GNU bug report logs - #72992
29.4; towards xoauth2 support in Emacs

Previous Next

Full log

Message #77 received at 72992 <at> debbugs.gnu.org (full text, mbox):

From: Ted Zlatanov <tzz <at> lifelogs.com>
To: Xiyue Deng <manphiz <at> gmail.com>
Cc: Andrew Cohen <acohen <at> ust.hk>, Philip Kaludercic <philipk <at> posteo.net>,
 72992 <at> debbugs.gnu.org, Stefan Kangas <stefankangas <at> gmail.com>
Subject: Re: bug#72992: 29.4; towards xoauth2 support in Emacs
Date: Tue, 08 Oct 2024 09:38:49 -0400

On Thu, 03 Oct 2024 15:41:34 -0700 Xiyue Deng <manphiz <at> gmail.com> wrote: 

XD> Just want to follow up on this: may we try your fixes and maybe try to
XD> contribute for committing upstream?  Also, for the :secret in closures,
XD> do you suggest to remove it or is there another up-to-date way to hide
XD> it in memory?

I think contributing the oauth2 support directly to Emacs is the best
approach because it would help the greatest number of users without
requiring extra configuration. I'd say modifying auth-source.el to fit
the need is absolutely OK. I would just ask that if you modify the
format of the authinfo file, to keep it compatible with JSON
serialization for those of us that use an authinfo.json file.

I'd prefer to find another way to hide the secrets if closures don't
work anymore. I don't know if Emacs offers something; if not then we
should make an effort to do it. But that effort should not block the
oauth2 support, it's completely separate IMO.

XD> Maybe auth-source source can host a helper function that checks
XD> if `:secret' is not set and xaouth2 is preferred (e.g. `:auth'
XD> is `xoauth2') and all required credentials are available it will
XD> get the access_token and put it `:secret' (or basically my hacky
XD> advice :)

Sure, if that makes the code easier. I think the important thing is just
to make it compatible with the current usage and to avoid making the
user customize things to make oauth2 support Just Work.

XD> In this regard, is it desirable to make `auth-source-search-backends' a
XD> defgeneric acting on a given protocol (basic vs. xoauth2 vs. others),
XD> and similarly for `nnimap-login' et al.?

I'm not sure if that would benefit the users. If it benefits the
developers that's nice, but definitely not required, and especially if
it changes the search API and can't be implemented in a compatible way.
Because there may be a dozen packages on Github or whatever using that
API, and updating all of them will be painful.

Basically if the search API works right now, it's probably easier to
leave it or make a new one and transition gradually.

I hope this was helpful :)

-- 
Ted Zlatanov <tzz <at> lifelogs.com>

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.