From: Farblos <akfkqu.9df7rp@vodafonemail.de>
To: emacs-devel@gnu.org
Subject: Extending auth-source and plstore for more XOAUTH2 scenarios
Date: Thu, 11 May 2023 22:22:11 +0200 [thread overview]
Message-ID: <53d1fe04-9c66-fd9c-a9a4-3f7a05792b36@vodafonemail.de> (raw)
Hi,
I've made some extensions to package auth-source and plstore to cover
more XOAUTH2 scenarios. My employer uses MS Office 365 with a device
grant for the MUTT/Gnus/whatever outcasts, where you need additional URL
parameters to refresh an access token. Plus I store the access token
*and* its expiry date in a plstore to avoid token refresh cycles as much
as possible.
The changes comprise:
- A function `plstore-update' with signature similar to that of
`plstore-put', but which merges new properties with existing properties.
- An auth-source backend `auth-source-plstore-xoauth2' that allows for
an arbitrary function to be called to perform the actual token requests.
Plus auxiliary functions to do the dirty URL interfacing. (I could
deliver that part as a separate package on (M)ELPA, or wherever, BTW.)
Some more changes (not all of which I have implemented yet):
- Nullify the plstore data structure when `plstore-close' gets called to
avoid clear-text credentials lingering around.
- Make plstores a bit more edit-friendly. For example, keep the plstore
non-secret and secret data between some pre-defined markers, but keep
the rest of the text unchanged when reading and writing plstore data.
That would allow for local variables at the end of the plstore.
- Provide auto-closing plstores, probably also configurable with local
variables.
- Allow auth-source backends to specify credential expiry per backend.
For the `auth-source-plstore-xoauth2' backend, for example, auth-source
expiry and plstore expiry (if it gets implemented) and the access token
expiry should be all synchronized to avoid funny results.
So much for the bigger picture. What do you think? Would you accept
changes in that direction?
In parallel I'm trying to get the FSF copyright assignment done.
Thanks
Farblos
next reply other threads:[~2023-05-11 20:22 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-11 20:22 Farblos [this message]
2023-05-11 21:04 ` Extending auth-source and plstore for more XOAUTH2 scenarios Thomas Fitzsimmons
2023-05-18 0:04 ` Björn Bidar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53d1fe04-9c66-fd9c-a9a4-3f7a05792b36@vodafonemail.de \
--to=akfkqu.9df7rp@vodafonemail.de \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).