GNU bug report logs - #72358
29.4; oauth2.el improvements

Previous Next

Package: emacs;

Reported by: Xiyue Deng <manphiz <at> gmail.com>

Date: Tue, 30 Jul 2024 02:20:01 UTC

Severity: normal

Found in version 29.4

Done: Philip Kaludercic <philipk <at> posteo.net>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Björn Bidar <bjorn.bidar <at> thaodan.de>
To: Robert Pluim <rpluim <at> gmail.com>
Cc: 72358 <at> debbugs.gnu.org, Xiyue Deng <manphiz <at> gmail.com>
Subject: bug#72358: 29.4; oauth2.el improvements
Date: Tue, 30 Jul 2024 17:05:21 +0300

Robert Pluim <rpluim <at> gmail.com> writes:

>     Xiyue> - This will invalidate all existing entries and a user will have to redo
>     Xiyue>   the authorization process again to get a new refresh token.  However,
>     Xiyue>   I think it's more important to ensure that oauth2.el works correctly
>     Xiyue>   for multiple accounts of the same provider, or a user may suffer from
>     Xiyue>   confusion when adding a new account invalidates a previous account.
>
> I donʼt think thatʼs too big a concern. 'modern' authentication flows
> regularly re-prompt, so this will not be too surprising (although
> maybe call it out in the packageʼs NEWS or README).

In many cases the refreshing of tokens is transparent to the user there
doesn't have to be a re-prompt to refresh the token if the OAuth
provider support it.
Micrsofts OAuth workflow is quite good in this regard as there's a
non-standard error to indicate when the user has to re-authorize the
application.

I assume all implementation of OAuth have their quirks.
This bug report was last modified 258 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.