* Loading credentials from login keyring
@ 2020-12-29 19:33 Thomas Hisch
2020-12-31 10:14 ` Ted Zlatanov
2020-12-31 15:18 ` Michael Albinus
0 siblings, 2 replies; 6+ messages in thread
From: Thomas Hisch @ 2020-12-29 19:33 UTC (permalink / raw)
To: emacs-devel
[-- Attachment #1: Type: text/plain, Size: 1747 bytes --]
I'm the author of an elisp pkg [1] that talks via a REST API with a
server. For determining the credentials I use
`auth-source-user-and-password` in this elisp pkg.
Currently I store my credentials in an .authinfo file, but I
would like to read them from the keyring, since I already have
credentials for the service in the Login keyring.
I created the credentials using the python-keyring [2] pkg using the command
`keyring set hostname username`
The above command creates an entry in the Login keyring that has the
following schema (output of `M-x secrets-show-secrets`)
`-[-] Password for ’thomas.hisch’ on ’hostname’
|- password: ********** [Show password]
|- application: Python keyring library
|- service: hostname
|- username: thomas.hisch
`- xdg:schema: org.freedesktop.Secret.Generic
The problem now is that `auth-source-user-and-password` doesn't find the
credentials in the "Login" keyring, i.e.,
(let ((auth-sources '("secrets:Login")))
(auth-source-user-and-password "hostname"))
returns nil. The reason for this is that `auth-source-user-and-password`
searches for an entry with a plist key :host and not with the key :service.
I know that I can manually pass the search spec to `auth-source-search`,
but I want to keep the auth code in my pkg as high-level as
possible. I also don't want to break anything for
users that use different auth-sources.
Is the implementation of auth-source.el, e.g.
`auth-source-user-and-password`, supposed
to support reading of secrets stored in a keyring, which are not created by
emacs?
Best regards,
Thomas
[1] https://github.com/thisch/gerrit.el
[2] https://keyring.readthedocs.io/en/latest/
[-- Attachment #2: Type: text/html, Size: 2141 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Loading credentials from login keyring
2020-12-29 19:33 Loading credentials from login keyring Thomas Hisch
@ 2020-12-31 10:14 ` Ted Zlatanov
2020-12-31 15:19 ` Michael Albinus
2020-12-31 15:18 ` Michael Albinus
1 sibling, 1 reply; 6+ messages in thread
From: Ted Zlatanov @ 2020-12-31 10:14 UTC (permalink / raw)
To: Thomas Hisch, Michael Albinus; +Cc: emacs-devel
On Tue, 29 Dec 2020 20:33:13 +0100 Thomas Hisch <t.hisch@gmail.com> wrote:
TH> I created the credentials using the python-keyring [2] pkg using the command
TH> `keyring set hostname username`
TH> The above command creates an entry in the Login keyring that has the
TH> following schema (output of `M-x secrets-show-secrets`)
TH> `-[-] Password for ’thomas.hisch’ on ’hostname’
TH> |- password: ********** [Show password]
TH> |- application: Python keyring library
TH> |- service: hostname
TH> |- username: thomas.hisch
TH> `- xdg:schema: org.freedesktop.Secret.Generic
TH> The problem now is that `auth-source-user-and-password` doesn't find the
TH> credentials in the "Login" keyring, i.e.,
TH> (let ((auth-sources '("secrets:Login")))
TH> (auth-source-user-and-password "hostname"))
TH> returns nil. The reason for this is that `auth-source-user-and-password`
TH> searches for an entry with a plist key :host and not with the key :service.
If there will never be a :host in the Login keyring, I have no objection
to mapping :service to :host on the backend or specifically in
`auth-source-user-and-password`. But I don't know if that will break any
existing use cases.
Michael, WDYT?
Thanks
Ted
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Loading credentials from login keyring
2020-12-31 10:14 ` Ted Zlatanov
@ 2020-12-31 15:19 ` Michael Albinus
0 siblings, 0 replies; 6+ messages in thread
From: Michael Albinus @ 2020-12-31 15:19 UTC (permalink / raw)
To: Thomas Hisch, emacs-devel
Ted Zlatanov <tzz@lifelogs.com> writes:
Hi Ted,
> TH> returns nil. The reason for this is that `auth-source-user-and-password`
> TH> searches for an entry with a plist key :host and not with the key :service.
