bug#16880: 24.3; oauth2: 401-responses not handled transparently [oauth2 0.10]

bug#16880: 24.3; oauth2: 401-responses not handled transparently [oauth2 0.10]

[Glenn Morris]

Øyvind Stegard wrote:

> Package: oauth2

There is no package "oauth2" on debbugs.gnu.org, so your report ended up
on the help-debbugs mailing list. You seem to be talking about a GNU
ELPA package, so I have reassigned your issue to the "emacs" package.
This message, and all future ones, will go to the bug-gnu-emacs list.

> Version: 0.10
>
> I use oauth2.el to access the Google Contacts API and it has been
> working fine for a long time. But in recent versions (after v0.9 I
> think) I have been getting 401 http responses from Google whenever a
> token refresh was necessary. Subsequently retrying the http request by
> calling `oauth2-url-retrieve-synchronously' again makes it work OK, and
> "200 OK" with expected results is returned.
>
> It looks like the initial 401 http response, which is supposed to be
> handled transparently, is what actually ends up in the buffer returned
> by `oauth2-url-retrieve-synchronously' when a token refresh has been
> automatically executed (in "oauth-hack" advice around
> `url-http-handle-authentication'). (The token refresh itself seems to
> work fine and is updated in the plstore.)
>
> There is a hack in oauth2.el for hooking into url-http library
> authentication handling, and the hack overrides the standard mechanism
> by using an around-advice ("oauth-hack") and a conditional variable
> which triggers the special behaviour when called from oauth2.
>
> This advice sets the url internal variable `success' to t at the end,
> but the advised function `url-http-handle-authentication' does not do
> this after its own call to `url-retrieve-internal' at the end (in Emacs
> 24.3 at least).
>
> I tried commenting out this (oauth2.el line 205):
>    (when (boundp 'success) (setq success t)) ;For URL library in Emacs<24.4.
>
> so `success' was not set to t. And this causes things to work like
> expected; the initial 401-response is handled behind the scenes, and the
> reponse of the last http request (with updated access token) is what
> ends up in the buffer returned by `oauth2-url-retrieve-synchronously'. I
> have not deep enough knowledge of the url library to see exactly why
> this works, and I would appreciate if you could look into it.
>
> To reproduce, I simply invalidate the access token in the oauth plstore,
> forcing oauth2 to refresh it, before calling function
> `oauth2-url-retrieve-synchronously'.
>
>
> Also, what is the point of the (let ...) block with only variable
> bindings and no body at line 196 in oauth.el ? (Parentheses mishap ?)
>
>
> Thanks,
>
> Øyvind S.

bug#16880: 24.3; oauth2: 401-responses not handled transparently [oauth2 0.10]

[Lars Ingebrigtsen]

Øyvind Stegard <oyvinst@ifi.uio.no> writes:

> I use oauth2.el to access the Google Contacts API and it has been
> working fine for a long time. But in recent versions (after v0.9 I
> think) I have been getting 401 http responses from Google whenever a
> token refresh was necessary. Subsequently retrying the http request by
> calling `oauth2-url-retrieve-synchronously' again makes it work OK, and
> "200 OK" with expected results is returned.

(I'm going through old bug reports that unfortunately got no response at
the time.)

Are you still seeing this issue with more recent versions of oauth2?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

bug#16880: 24.3; oauth2: 401-responses not handled transparently [oauth2 0.10]

[Lars Ingebrigtsen]

Lars Ingebrigtsen <larsi@gnus.org> writes:

> Are you still seeing this issue with more recent versions of oauth2?

More information was requested, but no response was given within a
month, so I'm closing this bug report.  If the problem still exists,
please respond to this email and we'll reopen the bug report.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no