From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Jon =?UTF-8?Q?K=C3=A5re?= Hellan Newsgroups: gmane.emacs.bugs Subject: bug#23281: 24.5; oauth2 lacks "Authorization: Bearer" Date: Wed, 13 Apr 2016 13:56:48 +0200 Message-ID: <570E3400.8020708@acm.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Trace: ger.gmane.org 1460561966 28692 80.91.229.3 (13 Apr 2016 15:39:26 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 13 Apr 2016 15:39:26 +0000 (UTC) To: 23281@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Wed Apr 13 17:39:16 2016 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1aqMst-0001SI-2b for geb-bug-gnu-emacs@m.gmane.org; Wed, 13 Apr 2016 17:39:15 +0200 Original-Received: from localhost ([::1]:46014 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aqMsp-0008PX-7S for geb-bug-gnu-emacs@m.gmane.org; Wed, 13 Apr 2016 11:39:11 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:59601) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aqMsj-0008LC-UY for bug-gnu-emacs@gnu.org; Wed, 13 Apr 2016 11:39:07 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aqMsg-0003L8-Mj for bug-gnu-emacs@gnu.org; Wed, 13 Apr 2016 11:39:05 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:49738) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aqMsg-0003L4-Ju for bug-gnu-emacs@gnu.org; Wed, 13 Apr 2016 11:39:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1aqMsg-0004bo-83 for bug-gnu-emacs@gnu.org; Wed, 13 Apr 2016 11:39:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Jon =?UTF-8?Q?K=C3=A5re?= Hellan Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 13 Apr 2016 15:39:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 23281 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Original-Received: via spool by submit@debbugs.gnu.org id=B.146056189917658 (code B ref -1); Wed, 13 Apr 2016 15:39:02 +0000 Original-Received: (at submit) by debbugs.gnu.org; 13 Apr 2016 15:38:19 +0000 Original-Received: from localhost ([127.0.0.1]:33842 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1aqMrz-0004ai-9P for submit@debbugs.gnu.org; Wed, 13 Apr 2016 11:38:19 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:35566) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1aqJPy-0007bO-7I for submit@debbugs.gnu.org; Wed, 13 Apr 2016 07:57:10 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aqJPr-0002tX-O0 for submit@debbugs.gnu.org; Wed, 13 Apr 2016 07:57:05 -0400 Original-Received: from lists.gnu.org ([2001:4830:134:3::11]:42522) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aqJPr-0002tM-Ln for submit@debbugs.gnu.org; Wed, 13 Apr 2016 07:57:03 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:54757) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aqJPq-0003Xl-8M for bug-gnu-emacs@gnu.org; Wed, 13 Apr 2016 07:57:03 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aqJPj-0002lz-OM for bug-gnu-emacs@gnu.org; Wed, 13 Apr 2016 07:57:02 -0400 Original-Received: from hylle05.itea.ntnu.no ([129.241.56.225]:40794) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aqJPj-0002lJ-CD for bug-gnu-emacs@gnu.org; Wed, 13 Apr 2016 07:56:55 -0400 Original-Received: from localhost (localhost [127.0.0.1]) by hylle05.itea.ntnu.no (Postfix) with ESMTP id 9BD8A90718C for ; Wed, 13 Apr 2016 13:56:47 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at hylle05.itea.ntnu.no Original-Received: from lmJonhel13-tl.uninett.no (unknown [IPv6:2001:700:1:21:6de3:9254:c25b:abb4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: jonhe) by hylle05.itea.ntnu.no (Postfix) with ESMTPSA id 6C09C90717E for ; Wed, 13 Apr 2016 13:56:46 +0200 (CEST) User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Mailman-Approved-At: Wed, 13 Apr 2016 11:38:18 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:116438 Archived-At: The oauth2 elpa package provides oauth2 authentication. The Oauth2 standard works by passing around authentication tokens. The