From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Thomas Fitzsimmons <fitzsim@fitzsim.org>
Newsgroups: gmane.emacs.bugs
Subject: bug#72358: 29.4; oauth2.el improvements
Date: Mon, 12 Aug 2024 09:22:07 -0400
Message-ID: <m3wmklho5c.fsf@fitzsim.org>
References: <87mslz8yzk.fsf@debian-hx90.lan> <87frrr725m.fsf@gmail.com>
 <66a8f323.170a0220.9172c.8e28SMTPIN_ADDED_BROKEN@mx.google.com>
 <87a5hy8y8j.fsf@debian-hx90.lan> <87ed6zc40g.fsf@debian-hx90.lan>
 <66b46180.170a0220.1fb02.1d6eSMTPIN_ADDED_BROKEN@mx.google.com>
 <87a5hnbeps.fsf@debian-hx90.lan>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="24355"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Gnus/5.13 (Gnus v5.13)
Cc: =?UTF-8?Q?Bj=C3=B6rn?= Bidar <bjorn.bidar@thaodan.de>,
 Robert Pluim <rpluim@gmail.com>, 72358@debbugs.gnu.org
To: Xiyue Deng <manphiz@gmail.com>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Mon Aug 12 15:23:08 2024
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1sdV0s-0006BK-Qg
	for geb-bug-gnu-emacs@m.gmane-mx.org; Mon, 12 Aug 2024 15:23:07 +0200
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces@gnu.org>)
	id 1sdV0L-0000vV-8A; Mon, 12 Aug 2024 09:22:33 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1sdV0J-0000vJ-Dc
 for bug-gnu-emacs@gnu.org; Mon, 12 Aug 2024 09:22:31 -0400
Original-Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1sdV0J-0006HR-3f
 for bug-gnu-emacs@gnu.org; Mon, 12 Aug 2024 09:22:31 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=debbugs.gnu.org; s=debbugs-gnu-org; 
 h=MIME-Version:Date:References:In-Reply-To:From:To:Subject;
 bh=Abfwvf0Yq0v7J4yAfoXm96ldKzhffUk+XKO6DiMcFks=; 
 b=hNX0s8qkyvqgdwCwT7/y/3oJfk3jYG1F5O52kPtIO+Wac6Y6E2ycNpz4mv0x3m/XecxNqLPVxoQpIE330/pCgyJjgG54pHhgbD09VnMJByvZEeING+iVRBfSddy2UbK/Zz/qKZ4hvcRlY1jgKUmA650E6zXO3nU8Q7/OFzu8OOCyWja7Iw5u2Z9L4bjz8M3u10Q1U9nYVSF0ltQCV6hRIQJQCMYF7YGXyh/J2NfXSc7MxYZ2X8fUKwRhAuOSYkhrrHZGcGueTp25IsbI6qExL9EPcaSz0/tg67m1Qu7VWJ52h2u6YJHGhWTANKoaTSkE4C7XH4k03EOyv6tRxo/Yzw==;
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1sdV0o-0004f1-2e
 for bug-gnu-emacs@gnu.org; Mon, 12 Aug 2024 09:23:02 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Thomas Fitzsimmons <fitzsim@fitzsim.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Mon, 12 Aug 2024 13:23:02 +0000
Resent-Message-ID: <handler.72358.B72358.172346897317892@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 72358
X-GNU-PR-Package: emacs
Original-Received: via spool by 72358-submit@debbugs.gnu.org id=B72358.172346897317892
 (code B ref 72358); Mon, 12 Aug 2024 13:23:02 +0000
Original-Received: (at 72358) by debbugs.gnu.org; 12 Aug 2024 13:22:53 +0000
Original-Received: from localhost ([127.0.0.1]:42652 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1sdV0f-0004eU-3U
 for submit@debbugs.gnu.org; Mon, 12 Aug 2024 09:22:53 -0400
Original-Received: from mail.fitzsim.org ([69.165.165.189]:60688)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <fitzsim@fitzsim.org>) id 1sdV0b-0004e7-8h
 for 72358@debbugs.gnu.org; Mon, 12 Aug 2024 09:22:51 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=fitzsim.org
 ; s=20220430;
 h=Content-Transfer-Encoding:Content-Type:MIME-Version:
 Message-ID:Date:References:In-Reply-To:Subject:Cc:To:From:Sender:Reply-To:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=Abfwvf0Yq0v7J4yAfoXm96ldKzhffUk+XKO6DiMcFks=; b=OFshgUCLpo+TTpGlb8UV4Zuyyf
 BFmEqPoNYWGVyEv+hR06YHwWSX/JJeYmoUqX4uvpEntTiZg+Z/Yxxs1atSy+aXbY2bNPqGtkKkrUy
 Ov41HU8I44eoVDFaQqMwfUfeKUB2DdgarqKF1S4CTvJAztyZwfJrlqE1JEkWDy1Tb6ZlHk3QoBZ8C
 1zFf9EEhbdm/YHhZtDcyKptkR8ZjDQors3pIEU19GDOsW/ILa6Lt9MldQXYElCJDMWzv07sO91zU+
 wB9ix9iC32rKojcfLVuU1lm9kJFnO6FzHM/yCenKZ8uRuNse3+Jpbh4TJjpafK172ekmFt72nJBKo
 4SfTSnjA==;
Original-Received: from [192.168.1.1] (helo=localhost.localdomain)
 by mail.fitzsim.org with esmtpsa (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2)
 (envelope-from <fitzsim@fitzsim.org>)
 id 1sdUzv-0002Cf-FZ; Mon, 12 Aug 2024 09:22:09 -0400
In-Reply-To: <87a5hnbeps.fsf@debian-hx90.lan> (Xiyue Deng's message of "Thu,
 08 Aug 2024 01:28:47 -0700")
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.emacs.bugs:290048
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/290048>

