GNU bug report logs - #16880
24.3; oauth2: 401-responses not handled transparently [oauth2 0.10]

Previous Next

Package: emacs;

Reported by: Øyvind Stegard <oyvinst <at> ifi.uio.no>

Date: Tue, 25 Feb 2014 14:11:02 UTC

Severity: normal

Tags: moreinfo

Found in version 0.10

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Øyvind Stegard <oyvinst <at> ifi.uio.no>
To: bug-gnu-emacs <at> gnu.org
Subject: 24.3; oauth2: 401-responses not handled transparently [oauth2 0.10]
Date: Tue, 25 Feb 2014 15:10:23 +0100

Package: oauth2
Version: 0.10

I use oauth2.el to access the Google Contacts API and it has been
working fine for a long time. But in recent versions (after v0.9 I
think) I have been getting 401 http responses from Google whenever a
token refresh was necessary. Subsequently retrying the http request by
calling `oauth2-url-retrieve-synchronously' again makes it work OK, and
"200 OK" with expected results is returned.

It looks like the initial 401 http response, which is supposed to be
handled transparently, is what actually ends up in the buffer returned
by `oauth2-url-retrieve-synchronously' when a token refresh has been
automatically executed (in "oauth-hack" advice around
`url-http-handle-authentication'). (The token refresh itself seems to
work fine and is updated in the plstore.)

There is a hack in oauth2.el for hooking into url-http library
authentication handling, and the hack overrides the standard mechanism
by using an around-advice ("oauth-hack") and a conditional variable
which triggers the special behaviour when called from oauth2.

This advice sets the url internal variable `success' to t at the end,
but the advised function `url-http-handle-authentication' does not do
this after its own call to `url-retrieve-internal' at the end (in Emacs
24.3 at least).

I tried commenting out this (oauth2.el line 205):
   (when (boundp 'success) (setq success t)) ;For URL library in Emacs<24.4.

so `success' was not set to t. And this causes things to work like
expected; the initial 401-response is handled behind the scenes, and the
reponse of the last http request (with updated access token) is what
ends up in the buffer returned by `oauth2-url-retrieve-synchronously'. I
have not deep enough knowledge of the url library to see exactly why
this works, and I would appreciate if you could look into it.

To reproduce, I simply invalidate the access token in the oauth plstore,
forcing oauth2 to refresh it, before calling function
`oauth2-url-retrieve-synchronously'.


Also, what is the point of the (let ...) block with only variable
bindings and no body at line 196 in oauth.el ? (Parentheses mishap ?)


Thanks,

Øyvind S.
-- 
< Øyvind Stegard
 < http://stegard.net/
This bug report was last modified 3 years and 333 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.