The past couple of days I've been working on implementing the GNOME 3
Authorization Dialog. The implementation uses
PolicyKit to achieve this and is conceptually very simple: the Shell process itself just implements the
org.freedesktop.PolicyKit1.AuthenticationAgent interface to handle authentication requests from the system-wide authority (
video).
For authentication, the Shell is using the existing code that in turn uses PAM. This means that the Authorization Dialog will work out-of-the-box with e.g. fingerprint readers, provided, of course, that the PAM stack has been set up correctly (video).
Additionally, the code has been tested with pam_rps - a PAM module whereby you authenticate by proving that you are smart enough to win in Rock-paper-scissors. The idea is that if your application works with pam_rps, then there's a good chance that it will work with any PAM module (video).
One major difference - and something I've been wanting to do for a while - is that the dialogs are now system-modal. In addition to fixing a lot of focus problems, this also makes the dialogs look more trustworthy since they are part of the actual shell. They're also way prettier.
(Bonus chatter: Of course, there's an emphasis on look in the above paragraph because any random app can still go full-screen to fool the user to give them their password. To do this in a more secure way, we need to use the Secure Attention Key and run the dialog in another security context etc. It's an open question whether it's even worth it to do this. But I digress.)
You can find the current code drop in this bug.