From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.bugs Subject: bug#72992: 29.4; towards xoauth2 support in Emacs Date: Tue, 08 Oct 2024 09:38:49 -0400 Organization: =?UTF-8?Q?=D0=A2=D0=B5=D0=BE=D0=B4=D0=BE=D1=80_?= =?UTF-8?Q?=D0=97=D0=BB=D0=B0=D1=82=D0=B0=D0=BD=D0=BE=D0=B2?= @ Cienfuegos Message-ID: References: <87h6ayfo87.fsf_-_@debian-hx90.lan> <877cb8oihg.fsf@debian-hx90.lan> <878qvocjkz.fsf@ust.hk> <87ldzom4rz.fsf@debian-hx90.lan> <87zfo4au81.fsf@ust.hk> <878qvnmfrp.fsf@debian-hx90.lan> <87wmio3j35.fsf@debian-hx90.lan> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="15178"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Cc: Andrew Cohen , Philip Kaludercic , 72992@debbugs.gnu.org, Stefan Kangas To: Xiyue Deng Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Tue Oct 08 15:41:21 2024 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1syASm-0003j0-Qc for geb-bug-gnu-emacs@m.gmane-mx.org; Tue, 08 Oct 2024 15:41:21 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1syASN-0005TV-F8; Tue, 08 Oct 2024 09:40:55 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1syASM-0005T8-3J for bug-gnu-emacs@gnu.org; Tue, 08 Oct 2024 09:40:54 -0400 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1syASL-0002GW-RM for bug-gnu-emacs@gnu.org; Tue, 08 Oct 2024 09:40:53 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:References:In-Reply-To:From:To:Subject; bh=j3gLcifHb8Kra9nAjGRPNTXn8YDA6q7WBklkhw2yshQ=; b=k54J/U5P4olfpH3yZvfaPgnfSQUt996sblQuevJbxCIWMi4ecgW8ehlA5az8wLD9bfvrLPAhZWk3JmSHMWxv4f0/mI9uhdBOfhnNGQOqtn7wUE1P8pQ6YEun3wYut80syQC0qi18kRfSN68dj+w2C/HxVcVm1hvXL23PLGNnfhJQomze+1lN5LOvsZjWJjuqup5nEdft5KFN3O/prp7Fj5SHL2QqZfT6s3ulHL54rY8KJZEi7HMqvZrL08lDRw1iii6h4UNRDpI8gVS2MjI6mo4grk19qNYwwQOPpVSrzJufiatziYmAfedCF3zktYxwhxDzXVRSdZMr8TyGglGSfA==; Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1syASU-0007ic-Dr for bug-gnu-emacs@gnu.org; Tue, 08 Oct 2024 09:41:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Ted Zlatanov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 08 Oct 2024 13:41:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 72992 X-GNU-PR-Package: emacs Original-Received: via spool by 72992-submit@debbugs.gnu.org id=B72992.172839480729081 (code B ref 72992); Tue, 08 Oct 2024 13:41:02 +0000 Original-Received: (at 72992) by debbugs.gnu.org; 8 Oct 2024 13:40:07 +0000 Original-Received: from localhost ([127.0.0.1]:51721 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1syARb-0007Yx-0B for submit@debbugs.gnu.org; Tue, 08 Oct 2024 09:40:07 -0400 Original-Received: from mail-qt1-f176.google.com ([209.85.160.176]:51472) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1syARY-0007YK-TU for 72992@debbugs.gnu.org; Tue, 08 Oct 2024 09:40:05 -0400 Original-Received: by mail-qt1-f176.google.com with SMTP id d75a77b69052e-4582c62ee33so61539781cf.3 for <72992@debbugs.gnu.org>; Tue, 08 Oct 2024 06:39:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google; t=1728394730; x=1728999530; darn=debbugs.gnu.org; h=mime-version:user-agent:message-id:date:references:organization :in-reply-to:subject:cc:to:from:from:to:cc:subject:date:message-id :reply-to; bh=j3gLcifHb8Kra9nAjGRPNTXn8YDA6q7WBklkhw2yshQ=; b=O9CRNK14C8Vx5OQB4KWiSiVf7pSd1jlKCcGddtBiu/l7Kg0WA+xc9eham8txIaeQrf J9PgOOZSJYj+XLTiCXNUoEWncJv7fCrc/wioZO88YHkW34vqduFVw1ZdNdhydh9nFGV3 3yarGuLAute9yqUmtpCRyuG+A+SDtoxZFj38s= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728394730; x=1728999530; h=mime-version:user-agent:message-id:date:references:organization :in-reply-to:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=j3gLcifHb8Kra9nAjGRPNTXn8YDA6q7WBklkhw2yshQ=; b=RFXBY3UJgSlDJlDSRICrSkIUpt+nhk+2l4qacfwr2cyZSScLswLIp0ZElVe03qIIXZ WbA/P7mGZZj5Mv+tmigfRrjGhUlTUip30KZiJx12j5YmN/18MZwG2E1cxRfSXMBZtBdI ntIcj+Axy+AlZuHt64A63dLw1qDYu4vuxmUtMuzJTRWfaI/ZGF2XbOeIH7uPu8nOJhXM uXdUuECj9smISXvT3JGUAKFWxWMUGclH2BbOPoL6t2stXz3EEX4yqjoizTBxHH4vIrHd wrH6CD5B5uGK7htA2LcEHt70XpPIKVxanjJPpXLGW8uUtAhfUZHX3XFypLDh/TI+KiDq vwug== X-Forwarded-Encrypted: i=1; AJvYcCXnz5caL74bG32Lf8Cgk97+UaiaFvP7RsupKv0ChT9dQNjRbJ26zx8sXqrHDb3A6aRHMB+8eQ==@debbugs.gnu.org X-Gm-Message-State: AOJu0YzZnLHbnHLSN2inWN4eov2Bluc5lYklGJfj8Ba0eH6M3dvj4gM0 AFOCBbpBlprJs/M0C8cnHnGH/ObVFJIULXgH6aN0v7JJDc/DuPGCNDtDQeqL5NU= X-Google-Smtp-Source: AGHT+IGGPcq+hemC/znKa0pZ8Awcn0+YtGS8gSTh5cWC3pQNG0BqjlWsGVFQBSsBYD+dj/dylxhK1Q== X-Received: by 2002:ac8:5d42:0:b0:458:5d27:8527 with SMTP id d75a77b69052e-45d9bb299aemr204193541cf.51.1728394730436; Tue, 08 Oct 2024 06:38:50 -0700 (PDT) Original-Received: from foxy.local (pool-98-110-159-197.bstnma.fios.verizon.net. [98.110.159.197]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-45da74b457csm36221581cf.13.2024.10.08.06.38.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Oct 2024 06:38:50 -0700 (PDT) In-Reply-To: <87wmio3j35.fsf@debian-hx90.lan> (Xiyue Deng's message of "Thu, 03 Oct 2024 15:41:34 -0700") X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:293158 Archived-At: On Thu, 03 Oct 2024 15:41:34 -0700 Xiyue Deng wrote: XD> Just want to follow up on this: may we try your fixes and maybe try to XD> contribute for committing upstream? Also, for the :secret in closures, XD> do you suggest to remove it or is there another up-to-date way to hide XD> it in memory? I think contributing the oauth2 support directly to Emacs is the best approach because it would help the greatest number of users without requiring extra configuration. I'd say modifying auth-source.el to fit the need is absolutely OK. I would just ask that if you modify the format of the authinfo file, to keep it compatible with JSON serialization for those of us that use an authinfo.json file. I'd prefer to find another way to hide the secrets if closures don't work anymore. I don't know if Emacs offers something; if not then we should make an effort to do it. But that effort should not block the oauth2 support, it's completely separate IMO. XD> Maybe auth-source source can host a helper function that checks XD> if `:secret' is not set and xaouth2 is preferred (e.g. `:auth' XD> is `xoauth2') and all required credentials are available it will XD> get the access_token and put it `:secret' (or basically my hacky XD> advice :) Sure, if that makes the code easier. I think the important thing is just to make it compatible with the current usage and to avoid making the user customize things to make oauth2 support Just Work. XD> In this regard, is it desirable to make `auth-source-search-backends' a XD> defgeneric acting on a given protocol (basic vs. xoauth2 vs. others), XD> and similarly for `nnimap-login' et al.? I'm not sure if that would benefit the users. If it benefits the developers that's nice, but definitely not required, and especially if it changes the search API and can't be implemented in a compatible way. Because there may be a dozen packages on Github or whatever using that API, and updating all of them will be painful. Basically if the search API works right now, it's probably easier to leave it or make a new one and transition gradually. I hope this was helpful :) -- Ted Zlatanov