Xiyue Deng <manphiz@gmail.com> writes:

> Bj=C3=B6rn Bidar <bjorn.bidar@thaodan.de> writes:
>
>> Xiyue Deng <manphiz@gmail.com> writes:
>>
>>> Xiyue Deng <manphiz@gmail.com> writes:
>>>
>>>> Bj=C3=B6rn Bidar <bjorn.bidar@thaodan.de> writes:
>>>>
>>>>> Robert Pluim <rpluim@gmail.com> writes:
>>>>>
>>>>>>     Xiyue> - This will invalidate all existing entries and a user wi=
ll have to redo
>>>>>>     Xiyue>   the authorization process again to get a new refresh to=
ken.  However,
>>>>>>     Xiyue>   I think it's more important to ensure that oauth2.el wo=
rks correctly
>>>>>>     Xiyue>   for multiple accounts of the same provider, or a user m=
ay suffer from
>>>>>>     Xiyue>   confusion when adding a new account invalidates a previ=
ous account.
>>>>>>
>>>>>> I don=CA=BCt think that=CA=BCs too big a concern. 'modern' authentic=
ation flows
>>>>>> regularly re-prompt, so this will not be too surprising (although
>>>>>> maybe call it out in the package=CA=BCs NEWS or README).
>>>>>
>>>>> In many cases the refreshing of tokens is transparent to the user the=
re
>>>>> doesn't have to be a re-prompt to refresh the token if the OAuth
>>>>> provider support it.
>>>>> Micrsofts OAuth workflow is quite good in this regard as there's a
>>>>> non-standard error to indicate when the user has to re-authorize the
>>>>> application.
>>>>>
>>>>
>>>> Actually I am currently having trouble for a few weeks to get my
>>>> outlook.com email work with MS OAuth2.  To avoid some repeated typing,=
 I
>>>> have documented the issues and steps I have tried in this stackoverflow
>>>> question[1].  I would great appreciated it if you can shed some lights
>>>> there
>>>>
>>>>> I assume all implementation of OAuth have their quirks.
>>>>
>>>> Indeed.
>>>>
>>>>
>>>> [1]
>>>> https://stackoverflow.com/questions/78787763/getting-aadsts65001-error=
-invalid-grant-when-trying-to-refresh-access-token-fo
>>>
>>> Just want to report back that after confirming with an MS representative
>>> through online chat, outlook.com has actually disabled refreshing
>>> access_token through the token endpoint, and users are asked to migrate
>>> to Outlook app or compatibles apps (Thunderbird still works).
>>
>> Thank you for notifying me on this I will forward this to my employer.
>>
>>> I'm not sure whether this is also the case for organization emails, whi=
ch may
>>> also be disabled by default (or soonish if not already) but can be
>>> enabled separately by an org admin.
>>
>> It does depend some domains use whitelist e.g. Tampere University of
>> Applies sciences. Without a specific Emacs GNUs/Caldav/whatever AppID
>> inside Microsoft OAuth2 it will be hard to pass that.
>>
>>
>>> Anyway, I'd suggest people stop
>>> wasting your time here and use Gmail (or maybe Yahoo mail) which has
>>> decent 3rd party OAuth2 support.
>>
>> I don't think that's an option for most user that complain about working
>> OAuth2 support, in most cases it's a work or some other organization
>> account.
>>
>> Another thing I think is very important is to support Nextcloud as it's
>> a FOSS app supporting OAuth2 which quite many users and organizations
>> adopted.
>>
>>
>
> Nextcloud sounds interesting.  Do you know where I can check for the
> OAuth2 credentials like client_id and client_secret?

sourcehut [1] provides a Free Software OAuth2 flow, and it has the
benefit of not requiring JavaScript (even FOSS JavaScript) anywhere in
the process.  I wrote url-http-oauth-demo.el [2] as a complete "worked"
example demonstrating its use with url-http-oauth.el.

Thomas

1. https://sourcehut.org/
2. https://git.savannah.gnu.org/cgit/emacs/elpa.git/tree/url-http-oauth-dem=
o.el?h=3Dexternals/url-http-oauth