GNU bug report logs - #72358
29.4; oauth2.el improvements

Previous Next

Full log

Message #83 received at 72358 <at> debbugs.gnu.org (full text, mbox):

From: Xiyue Deng <manphiz <at> gmail.com>
To: Björn Bidar <bjorn.bidar <at> thaodan.de>
Cc: Robert Pluim <rpluim <at> gmail.com>, 72358 <at> debbugs.gnu.org
Subject: Re: bug#72358: 29.4; oauth2.el improvements
Date: Thu, 08 Aug 2024 01:28:47 -0700

Björn Bidar <bjorn.bidar <at> thaodan.de> writes:

> Xiyue Deng <manphiz <at> gmail.com> writes:
>
>> Xiyue Deng <manphiz <at> gmail.com> writes:
>>
>>> Björn Bidar <bjorn.bidar <at> thaodan.de> writes:
>>>
>>>> Robert Pluim <rpluim <at> gmail.com> writes:
>>>>
>>>>>     Xiyue> - This will invalidate all existing entries and a user will have to redo
>>>>>     Xiyue>   the authorization process again to get a new refresh token.  However,
>>>>>     Xiyue>   I think it's more important to ensure that oauth2.el works correctly
>>>>>     Xiyue>   for multiple accounts of the same provider, or a user may suffer from
>>>>>     Xiyue>   confusion when adding a new account invalidates a previous account.
>>>>>
>>>>> I donʼt think thatʼs too big a concern. 'modern' authentication flows
>>>>> regularly re-prompt, so this will not be too surprising (although
>>>>> maybe call it out in the packageʼs NEWS or README).
>>>>
>>>> In many cases the refreshing of tokens is transparent to the user there
>>>> doesn't have to be a re-prompt to refresh the token if the OAuth
>>>> provider support it.
>>>> Micrsofts OAuth workflow is quite good in this regard as there's a
>>>> non-standard error to indicate when the user has to re-authorize the
>>>> application.
>>>>
>>>
>>> Actually I am currently having trouble for a few weeks to get my
>>> outlook.com email work with MS OAuth2.  To avoid some repeated typing, I
>>> have documented the issues and steps I have tried in this stackoverflow
>>> question[1].  I would great appreciated it if you can shed some lights
>>> there
>>>
>>>> I assume all implementation of OAuth have their quirks.
>>>
>>> Indeed.
>>>
>>>
>>> [1] https://stackoverflow.com/questions/78787763/getting-aadsts65001-error-invalid-grant-when-trying-to-refresh-access-token-fo
>>
>> Just want to report back that after confirming with an MS representative
>> through online chat, outlook.com has actually disabled refreshing
>> access_token through the token endpoint, and users are asked to migrate
>> to Outlook app or compatibles apps (Thunderbird still works).
>
> Thank you for notifying me on this I will forward this to my employer.
>
>> I'm not sure whether this is also the case for organization emails, which may
>> also be disabled by default (or soonish if not already) but can be
>> enabled separately by an org admin.
>
> It does depend some domains use whitelist e.g. Tampere University of
> Applies sciences. Without a specific Emacs GNUs/Caldav/whatever AppID
> inside Microsoft OAuth2 it will be hard to pass that.
>
>
>> Anyway, I'd suggest people stop
>> wasting your time here and use Gmail (or maybe Yahoo mail) which has
>> decent 3rd party OAuth2 support.
>
> I don't think that's an option for most user that complain about working
> OAuth2 support, in most cases it's a work or some other organization
> account.
>
> Another thing I think is very important is to support Nextcloud as it's
> a FOSS app supporting OAuth2 which quite many users and organizations
> adopted.
>
>

Nextcloud sounds interesting.  Do you know where I can check for the
OAuth2 credentials like client_id and client_secret?

>> Meanwhile I have submitted a request to re-enable this support[1].
>>
>> [1] https://feedbackportal.microsoft.com/feedback/idea/069f1816-0a55-ef11-b4ad-0022484d3ecc

-- 
Xiyue Deng

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.