should work now. It worked for me.

It would be really nice if we didn’t have to fix this stuff by hand. Every time I upgrade I have to do lots of these kinds of magic fixes. In Fedora 18, this was one of the minor issues. The big issues still await me.

Flattr this

GNOME 3.6: GNOME Online Accounts and Google two-factor authentication

42 thoughts on “GNOME 3.6: GNOME Online Accounts and Google two-factor authentication

  1. Magnum says:

    Can you help me, it is no working for me, what do you mean by re-login to your Gnome session? in gnome 18 you cant log out if you only have one user, which is my case. Also everytime i try to re login on the online user acounts after setting my aplication specific pass on the seahorse, it resets the password there…

    1. Yes, removing “Log Out” was a very poor decision from the GNOME team. You can still trigger it by running “gnome-session-quit” or creating another user, but the easiest solution is just to reboot completely.

  2. I just tried this several times and it still doesn’t work for me. I also noticed that the seahorse pop up for the GOA store gets very flakey on displaying when you mess with the password.

  3. martin says:

    sadly, this is also not working for me. after setting the password in seahorse and re-login, authentication fails again😦
    i’m unable to use google talk in empathy and disappointed.

  4. Same here. After wiping the GOA passwords in Seahorse and removing the entry in GOA, I created a new account, changed the password, logged out. Upon logging back in, was told credentials has expired. Verified the manually-entered application-specific password is still there in Seahorse, restarted — no difference.

    It’s a bit maddening how GOA does not allow the use of app-specific passwords; in GNOME 3.4 I recall using it just fine with Empathy.

    ps on Fedora 18 as well, g-o-a 3.6.2. Perhaps something breaks during an update?

    1. Ah, silly me — one is meant to replace the password *within* the dictionary that’s stored as the GOA password, not replace the entire dictionary with the app-specific password. Works now. Though finding that, while Empathy works with Google Talk, enabling Facebook chat through GOA crashes it. Sigh.

      Muchas gracias!

  5. Eduard Drenth says:

    This works for me, but…directly after this evolution crashes with a segmentation fault:

    Apr 27 17:40:19 eduard-TECRA-S11 kernel: [ 2334.784111] pool[4947]: segfault at 0 ip 00007ffd22abb429 sp 00007ffd0d3ef4e0 error 4 in libgoa-1.0.so.0.0.0[7ffd22aa6000+37000]

    1. Anonymous says:

      I forgot to say: schroedinger’s cat (fed.19) – it took some seconds (patience…) then it worked really fine.

  6. Gnome 3.8, Ubuntu 13.04.
    Upon signing on to GOA w/ 2-factor auth, the GOA entry in the Login keyring, as seen in Seahorse, had key-value pairs w/ the following keys: ‘authorization_code’, ‘access_token’, ‘access_token_expires_at’, ‘refresh_token’. There wasn’t a key named ‘password’, so I added it and set its value to an app-specific Google password. I continue to get the notifications about not being connected to my online account.

      1. Ditto here… last f#*%ing straw for Gnome3 (this and the terrible things they’ve done to nautilus)… I’ve put up with a lot of c%@p so far but I’m out… my solution: new window manager.

Leave a Reply (Markdown syntax supported)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s