>
> If there will never be a :host in the Login keyring, I have no objection
> to mapping :service to :host on the backend or specifically in
> `auth-source-user-and-password`. But I don't know if that will break any
> existing use cases.
>
> Michael, WDYT?
I have no objection. However, I recommend to make this mapping
configurable, i.e. to give the user an option which describes this mapping.
> Thanks
> Ted
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Loading credentials from login keyring
2020-12-29 19:33 Loading credentials from login keyring Thomas Hisch
2020-12-31 10:14 ` Ted Zlatanov
@ 2020-12-31 15:18 ` Michael Albinus
2021-01-01 9:08 ` Thomas Hisch
1 sibling, 1 reply; 6+ messages in thread
From: Michael Albinus @ 2020-12-31 15:18 UTC (permalink / raw)
To: Thomas Hisch; +Cc: emacs-devel
Thomas Hisch <t.hisch@gmail.com> writes:
Hi Thomas,
> returns nil. The reason for this is that
> `auth-source-user-and-password` searches for an entry with a plist key
> :host and not with the key :service.
>
> I know that I can manually pass the search spec to `auth-source-search
> `,
> but I want to keep the auth code in my pkg as high-level as
> possible. I also don't want to break anything for
> users that use different auth-sources.
>
> Is the implementation of auth-source.el, e.g.
> `auth-source-user-and-password`, supposed
> to support reading of secrets stored in a keyring, which are not
> created by emacs?
That's a very good question. AFAIK, there is no common schema for the
Login keyring, so you are best served to use entries which have been
created with the same application.
> Best regards,
> Thomas
Best regards, Michael.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Loading credentials from login keyring
2020-12-31 15:18 ` Michael Albinus
@ 2021-01-01 9:08 ` Thomas Hisch
2021-01-01 10:25 ` Michael Albinus
0 siblings, 1 reply; 6+ messages in thread
From: Thomas Hisch @ 2021-01-01 9:08 UTC (permalink / raw)
To: Michael Albinus; +Cc: emacs-devel
[-- Attachment #1: Type: text/plain, Size: 1112 bytes --]
Hi Michael,
On Thu, Dec 31, 2020 at 4:18 PM Michael Albinus <michael.albinus@gmx.de>
wrote:
> Thomas Hisch <t.hisch@gmail.com> writes:
>
> Hi Thomas,
>
> > returns nil. The reason for this is that
> > `auth-source-user-and-password` searches for an entry with a plist key
> > :host and not with the key :service.
> >
> > I know that I can manually pass the search spec to `auth-source-search
> > `,
> > but I want to keep the auth code in my pkg as high-level as
> > possible. I also don't want to break anything for
> > users that use different auth-sources.
> >
> > Is the implementation of auth-source.el, e.g.
> > `auth-source-user-and-password`, supposed
> > to support reading of secrets stored in a keyring, which are not
> > created by emacs?
>
> That's a very good question. AFAIK, there is no common schema for the
> Login keyring, so you are best served to use entries which have been
> created with the same application.
>
I also don't think that there is a common schema for the Login keyring, but
I'll ask the python-keyring
developers why they have chosen the fieldname "service".
BR, Thomas.
[-- Attachment #2: Type: text/html, Size: 1665 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Loading credentials from login keyring
2021-01-01 9:08 ` Thomas Hisch
@ 2021-01-01 10:25 ` Michael Albinus
0 siblings, 0 replies; 6+ messages in thread
From: Michael Albinus @ 2021-01-01 10:25 UTC (permalink / raw)
To: Thomas Hisch; +Cc: emacs-devel
Thomas Hisch <t.hisch@gmail.com> writes:
> Hi Michael,
Hi Thomas,
> I also don't think that there is a common schema for the Login
> keyring, but I'll ask the python-keyring
> developers why they have chosen the fieldname "service".
While you are at this, you might also ask whether they could set
"xdg:schema". This would give us the possibility to determine their
application, and to handle an attribute mapping better.
They have set the "application" attribute, but this is not standardized AFAIK.
> BR, Thomas.
Best regards, Michael.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-01-01 10:25 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-12-29 19:33 Loading credentials from login keyring Thomas Hisch
2020-12-31 10:14 ` Ted Zlatanov
2020-12-31 15:19 ` Michael Albinus
2020-12-31 15:18 ` Michael Albinus
2021-01-01 9:08 ` Thomas Hisch
2021-01-01 10:25 ` Michael Albinus
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).