From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Farblos Newsgroups: gmane.emacs.devel Subject: Extending auth-source and plstore for more XOAUTH2 scenarios Date: Thu, 11 May 2023 22:22:11 +0200 Message-ID: <53d1fe04-9c66-fd9c-a9a4-3f7a05792b36@vodafonemail.de> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="22256"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.10.0 To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Thu May 11 22:23:23 2023 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1pxCot-0005YB-EH for ged-emacs-devel@m.gmane-mx.org; Thu, 11 May 2023 22:23:23 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pxCo7-00087X-EA; Thu, 11 May 2023 16:22:35 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pxCo6-00087O-CA for emacs-devel@gnu.org; Thu, 11 May 2023 16:22:34 -0400 Original-Received: from mr5.vodafonemail.de ([145.253.228.165]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pxCo4-0007fW-8O for emacs-devel@gnu.org; Thu, 11 May 2023 16:22:34 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vodafonemail.de; s=vfde-mb-mr2-21dec; t=1683836539; bh=qSmND2aM37v9MQ/IzDFNl8Lci3XW0PWK2puio2sg7M0=; h=Message-ID:Date:User-Agent:Content-Language:From:To:Subject: Content-Type:From; b=Xc9vaPUadKJUvGukGrolrjdzu0JTWvRNRrUuyd4JIOO3gbYCGJHGiXR7lomZykAdn ZuHTHyk31vHX+CMF81RH5mRSXeZJWXQlX3PqWweg7oESkO9z0bGoisiBUAM2p8fmi2 PGZHizeylkfnMrOwpC0Mr9veYjvGCx8gwFFcCUBI= Original-Received: from smtp.vodafone.de (unknown [10.0.0.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by mr5.vodafonemail.de (Postfix) with ESMTPS id 4QHNbv0Fsgz27CH for ; Thu, 11 May 2023 20:22:19 +0000 (UTC) Original-Received: from [192.168.178.42] (port-92-194-211-187.dynamic.as20676.net [92.194.211.187]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp.vodafone.de (Postfix) with ESMTPSA id 4QHNbp6wN4z9s9n for ; Thu, 11 May 2023 20:22:11 +0000 (UTC) Content-Language: de-DE-frami, en-US X-purgate-type: clean X-purgate: clean X-purgate-size: 1883 X-purgate-ID: 155817::1683836535-FAFFC4F8-B1626D19/0/0 Received-SPF: pass client-ip=145.253.228.165; envelope-from=akfkqu.9df7rp@vodafonemail.de; helo=mr5.vodafonemail.de X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.devel:306066 Archived-At: Hi, I've made some extensions to package auth-source and plstore to cover more XOAUTH2 scenarios. My employer uses MS Office 365 with a device grant for the MUTT/Gnus/whatever outcasts, where you need additional URL parameters to refresh an access token. Plus I store the access token *and* its expiry date in a plstore to avoid token refresh cycles as much as possible. The changes comprise: - A function `plstore-update' with signature similar to that of `plstore-put', but which merges new properties with existing properties. - An auth-source backend `auth-source-plstore-xoauth2' that allows for an arbitrary function to be called to perform the actual token requests. Plus auxiliary functions to do the dirty URL interfacing. (I could deliver that part as a separate package on (M)ELPA, or wherever, BTW.) Some more changes (not all of which I have implemented yet): - Nullify the plstore data structure when `plstore-close' gets called to avoid clear-text credentials lingering around. - Make plstores a bit more edit-friendly. For example, keep the plstore non-secret and secret data between some pre-defined markers, but keep the rest of the text unchanged when reading and writing plstore data. That would allow for local variables at the end of the plstore. - Provide auto-closing plstores, probably also configurable with local variables. - Allow auth-source backends to specify credential expiry per backend. For the `auth-source-plstore-xoauth2' backend, for example, auth-source expiry and plstore expiry (if it gets implemented) and the access token expiry should be all synchronized to avoid funny results. So much for the bigger picture. What do you think? Would you accept changes in that direction? In parallel I'm trying to get the FSF copyright assignment done. Thanks Farblos