From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: =?UTF-8?Q?Bj=C3=B6rn?= Bidar via "Bug reports for GNU Emacs, the Swiss army knife of text editors" Newsgroups: gmane.emacs.bugs Subject: bug#72358: 29.4; oauth2.el improvements Date: Wed, 31 Jul 2024 00:50:39 +0300 Message-ID: <21262.4570865714$1722376338@news.gmane.org> References: <87mslz8yzk.fsf@debian-hx90.lan> <87frrr725m.fsf@gmail.com> <66a8f323.170a0220.9172c.8e28SMTPIN_ADDED_BROKEN@mx.google.com> <87a5hy8y8j.fsf@debian-hx90.lan> Reply-To: =?UTF-8?Q?Bj=C3=B6rn?= Bidar Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="3773"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Cc: Robert Pluim , 72358@debbugs.gnu.org To: Xiyue Deng Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Tue Jul 30 23:52:11 2024 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1sYulP-0000pN-4U for geb-bug-gnu-emacs@m.gmane-mx.org; Tue, 30 Jul 2024 23:52:11 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sYul7-0003UY-0o; Tue, 30 Jul 2024 17:51:53 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sYul3-0003UO-Cn for bug-gnu-emacs@gnu.org; Tue, 30 Jul 2024 17:51:49 -0400 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sYul2-0002Fx-0Q for bug-gnu-emacs@gnu.org; Tue, 30 Jul 2024 17:51:48 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:References:In-Reply-To:From:To:Subject; bh=W7fiw+xOd128HXei9hUXzKgbukUAM4feEPAUFXWsMTY=; b=ZjeH2SNRP+s1pSmJnRvZM1BZ3N7xA/2SGqXLpFLzV9miy4a3dgmfVT8KUBkK49txG6Ur8hwqd2UaNa2AVFG/IWiCBdq/gjgZh9R9GHMtPoZbyl6VSnKIgTV5gSEwlrBUaYAf46t+dc/LGHxEAyS9SnW7iDxgfGiGYWj5pZbqV4bL2zeZ5eLmg/vDanhl3jOugFW/T1fevSwOuKOJEE3LLiBKIdvIlDvC++ur+XLEgF+Zpu81zugwuFHBdDFH2F0hl45ycCevDbHdmtFKIrMoccCsIO1TRyL5VoZ+WRyTlt6Gd7xiqcx352LCRPHCN9CxREujHEsbuLFrz5IrB4qyEQ==; Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1sYulG-0001KU-Kn for bug-gnu-emacs@gnu.org; Tue, 30 Jul 2024 17:52:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: =?UTF-8?Q?Bj=C3=B6rn?= Bidar Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 30 Jul 2024 21:52:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 72358 X-GNU-PR-Package: emacs Original-Received: via spool by 72358-submit@debbugs.gnu.org id=B72358.17223762965073 (code B ref 72358); Tue, 30 Jul 2024 21:52:02 +0000 Original-Received: (at 72358) by debbugs.gnu.org; 30 Jul 2024 21:51:36 +0000 Original-Received: from localhost ([127.0.0.1]:48654 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sYukp-0001Jl-Uj for submit@debbugs.gnu.org; Tue, 30 Jul 2024 17:51:36 -0400 Original-Received: from thaodan.de ([185.216.177.71]:58934) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sYukm-0001JT-QS for 72358@debbugs.gnu.org; Tue, 30 Jul 2024 17:51:33 -0400 Original-Received: from odin (dsl-trebng12-50dc75-154.dhcp.inet.fi [80.220.117.154]) by thaodan.de (Postfix) with ESMTPSA id 16A08D0004E; Wed, 31 Jul 2024 00:50:41 +0300 (EEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=thaodan.de; s=mail; t=1722376241; bh=iENIAkRdpDEnNlCMz3xmwTAPv+PYGgNUbZlnklXDB0g=; h=From:To:Cc:Subject:In-Reply-To:References:Date; b=a7OpUSSf2evuRolR5m28UaaJ+KNzsCtKR0cnTuQlKtM8e5/jmSgVSH5dxTpWySrsf /E9L5ueWvjD/8FYJjQcsyD8ZtYaHiof3tzKt/+LciFX4cmLh4YXSkRVIP+CPn8N6YK hh6o6JaSLmRN8pVvra3+e+2wG/OVbSM5/tR4jZYfhNpmm/BS6ALBxFmopCjNkL/3HV 4fOSO3CdtFyImWQe2xVONTHBxTAwv8YrnY6yzUhET09dPUH/veLOrjw1Z/7jMIObJn a9SYPwGgy3eRrG59V2NsbHyUIVS5FNNTZBasDx3/8Zq/Gg/H+7/vwjxqgMCZp9BXSx mSajJ5qokXGsnWjNyEtnGtmkdFAg1FN8F1UP/rnzf0hhL6yUwF1XDQI0CcA7MtHso7 xo+JWExrlMv394Mq6No7zQEDPar8xgOBM+DpUIJqOFM0ipSxUpsMRKp5BTiVOE+Xtd