oauth2.el appends the token to the url as a query parameter. This works with some services, but the preferred way is to pass it in an "Authorization: Bearer" header. Quote from RFC 6570: Because of the security weaknesses associated with the URI method (see Section 5), including the high likelihood that the URL containing the access token will be logged, it SHOULD NOT be used unless it is impossible to transport the access token in the "Authorization" request header field or the HTTP request entity-body. oauth2.el should be able to use the header mechanism, either mandatory or as a default. My first attempt at dealing with this myself was unsuccessful. Is there an easy way to log the http(s) requests that emacs sends, including headers? (In url-http.el?) I found the buffers with the responses, but not the requests. Jon In GNU Emacs 24.5.1 (x86_64-apple-darwin13.4.0, NS apple-appkit-1265.21) of 2015-04-10 on builder10-9.porkrind.org Windowing system distributor `Apple', version 10.3.1404 Configured using: `configure --with-ns '--enable-locallisppath=/Library/Application Support/Emacs/${version}/site-lisp:/Library/Application Support/Emacs/site-lisp'' Important settings: locale-coding-system: utf-8-unix Major mode: Lisp Interaction Minor modes in effect: eldoc-mode: t global-flycheck-mode: t flycheck-mode: t ido-everywhere: t show-paren-mode: t tooltip-mode: t electric-indent-mode: t mouse-wheel-mode: t menu-bar-mode: t file-name-shadow-mode: t global-font-lock-mode: t font-lock-mode: t auto-composition-mode: t auto-encryption-mode: t auto-compression-mode: t line-number-mode: t transient-mark-mode: t Recent messages: Wrote /Users/jk/.emacs.d/elpa/oauth2-0.10/oauth2-pkg.elc Checking /Users/jk/.emacs.d/elpa/oauth2-0.10... Compiling /Users/jk/.emacs.d/elpa/oauth2-0.10/oauth2.el...done Wrote /Users/jk/.emacs.d/elpa/oauth2-0.10/oauth2.elc Checking /Users/jk/.emacs.d/elpa/oauth2-0.10... Done (Total of 2 files compiled, 1 skipped) End of buffer [7 times] Loading oauth2...done End of buffer Making completion list... Load-path shadows: /Users/jk/emacs/site-lisp/json hides /Applications/Emacs.app/Contents/Resources/lisp/json Features: (shadow sort mail-extr emacsbug sendmail oauth2 warnings advice cl-macs json plstore epg cl gv autoload lisp-mnt mm-archive message format-spec rfc822 mml mml-sec mailabbrev gmm-utils mailheader mm-decode mm-bodies mm-encode mail-utils network-stream starttls url-http tls mail-parse rfc2231 rfc2047 rfc2045 ietf-drums url-gw url-cache url-auth url url-proxy url-privacy url-expand url-methods url-history url-cookie url-domsuf url-util mailcap url-handlers url-parse auth-source eieio byte-opt bytecomp byte-compile cl-extra cconv eieio-core gnus-util mm-util mail-prsvr password-cache url-vars finder-inf eldoc help-fns flycheck find-func help-mode rx subr-x seq dash edmacro kmacro cl-loaddefs cl-lib flymake compile comint ansi-color ring which-func imenu ido info easymenu package epg-config pcase paren server time-date tooltip electric uniquify ediff-hook vc-hooks lisp-float-type mwheel ns-win tool-bar dnd fontset image regexp-opt fringe tabulated-list newcomment lisp-mode prog-mode register page menu-bar rfn-eshadow timer select scroll-bar mouse jit-lock font-lock syntax facemenu font-core frame cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean japanese hebrew greek romanian slovak czech european ethiopic indian cyrillic chinese case-table epa-hook jka-cmpr-hook help simple abbrev minibuffer nadvice loaddefs button faces cus-face macroexp files text-properties overlay sha1 md5 base64 format env code-pages mule custom widget hashtable-print-readable backquote make-network-process cocoa ns multi-tty emacs) Memory information: ((conses 16 210988 9737) (symbols 48 28298 5) (miscs 40 48 221) (strings 32 53567 7069) (string-bytes 1 1478859) (vectors 16 24240) (vector-slots 8 519700 11630) (floats 8 97 245) (intervals 56 263 75) (buffers 960 13))