GNU bug report logs - #72992
29.4; towards xoauth2 support in Emacs

Previous Next

Package: emacs;

Reported by: Xiyue Deng <manphiz <at> gmail.com>

Date: Tue, 3 Sep 2024 00:00:02 UTC

Severity: wishlist

Found in version 29.4

Full log

View this message in rfc822 format

From: Xiyue Deng <manphiz <at> gmail.com>
To: Björn Bidar <bjorn.bidar <at> thaodan.de>, Andrew Cohen <acohen <at> ust.hk>
Cc: Ted Zlatanov <tzz <at> lifelogs.com>, 72992 <at> debbugs.gnu.org, Philip Kaludercic <philipk <at> posteo.net>, Stefan Kangas <stefankangas <at> gmail.com>
Subject: bug#72992: 29.4; towards xoauth2 support in Emacs
Date: Sun, 22 Sep 2024 14:44:33 -0700

Hi Björn,

Björn Bidar <bjorn.bidar <at> thaodan.de> writes:

> Andrew Cohen <acohen <at> ust.hk> writes:
>
>>>>>>> "XD" == Xiyue Deng <manphiz <at> gmail.com> writes:
>>
>>     XD> Hi Andrew, Andrew Cohen <acohen <at> ust.hk> writes:
>>
>>     >>>>>>> "XD" == Xiyue Deng <dengxiyue <at> gmail.com> writes:
>>     >> 
>>
>> [...]
>>
>>     XD> The basic support is actually in the Emacs core already,
>>     XD> e.g. for Gnus nnimap[2] and smtpmail[3].  However, this assumes
>>     XD> one to put the access_token in place of `:secret' in the
>>     XD> auth-source file as Emacs uses password as the access_token in
>>     XD> both places.  However, access_token expires quite frequently
>>     XD> (e.g. about 1 hour for Gmail) and without refreshing it
>>     XD> automatically it is practically impossible to use conveniently.
>>     XD> Hence the propose hack and the following suggestion.
>>     >> 
>>     >> 
>>     >> This isn't actually true. When I added the support many years
>>     >> ago, I updated auth-source so that the :secret field can be a
>>     >> function, and this is how you should be using the current xoauth
>>     >> support.
>>
>>     XD> Thanks for pointing this out!  I found the place where `:secret'
>>     XD> is handled as a function[1].  However, this requires a user to
>>     XD> implement the oauth2 logic oneself, which I'm afraid is a bit
>>     XD> too low-level and error-prone.  (Actually, can I actually put a
>>     XD> lisp function in auth-source.gpg?)  
>>
>> I don't think you have to do anything low level, and I don't think there
>> is anything error prone here; you can use the functions from oauth
>> themselves (oauth2.el can create its own plstores, but I prefer to use
>> auth-source.el to manage the stores).  The only things needed are a call
>> to oauth2-refresh-access to get a new token, and then
>> oauth2-token-access-token to return the new access token.
>
> Is this documented?  If yes where?
> I tried to look inside the auth manual nothing was mentioned.
> Would this method work with all backends?

AIUI as of now you would need to implement this logic as a function in
`:secret' of the auth-source entry.  Please do correct me though.

-- 
Xiyue Deng
This bug report was last modified 318 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.