Add support for Yandex account in gnome-online-accounts

In response to a request from the gnome-online-accounts package maintainer in MR Yandex support (!124) · Merge requests · GNOME / gnome-online-accounts · GitLab, I suggest you discuss adding Yandex account support to gnome-online-accounts on the Discourse platform.

Why you need separate support for the Yandex account in GNOME.

Answering the maintainer’s question in the last message in the specified MR, it should be noted that some Yandex services that can be integrated into GNOME do not provide the ability to use protocols such as WebDAV. In particular, this applies to the Yandex. Disk service, which limits the speed of data exchange when using WebDAV. To work with the service at maximum speed, there is a REST API. The developers who opened MR discussed in detail the problems and solutions of Yandex account integration in their report at the 19th Free Software Developers Conference. The recording of the speech is available on YouTube in Russian (English subtitles are available) https://youtu.be/vlFugB-_KwE?si=upKr3i5wMZhsiOw1.

Target audience of the Yandex account.

Yandex is widely distributed in the CIS countries, such as Russia, Belarus, Uzbekistan, Kazakhstan, as well as in Ukraine, Turkey, Germany, and other EU countries.

How Yandex account integration will help users of free software.

Yandex is a good alternative to Google and Microsoft, providing a large number of free and well-localized services for CIS. Its integration will allow users of free software based on the GNOME technology stack to get a more convenient way to interact with the usual services in their system.

issue about this topic: Support for Yandex (#30) · Issues · GNOME / gnome-online-accounts · GitLab

6 Likes

It sounds like the only thing unique Yandex may need is for files, but that must be implemented in a library (as with libgdata and msgraph), but most important is someone willing to maintain it.

So since we can’t rely on closed-source companies to consider us when changing their APIs, a dedicated maintainer is one of the requirements. The other requirement would be a backend written for Gvfs, since that’s really the only way to qualify as having support in a core application. A small amount of code would have to be added to Evolution Data Server as well, which I believe was mentioned in the video you linked to.

Aside from the technical bits, we would need…

  • An OAuth client ID setup in coordination with the Infrastructure Team, since they administer credentials for the community’s accounts.
  • Clear Terms of Service for Yandex, to ensure we aren’t exposing the GNOME Foundation to any legal risk.

As part of the study of the legal component of the issue, I suggest that you consider the following resources:

To implement access to the account, you can use the standardized OAuth authentication method with the specified access rights.

Despite the fact that this method of obtaining data is standard for applications that use a Yandex account, I will try to request additional information about the legal side of the issue in the near future, as well as Yandex support contact information for contacting members of the GNOME Foundation.

I also suggest involving the original authors of MR in the discussion, since they seemed to have some experience in integrating Yandex. Disk via gvfs. I will try to involve them in this discussion.

1 Like

Thanks for the links! I am not a lawyer, but I had a quick look through the Yandex.Disk API Terms of Use and here are my initial remarks.

1.1. Terms and Definitions

[…]

User shall mean a developer using the Service to integrate Yandex.Disk functionality into its own Software Product;

For reference, “User” in the context means GNOME Online Accounts or the GNOME project.

2.2. In case of excess of the maximum Service hits – 40 (forty) requests per second the Service access may be restricted or discontinued.

That’s pretty low, if this is the rate limit for the project as a whole.

3.2. By using the Service, the User shall authorize Yandex to use logos, trademarks and/or trade names of the User, its Software Products and/or website for information, advertising and marketing purposes without any further consent of the User and without any fee payable to the User for such use.

This may be problematic for the GNOME Foundation. It will certainly require sign-off from the board of directors.

4.2. The User shall be solely and fully responsible for the use and safety of its OAuth Token. The User may not obtain the OAuth Token for any third party or transfer or provide it to any third party. Yandex shall not be liable for any unauthorized third-party use of the OAuth Token. Any actions performed within the Service through the User’s OAuth Token shall be deemed performed by such User.

This is iffy, considering how goa-daemon works, but strictly speaking this is in line with our policy of core applications only.

The rest of the document seems like standard level of awful that’s common to all these services. That being said, there’s enough here that we’ll have to let the GNOME Foundation assess the situation, assuming someone volunteers to write the Yandex.Disk library.