From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Julien Danjou Newsgroups: gmane.emacs.devel Subject: Re: OAuth2 implementation in Elisp Date: Mon, 26 Sep 2011 17:04:18 +0200 Message-ID: <87ehz32vm5.fsf@keller.adm.naquadah.org> References: <87sjnojl7j.fsf@keller.adm.naquadah.org> <4E7BAFA4.8090800@dogan.se> <4E7BAFE2.2090102@dogan.se> <87k490jkaw.fsf@keller.adm.naquadah.org> <87d3eo984j.fsf@lifelogs.com> <87mxdsbx1n.fsf@keller.adm.naquadah.org> <87litc695c.fsf@lifelogs.com> <87vcsfmxzd.fsf@keller.adm.naquadah.org> <87y5xb4bgj.fsf@lifelogs.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" X-Trace: dough.gmane.org 1317049475 30113 80.91.229.12 (26 Sep 2011 15:04:35 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Mon, 26 Sep 2011 15:04:35 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Sep 26 17:04:31 2011 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1R8CjP-0005r0-Ec for ged-emacs-devel@m.gmane.org; Mon, 26 Sep 2011 17:04:31 +0200 Original-Received: from localhost ([::1]:43495 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1R8CjO-000448-Vt for ged-emacs-devel@m.gmane.org; Mon, 26 Sep 2011 11:04:30 -0400 Original-Received: from eggs.gnu.org ([140.186.70.92]:47190) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1R8CjI-0003vS-8y for emacs-devel@gnu.org; Mon, 26 Sep 2011 11:04:29 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1R8CjG-0000JO-C7 for emacs-devel@gnu.org; Mon, 26 Sep 2011 11:04:24 -0400 Original-Received: from prometheus.naquadah.org ([212.85.154.174]:45710 helo=mx1.naquadah.org) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1R8CjG-0000JC-7W for emacs-devel@gnu.org; Mon, 26 Sep 2011 11:04:22 -0400 Original-Received: from keller.adm.naquadah.org (AMontsouris-651-1-106-83.w83-202.abo.wanadoo.fr [83.202.161.83]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mx1.naquadah.org (Postfix) with ESMTPSA id 67D6D5C118 for ; Mon, 26 Sep 2011 17:04:19 +0200 (CEST) Mail-Followup-To: emacs-devel@gnu.org In-Reply-To: <87y5xb4bgj.fsf@lifelogs.com> (Ted Zlatanov's message of "Mon, 26 Sep 2011 09:36:44 -0500") User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.90 (gnu/linux) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-Received-From: 212.85.154.174 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:144308 Archived-At: --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Mon, Sep 26 2011, Ted Zlatanov wrote: > I hope I don't have to know how to implement OAuth2 in order to > understand your answer to that question. No. But you have to understand how it works and how to use it at least, so your questions would make sense. Right now you are just proving you know nothing about OAuth 2 and that you don't trust my judgement on implementing things. Which could put me in a bad mood. Now, I'll explain why we can't make Emacs act like a Web apps to you. When the client is a native client (like Emacs), the user is sent to an URL where the OAuth provider prints the following: "The application $REGISTERED-APPLICATION-NAME is trying to access your data in $THIS-WAY. Is this OK? [YES] [NO]" If the user clicks yes, an authorization code is printed, the user give it to Emacs, and Emacs can obtain an access token from the OAuth provider to access the user data. Point. If the client is a Web application, the user is sent to the same URL, but when clicking [YES], no code are printed: instead the user is redirected by to the Web application. Therefore, I don't think there is any reasonable way to make Emacs parse the authorization page and click YES itself instead of the user, or to make Emacs a Web application that we can redirect the user to. =2D-=20 Julien Danjou --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJOgJRyAAoJEGEbqVCLeKXCu7sP/1sXdpmS8apa9/pcEw1EM2fL YI4Ejxy/6WBuTgt1HRORPK/2cNfWIf0om3yEdQcKD9tK4TyCojga9GfhDQqKkhgJ JCJWA6vh5OmsLrIcEKW+CsX/++3EQ1JE4PX7jQJpjXexrBZMktKIMKlCzoh92uh2 dVMo6QxCpZTR/K6TB2xs1NzDrs6m8egLDaMId4Q2xoGm34HjjKZrxzezE3iAgTuM TItbR9vRHGWHLGBy/KsmLKY3yKmpz8tM8VWgIsAe8VXlJXNCu6kSB/qHXv0axwai 3n3UKIJshsRhPe2tno/2cGp8niR/e1uw8ONqucES3cxUiqceJ2yH9yrhLWvLIkMa Vf0fibvKKBYmam9KxdI5QqK28RFRDLx2BEsd2SXXl6nz/Fl9oLTPTIAhPmYsbHmH qCDbNgORFncYm5W2OTnnpvLPjvg1J8CPU/NTAiXEwpYs3AhkFcKvyy2YxQEzt/+w 3jTob6E31OdO1tCEulPAsiL8mGFFYYVM9L+Zu9n9axrPondMsCAwWpmh1SAwGiO9 Esfi2YauiUrig7Fqpn8sfg901jEk1w0nDuzVCUElQoZd1/mMkgSgoZGjn6FJW6MJ PLxItfB05M+j+z6gGhRs52o9pRz0PxsJc542DO+JShhU2NGZhWje5tSUnJo7K8py X2nT6npk8sBqv4pp92Ls =I+qn -----END PGP SIGNATURE----- --=-=-=--