From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Justin Lilly Newsgroups: gmane.emacs.devel Subject: Re: OAuth2 implementation in Elisp Date: Sun, 25 Sep 2011 13:50:05 -0700 Message-ID: References: <87sjnojl7j.fsf@keller.adm.naquadah.org> <4E7BAFA4.8090800@dogan.se> <4E7BAFE2.2090102@dogan.se> <87k490jkaw.fsf@keller.adm.naquadah.org> <87d3eo984j.fsf@lifelogs.com> <87mxdsbx1n.fsf@keller.adm.naquadah.org> <87litc695c.fsf@lifelogs.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Trace: dough.gmane.org 1316983837 16199 80.91.229.12 (25 Sep 2011 20:50:37 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Sun, 25 Sep 2011 20:50:37 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun Sep 25 22:50:33 2011 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1R7vej-0004PF-2U for ged-emacs-devel@m.gmane.org; Sun, 25 Sep 2011 22:50:33 +0200 Original-Received: from localhost ([::1]:44453 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1R7vei-000853-Ii for ged-emacs-devel@m.gmane.org; Sun, 25 Sep 2011 16:50:32 -0400 Original-Received: from eggs.gnu.org ([140.186.70.92]:45751) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1R7vef-00084n-UQ for emacs-devel@gnu.org; Sun, 25 Sep 2011 16:50:31 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1R7vee-0004XI-4P for emacs-devel@gnu.org; Sun, 25 Sep 2011 16:50:29 -0400 Original-Received: from mail-bw0-f41.google.com ([209.85.214.41]:51847) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1R7ved-0004X2-Vv for emacs-devel@gnu.org; Sun, 25 Sep 2011 16:50:28 -0400 Original-Received: by bkbzs2 with SMTP id zs2so5850307bkb.0 for ; Sun, 25 Sep 2011 13:50:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:content-type :content-transfer-encoding; bh=vSaLpL9gbPL+V/FOYGvxR7BPFQyf4VkImre0djOh//M=; b=UmCwZBsKiLkGpH7CBqWv2uVetpMfcxHLWjFaAb+v2gOT3ynlUXPv66l5IlQ1bgN+pl oWHXsZY72Zh0gX7rp9AK2gcivERfnNcwMMwPPBoGC5k+I35XgPdMelZJLpTWkeSFVzdY SNTo9pQuiVXbYzpR8LwPaWcqvQ3xSyr4t1KtE= Original-Received: by 10.204.138.216 with SMTP id b24mr3754395bku.130.1316983826181; Sun, 25 Sep 2011 13:50:26 -0700 (PDT) Original-Received: by 10.204.41.10 with HTTP; Sun, 25 Sep 2011 13:50:05 -0700 (PDT) In-Reply-To: <87litc695c.fsf@lifelogs.com> X-Google-Sender-Auth: ZaCQC1_pQkfZCDTj0iWEehcf5yE X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2) X-Received-From: 209.85.214.41 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:144286 Archived-At: w/r/t the entering a string, this is part of how oauth2 works for desktop applications. The other workflow is for web apps specifically. Familiarizing yourself with the spec might make reviewing the code a bit more sane as it should clear up some of these ambiguities. -justin 2011/9/25 Ted Zlatanov : > On Sun, 25 Sep 2011 14:56:20 +0200 Julien Danjou wro= te: > > JD> On Sun, Sep 25 2011, Ted Zlatanov wrote: >>> Could you format it to wrap the long lines? > > JD> Long? What's the limit? The longest is 122, which does not seem long = to > JD> me in 2011. > > If you could stay under 78 it would be polite. =A0I can't find the > reference but I'm pretty sure for Emacs submissions at least it's > required. > >>> Some usage examples would be nice. > > JD> Sure, I'll may be add, but the commentary should be enough for anybod= y > JD> to start using it. :) > > It wasn't for me, sorry. =A0I don't know OAuth2 well. > >>> I don't think you are encoding URL parameters so your URLs are not >>> safely constructed. =A0I think the url libraries have functions for tha= t; >>> you could also submit a POST (if OAuth2 supports it, I don't know the >>> spec) so you don't have to encode things at all. > > JD> It is a POST request for the authorization request. And about encodin= g, > JD> I'm not sure there's actually a problem, but if you could point me on= a > JD> specific point I'd be glad to take a look. > > #+begin_src lisp > =A0(browse-url (concat auth-url > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0(if (string-match-p "\?" auth-= url) "&" "?") > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0"client_id=3D" client-id > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0"&response_type=3Dcode&redirec= t_uri=3Durn:ietf:wg:oauth:2.0:oob" > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0(if scope (concat "&scope=3D" = (url-hexify-string scope)) "") > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0(if state (concat "&state=3D" = state) ""))) > > #+end_src > > This is not a POST and `client_id' for instance could have invalid > characters for a URL. > >>> Can `oauth2-request-authorization' be automated so the user doesn't hav= e >>> to enter a string they see on the screen? =A0That seems painful. > > JD> If Emacs was a Web app, yes. > > That makes no sense. =A0You are asking the user to enter information Emac= s > is displaying. =A0Can you grab that information for them, so they don't > have to enter it? > > Thanks > Ted > > >