From: "Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors" <bug-gnu-emacs@gnu.org>
To: Xiyue Deng <manphiz@gmail.com>
Cc: Robert Pluim <rpluim@gmail.com>, 72358@debbugs.gnu.org
Subject: bug#72358: 29.4; oauth2.el improvements
Date: Wed, 31 Jul 2024 00:50:39 +0300 [thread overview]
Message-ID: <21262.4570865714$1722376338@news.gmane.org> (raw)
In-Reply-To: <87a5hy8y8j.fsf@debian-hx90.lan> (Xiyue Deng's message of "Tue, 30 Jul 2024 12:40:28 -0700")
Xiyue Deng <manphiz@gmail.com> writes:
> Björn Bidar <bjorn.bidar@thaodan.de> writes:
>
>> Robert Pluim <rpluim@gmail.com> writes:
>>
>>> Xiyue> - This will invalidate all existing entries and a user will have to redo
>>> Xiyue> the authorization process again to get a new refresh token. However,
>>> Xiyue> I think it's more important to ensure that oauth2.el works correctly
>>> Xiyue> for multiple accounts of the same provider, or a user may suffer from
>>> Xiyue> confusion when adding a new account invalidates a previous account.
>>>
>>> I donʼt think thatʼs too big a concern. 'modern' authentication flows
>>> regularly re-prompt, so this will not be too surprising (although
>>> maybe call it out in the packageʼs NEWS or README).
>>
>> In many cases the refreshing of tokens is transparent to the user there
>> doesn't have to be a re-prompt to refresh the token if the OAuth
>> provider support it.
>> Micrsofts OAuth workflow is quite good in this regard as there's a
>> non-standard error to indicate when the user has to re-authorize the
>> application.
>>
>
> Actually I am currently having trouble for a few weeks to get my
> outlook.com email work with MS OAuth2. To avoid some repeated typing, I
> have documented the issues and steps I have tried in this stackoverflow
> question[1]. I would great appreciated it if you can shed some lights
> there
>
I remember when adding OAuth support to Sailfish OS we needed to patch
our signon to work with the non-standard Microsoft flow.
We have this patch on top of the OAuth2 plugin for signond to accept
that they send the authentication as a request for you to fetch upon you
have to another request with the new url to get authentication code.
The patch can be found here:
https://github.com/sailfishos/signon-plugin-oauth2/blob/master/rpm/0005-Support-Microsoft-OAuth2-flow.patch
I'm not the person who wrote the patch but I fixed the plugin later for
Dropbox so that PKCE (RFC7636) isn't used unless the server requests it
(response type must be code to request PKCE).
PKCE is strongly recommended. The patch above already works kinda that
way without requesting PKCE.
Read here for further information:
https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow
https://datatracker.ietf.org/doc/html/rfc7636
next prev parent reply other threads:[~2024-07-30 21:50 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-29 21:25 bug#72358: 29.4; oauth2.el improvements Xiyue Deng
2024-07-30 7:46 ` Robert Pluim
2024-07-30 14:05 ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-30 19:37 ` Xiyue Deng
2024-07-31 8:54 ` Robert Pluim
2024-07-31 11:13 ` Xiyue Deng
2024-08-02 8:15 ` Xiyue Deng
2024-08-02 8:38 ` Robert Pluim
2024-08-03 0:04 ` Xiyue Deng
2024-08-03 5:52 ` Eli Zaretskii
2024-08-03 9:26 ` Xiyue Deng
2024-08-13 22:03 ` Xiyue Deng
2024-08-14 5:28 ` Eli Zaretskii
2024-08-14 8:23 ` Xiyue Deng
2024-08-14 8:40 ` Xiyue Deng
2024-08-14 9:13 ` Eli Zaretskii
2024-08-21 18:22 ` Xiyue Deng
2024-08-21 19:42 ` Philip Kaludercic
2024-08-21 22:11 ` Xiyue Deng
2024-08-29 6:58 ` Xiyue Deng
2024-08-29 14:14 ` Philip Kaludercic
2024-08-29 15:18 ` Robert Pluim
2024-08-29 23:54 ` Xiyue Deng
2024-08-30 7:09 ` Philip Kaludercic
2024-08-30 8:32 ` Xiyue Deng
2024-08-30 10:07 ` Philip Kaludercic
2024-08-30 21:13 ` Xiyue Deng
2024-09-03 18:08 ` Xiyue Deng
[not found] ` <66a8f323.170a0220.9172c.8e28SMTPIN_ADDED_BROKEN@mx.google.com>
2024-07-30 19:40 ` Xiyue Deng
2024-07-30 21:50 ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors [this message]
2024-08-07 23:22 ` Xiyue Deng
2024-08-08 6:11 ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-08-08 6:14 ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
[not found] ` <66b46180.170a0220.1fb02.1d6eSMTPIN_ADDED_BROKEN@mx.google.com>
2024-08-08 8:28 ` Xiyue Deng
2024-08-08 9:17 ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-08-12 13:22 ` Thomas Fitzsimmons
2024-08-12 16:26 ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
[not found] ` <66b46251.170a0220.f2be9.afeeSMTPIN_ADDED_BROKEN@mx.google.com>
2024-08-08 8:29 ` Xiyue Deng
2024-08-08 9:31 ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-30 14:08 ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-30 14:39 ` Robert Pluim
2024-07-30 19:44 ` Xiyue Deng
2024-08-01 18:49 ` Thomas Fitzsimmons
2024-08-02 8:09 ` Xiyue Deng
2024-08-02 14:43 ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
[not found] ` <66a8f3d6.050a0220.8facb.d530SMTPIN_ADDED_BROKEN@mx.google.com>
2024-07-30 19:41 ` Xiyue Deng
2024-07-30 21:51 ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
[not found] ` <66a96079.170a0220.1522dd.3e68SMTPIN_ADDED_BROKEN@mx.google.com>
2024-07-31 7:43 ` Xiyue Deng
2024-07-31 23:53 ` Andrew Cohen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='21262.4570865714$1722376338@news.gmane.org' \
--to=bug-gnu-emacs@gnu.org \
--cc=72358@debbugs.gnu.org \
--cc=bjorn.bidar@thaodan.de \
--cc=manphiz@gmail.com \
--cc=rpluim@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).