AF3/XACdwVrAyI3KxK4iV7U/qvat2vSgObp386PIWwaOMncBK5049T6WConS5TuxwG n4i9JBwyjUjCrKJ4PNsx6Ipierb7NU03P+AAcpCl/ztquFdlpegdll9r8pIgvRCCei cVwi6YBCT1jahl9j2uKyg0+nwdtMvYtCV1KRPNy6NBX2HI3k67To4YsffPIh+6DbE1 rPYXrTEAX4zGH5lUAH0iT8ws= In-Reply-To: <87a5hy8y8j.fsf@debian-hx90.lan> (Xiyue Deng's message of "Tue, 30 Jul 2024 12:40:28 -0700") Autocrypt: addr=bjorn.bidar@thaodan.de; prefer-encrypt=nopreference; keydata= mDMEZNfpPhYJKwYBBAHaRw8BAQdACBEmr+0xwIIHZfIDlZmm7sa+lHHSb0g9FZrN6qE6ru60JUJq w7ZybiBCaWRhciA8Ympvcm4uYmlkYXJAdGhhb2Rhbi5kZT6IlgQTFgoAPgIbAwULCQgHAgIiAgYV CgkICwIEFgIDAQIeBwIXgBYhBFHxdut1RzAepymoq1wbdKFlHF9oBQJk1/YmAhkBAAoJEFwbdKFl HF9oB9cBAJoIIGQKXm4cpap+Flxc/EGnYl0123lcEyzuduqvlDT0AQC3OlFKm/OiqJ8IMTrzJRZ8 phFssTkSrrFXnM2jm5PYDoiTBBMWCgA7FiEEUfF263VHMB6nKairXBt0oWUcX2gFAmTX6T4CGwMF CwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQXBt0oWUcX2hbCQEAtru7kvM8hi8zo6z9ux2h K+B5xViKuo7Z8K3IXuK5ugwA+wUfKzomzdBPhfxDsqLcEziGRxoyx0Q3ld9aermBUccHtBxCasO2 cm4gQmlkYXIgPG1lQHRoYW9kYW4uZGU+iJMEExYKADsCGwMFCwkIBwICIgIGFQoJCAsCBBYCAwEC HgcCF4AWIQRR8XbrdUcwHqcpqKtcG3ShZRxfaAUCZNf2FQAKCRBcG3ShZRxfaCzSAP4hZ7cSp0YN XYpcjHdsySh2MuBhhoPeLGXs+2kSiqBiOwD/TP8AgPEg/R+SI9GI9on7fBJJ0mp2IT8kZ2rhDOjg gA6IkwQTFgoAOxYhBFHxdut1RzAepymoq1wbdKFlH X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:289566 Archived-At: Xiyue Deng writes: > Bj=C3=B6rn Bidar writes: > >> Robert Pluim writes: >> >>> Xiyue> - This will invalidate all existing entries and a user will = have to redo >>> Xiyue> the authorization process again to get a new refresh token= . However, >>> Xiyue> I think it's more important to ensure that oauth2.el works= correctly >>> Xiyue> for multiple accounts of the same provider, or a user may = suffer from >>> Xiyue> confusion when adding a new account invalidates a previous= account. >>> >>> I don=CA=BCt think that=CA=BCs too big a concern. 'modern' authenticati= on flows >>> regularly re-prompt, so this will not be too surprising (although >>> maybe call it out in the package=CA=BCs NEWS or README). >> >> In many cases the refreshing of tokens is transparent to the user there >> doesn't have to be a re-prompt to refresh the token if the OAuth >> provider support it. >> Micrsofts OAuth workflow is quite good in this regard as there's a >> non-standard error to indicate when the user has to re-authorize the >> application. >> > > Actually I am currently having trouble for a few weeks to get my > outlook.com email work with MS OAuth2. To avoid some repeated typing, I > have documented the issues and steps I have tried in this stackoverflow > question[1]. I would great appreciated it if you can shed some lights > there > I remember when adding OAuth support to Sailfish OS we needed to patch our signon to work with the non-standard Microsoft flow. We have this patch on top of the OAuth2 plugin for signond to accept that they send the authentication as a request for you to fetch upon you have to another request with the new url to get authentication code. The patch can be found here: https://github.com/sailfishos/signon-plugin-oauth2/blob/master/rpm/0005-Sup= port-Microsoft-OAuth2-flow.patch I'm not the person who wrote the patch but I fixed the plugin later for Dropbox so that PKCE (RFC7636) isn't used unless the server requests it (response type must be code to request PKCE). PKCE is strongly recommended. The patch above already works kinda that way without requesting PKCE. Read here for further information: https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-co= de-flow https://datatracker.ietf.org/doc/html/rfc7636