all messages for Emacs-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
From: Philip Kaludercic <philipk@posteo.net>
To: Thomas Fitzsimmons <fitzsim@fitzsim.org>
Cc: emacs-devel@gnu.org
Subject: Re: [GNU ELPA] New package: url-http-oauth
Date: Sun, 07 May 2023 15:55:02 +0000	[thread overview]
Message-ID: <87a5ygf86h.fsf@posteo.net> (raw)
In-Reply-To: <m3fs8a2gl7.fsf@fitzsim.org> (Thomas Fitzsimmons's message of "Sat, 06 May 2023 01:07:16 -0400")

Thomas Fitzsimmons <fitzsim@fitzsim.org> writes:

> Hi,
>
> I would like to add one or two new packages to GNU ELPA.

I have no objections to this, but I don't have any comments either.

> The main one is url-http-oauth, which adds OAuth 2.0 support to the URL
> library, via "url-auth" hooks, like url-http-basic, url-http-digest and
> url-http-ntlm.  It provides auth-source integration for secrets, using
> the netrc backend.
>
>    https://git.sr.ht/~fitzsim/url-http-oauth
>
> This package is unrelated to oauth2.el in GNU ELPA, which provides new
> oauth2-url-retrieve and oauth2-url-retrieve-synchronously functions, and
> has plstore instead of auth-source integration.  For Excorporate, I
> needed something that would work with the built-in url-retrieve
> functions and I couldn't see how to do that with oauth2.el.  I haven't
> tested, but I see no reason that the two packages would interfere with
> one another.
>
> For the next release of Excorporate I want to depend on url-http-oauth
> to fix the longstanding bug#50113, "Excorporate: Communicating with
> domain that requires SSO?".  I have the changes ready; I am using them
> daily.
>
> The OAuth 2.0 standard encodes the use of a user-agent (i.e., web
> browser) for authorization steps which differ per OAuth 2.0 provider,
> and are not defined by the specification.  I have provided support for
> package authors and users to write custom functions to automate these
> web browser interactions in arbitrary ways:
>
>    AUTHORIZATION-CODE-FUNCTION is an elisp function that takes an
>    authorization URL as a string argument, and returns, as a string, a
>    full URL containing a code value in its query string.
>
> By default though, url-http-oauth will prompt the user to copy-n-paste
> URLs to and from the web browser.  This is the most general default I
> could think of; for example, this allows performing authorization in a
> local web browser then pasting the result to an Emacs session running
> three SSH hops away, where `browse-url' may not do the right thing.
>
> Users and package authors can design automatic user-agent interactions,
> but those ways are so varied that I wanted to see how they would evolve.
> For example, I would like to see someone write an
> authorization-code-function for Sourcehut that would use EWW inline.
> For other OAuth 2.0 providers whose authorization steps require
> JavaScript, EWW would not work.
>
> I have published another, tiny package:
>
>    https://git.sr.ht/~fitzsim/url-http-oauth-demo
>
> It demonstrates the use of url-http-oauth against the Emacs-friendliest
> OAuth 2.0 implementation I've found: Sourcehut.  Sourcehut's
> implementation is entirely Free Software, and it does not require
> JavaScript in the authorization steps.  Its client registration process
> does not have onerous terms of use.  Any Sourcehut user should be able
> to get url-http-oauth-demo working.  Maybe this package makes sense in
> GNU ELPA, or perhaps it could be part of url-http-oauth's documentation.
>
> I wrote these packages myself [1] and I have copyright assignment
> paperwork on file.
>
> Thomas
>
> 1. Except url-http-oauth--netrc-delete, which borrows lots of code from
>    auth-source.el.
>
>

-- 
Philip Kaludercic



  reply	other threads:[~2023-05-07 15:55 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-05-06  5:07 [GNU ELPA] New package: url-http-oauth Thomas Fitzsimmons
2023-05-07 15:55 ` Philip Kaludercic [this message]
2023-05-08  7:50 ` João Távora
2023-05-08 10:30   ` Philip Kaludercic
2023-05-08 14:22   ` T.V Raman
2023-05-08 16:19     ` João Távora
2023-05-08 16:26       ` Eli Zaretskii
2023-05-08 16:44       ` T.V Raman
2023-05-08 15:27   ` Thomas Fitzsimmons
2023-05-08 17:03     ` João Távora

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87a5ygf86h.fsf@posteo.net \
    --to=philipk@posteo.net \
    --cc=emacs-devel@gnu.org \
    --cc=fitzsim@fitzsim.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/emacs.git
	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.