GNU bug report logs - #16880
24.3; oauth2: 401-responses not handled transparently [oauth2 0.10]

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 16880 in the body.
You can then email your comments to 16880 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Øyvind Stegard <oyvinst <at> ifi.uio.no>
To: bug-gnu-emacs <at> gnu.org
Subject: 24.3; oauth2: 401-responses not handled transparently [oauth2 0.10]
Date: Tue, 25 Feb 2014 15:10:23 +0100

Package: oauth2
Version: 0.10

I use oauth2.el to access the Google Contacts API and it has been
working fine for a long time. But in recent versions (after v0.9 I
think) I have been getting 401 http responses from Google whenever a
token refresh was necessary. Subsequently retrying the http request by
calling `oauth2-url-retrieve-synchronously' again makes it work OK, and
"200 OK" with expected results is returned.

It looks like the initial 401 http response, which is supposed to be
handled transparently, is what actually ends up in the buffer returned
by `oauth2-url-retrieve-synchronously' when a token refresh has been
automatically executed (in "oauth-hack" advice around
`url-http-handle-authentication'). (The token refresh itself seems to
work fine and is updated in the plstore.)

There is a hack in oauth2.el for hooking into url-http library
authentication handling, and the hack overrides the standard mechanism
by using an around-advice ("oauth-hack") and a conditional variable
which triggers the special behaviour when called from oauth2.

This advice sets the url internal variable `success' to t at the end,
but the advised function `url-http-handle-authentication' does not do
this after its own call to `url-retrieve-internal' at the end (in Emacs
24.3 at least).

I tried commenting out this (oauth2.el line 205):
   (when (boundp 'success) (setq success t)) ;For URL library in Emacs<24.4.

so `success' was not set to t. And this causes things to work like
expected; the initial 401-response is handled behind the scenes, and the
reponse of the last http request (with updated access token) is what
ends up in the buffer returned by `oauth2-url-retrieve-synchronously'. I
have not deep enough knowledge of the url library to see exactly why
this works, and I would appreciate if you could look into it.

To reproduce, I simply invalidate the access token in the oauth plstore,
forcing oauth2 to refresh it, before calling function
`oauth2-url-retrieve-synchronously'.


Also, what is the point of the (let ...) block with only variable
bindings and no body at line 196 in oauth.el ? (Parentheses mishap ?)


Thanks,

Øyvind S.
-- 
< Øyvind Stegard
 < http://stegard.net/

Message #8 received at 16880 <at> debbugs.gnu.org (full text, mbox):

From: Glenn Morris <rgm <at> gnu.org>
To: Øyvind Stegard <oyvinst <at> ifi.uio.no>
Cc: 16880 <at> debbugs.gnu.org
Subject: Re: bug#16880: 24.3;
 oauth2: 401-responses not handled transparently [oauth2 0.10]
Date: Tue, 25 Feb 2014 11:51:14 -0500

Øyvind Stegard wrote:

> Package: oauth2

There is no package "oauth2" on debbugs.gnu.org, so your report ended up
on the help-debbugs mailing list. You seem to be talking about a GNU
ELPA package, so I have reassigned your issue to the "emacs" package.
This message, and all future ones, will go to the bug-gnu-emacs list.

> Version: 0.10
>
> I use oauth2.el to access the Google Contacts API and it has been
> working fine for a long time. But in recent versions (after v0.9 I
> think) I have been getting 401 http responses from Google whenever a
> token refresh was necessary. Subsequently retrying the http request by
> calling `oauth2-url-retrieve-synchronously' again makes it work OK, and
> "200 OK" with expected results is returned.
>
> It looks like the initial 401 http response, which is supposed to be
> handled transparently, is what actually ends up in the buffer returned
> by `oauth2-url-retrieve-synchronously' when a token refresh has been
> automatically executed (in "oauth-hack" advice around
> `url-http-handle-authentication'). (The token refresh itself seems to
> work fine and is updated in the plstore.)
>
> There is a hack in oauth2.el for hooking into url-http library
> authentication handling, and the hack overrides the standard mechanism
> by using an around-advice ("oauth-hack") and a conditional variable
> which triggers the special behaviour when called from oauth2.
>
> This advice sets the url internal variable `success' to t at the end,
> but the advised function `url-http-handle-authentication' does not do
> this after its own call to `url-retrieve-internal' at the end (in Emacs
> 24.3 at least).
>
> I tried commenting out this (oauth2.el line 205):
>    (when (boundp 'success) (setq success t)) ;For URL library in Emacs<24.4.
>
> so `success' was not set to t. And this causes things to work like
> expected; the initial 401-response is handled behind the scenes, and the
> reponse of the last http request (with updated access token) is what
> ends up in the buffer returned by `oauth2-url-retrieve-synchronously'. I
> have not deep enough knowledge of the url library to see exactly why
> this works, and I would appreciate if you could look into it.
>
> To reproduce, I simply invalidate the access token in the oauth plstore,
> forcing oauth2 to refresh it, before calling function
> `oauth2-url-retrieve-synchronously'.
>
>
> Also, what is the point of the (let ...) block with only variable
> bindings and no body at line 196 in oauth.el ? (Parentheses mishap ?)
>
>
> Thanks,
>
> Øyvind S.

Message #11 received at 16880 <at> debbugs.gnu.org (full text, mbox):

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Øyvind Stegard <oyvinst <at> ifi.uio.no>
Cc: 16880 <at> debbugs.gnu.org
Subject: Re: bug#16880: 24.3; oauth2: 401-responses not handled
 transparently [oauth2 0.10]
Date: Sat, 29 May 2021 13:52:25 +0200

Øyvind Stegard <oyvinst <at> ifi.uio.no> writes:

> I use oauth2.el to access the Google Contacts API and it has been
> working fine for a long time. But in recent versions (after v0.9 I
> think) I have been getting 401 http responses from Google whenever a
> token refresh was necessary. Subsequently retrying the http request by
> calling `oauth2-url-retrieve-synchronously' again makes it work OK, and
> "200 OK" with expected results is returned.

(I'm going through old bug reports that unfortunately got no response at
the time.)

Are you still seeing this issue with more recent versions of oauth2?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

Message #16 received at 16880 <at> debbugs.gnu.org (full text, mbox):

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Øyvind Stegard <oyvinst <at> ifi.uio.no>
Cc: 16880 <at> debbugs.gnu.org
Subject: Re: bug#16880: 24.3; oauth2: 401-responses not handled
 transparently [oauth2 0.10]
Date: Sat, 26 Jun 2021 14:43:43 +0200

Lars Ingebrigtsen <larsi <at> gnus.org> writes:

> Are you still seeing this issue with more recent versions of oauth2?

More information was requested, but no response was given within a
month, so I'm closing this bug report.  If the problem still exists,
please respond to this email and we'll reopen the bug report.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.