From a5241f369f5ea255fcb6f36c0b52829745d71ca8 Mon Sep 17 00:00:00 2001 From: Xiyue Deng Date: Sun, 28 Jul 2024 03:00:04 -0700 Subject: [PATCH 4/6] Support storing data for multiple accounts of the same provider Currently the plstore id computed by "oauth2-compute-id" only takes "auth-url", "token-url", and "scope" into account, which could be the same for the same provider (e.g. Gmail). This prevents storing information for multiple accounts of the same service for some providers. This patch adds "client-id" to the calculation of plstore id to make sure that it is unique for different accounts of the same provider. It also changes the hash function to sha512 to be more secure. * packages/oauth2/oauth2.el (oauth2-compute-id): add "client-id" as a parameter of "oauth2-compute-id" to ensure unique id amount multiple accounts of the same provider, and change hash function to sha512. (Bug#72358) --- oauth2.el | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/oauth2.el b/oauth2.el index 54ca61e1cf..c8011ebf9b 100644 --- a/oauth2.el +++ b/oauth2.el @@ -166,17 +166,17 @@ TOKEN should be obtained with `oauth2-request-access'." :group 'oauth2 :type 'file) -(defun oauth2-compute-id (auth-url token-url scope) +(defun oauth2-compute-id (auth-url token-url scope client-id) "Compute an unique id based on URLs. This allows to store the token in an unique way." - (secure-hash 'md5 (concat auth-url token-url scope))) + (secure-hash 'sha512 (concat auth-url token-url scope client-id))) ;;;###autoload (defun oauth2-auth-and-store (auth-url token-url scope client-id client-secret &optional redirect-uri state) "Request access to a resource and store it using `plstore'." ;; We store a MD5 sum of all URL (let* ((plstore (plstore-open oauth2-token-file)) - (id (oauth2-compute-id auth-url token-url scope)) + (id (oauth2-compute-id auth-url token-url scope client-id)) (plist (cdr (plstore-get plstore id)))) ;; Check if we found something matching this access (if plist -- 2.39.2