From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Andrew Cohen <acohen@ust.hk>
Newsgroups: gmane.emacs.devel
Subject: Re: oauth2 support for Emacs email clients
Date: Thu, 12 Aug 2021 10:33:51 +0800
Organization: Hong Kong University of Science and Technology
Message-ID: <87fsvf8k8g.fsf@ust.hk>
References: <52589.36892.953561.24840@gargle.gargle.HOWL>
 <de477a47cc29f2791b89@heytings.org>
 <39093.96315.985670.24841@gargle.gargle.HOWL> <87o8acpwqe.fsf@ust.hk>
 <8735rhfjoi.fsf@gnu.org> <87fsvgolp2.fsf@ust.hk>
 <87bl64ol70.fsf@ust.hk> <E1mE0HB-0000hY-TZ@fencepost.gnu.org>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="10264"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux)
Cc: emacs-devel@gnu.org
To: Richard Stallman <rms@gnu.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Thu Aug 12 04:34:54 2021
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1mE0YX-0002OP-Hs
	for ged-emacs-devel@m.gmane-mx.org; Thu, 12 Aug 2021 04:34:54 +0200
Original-Received: from localhost ([::1]:41748 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1mE0YV-000080-O4
	for ged-emacs-devel@m.gmane-mx.org; Wed, 11 Aug 2021 22:34:51 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:57330)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <acohen@ust.hk>) id 1mE0Xv-0007iR-Ok
 for emacs-devel@gnu.org; Wed, 11 Aug 2021 22:34:15 -0400
Original-Received: from mail-eopbgr1410133.outbound.protection.outlook.com
 ([40.107.141.133]:41328 helo=JPN01-OS2-obe.outbound.protection.outlook.com)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <acohen@ust.hk>)
 id 1mE0Xs-000372-No; Wed, 11 Aug 2021 22:34:14 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=EM7Cfo3HyOo0BjcS/U0945g+BXOlohZxHVLJUsheZTPr5Dn8Jnjte1XUuVYZDo7JgSpMZRlZ/ezvZfYr1Q2zOUvkwZ/rABuVeifVSE4CJMUPi7XhKTsrKJWHi+qTMxWetNRjfw431/QNLlwJBEoDsJ4i9heRmVIi9uN0Q5jeRA5dGQqYWxvPnMyvIjSaI9R54nlJSJRU1qD56MhtEGmOntef0lqkHNutNWzOYwb/lxL2E3qwmOc3B6WtqOT2fJCg3xxU0W++Q3sm7KZ7KwWMbUww8fHx0qmfT6i8aFvQbmzkwnoarvW9ZPJGZifUpq6YoWshczZSyInCaaTXr8lW4w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=n1SbgPdovhcRt++hX9aG11ikQGf3i2QBouQxGUtxWFw=;
 b=OztyMFwvG5YqQ8N62uamxSkeduor+0cKskQWQ7TkDPL0YBEEtwRwVCY9i+MTeND0d/quSkdLbzGKvmEZOER2MiRVBRHvcsvEgiMmGPjUQCaTU94hAwVua0ZJEUEUZI+8+cpF72FWBCNu6+vNIwy5r+3AeWSl9IsIff5q6U50thC8plc9qmGj6a6zHI2pEvxKUHRVcZFcfUAEkOHM7oDqE+ji9/rwl8PBboUCtyihED1XK2DhR/YYkJHkSdcc27b6eb+fXGBUpU3aYTbto2STP4RDwsE/AlFkeTPzUBPUIxVXmvYKno6NFWl8nbl8ooB6X6z2LYEXf8UD6SqW3w2B5Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=ust.hk; dmarc=pass action=none header.from=ust.hk; dkim=pass
 header.d=ust.hk; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ust.hk; s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=n1SbgPdovhcRt++hX9aG11ikQGf3i2QBouQxGUtxWFw=;
 b=gkWLtzhQtTxpu2ql4R/8XwMWNe6SzwwEjnrjm5cfkkKiTolKqWpLwQQDKBgzrKqxMnVOE+63moUy221BZhvCclfKewgkO1T7JRKDx33/AOv+P1/ytkzNSu7PET1QbU6DQO82h4l+GRXNlcogsIurMHkU3e8a32qQqUApZtH4HXuXF+OwSb2UUWXsky2x+cbMwz7NjEAQf4daQc5IAzoeMX5wVvz+d1PZKCOzmhX0/5ZWLVGK4ZQj4VFAjusHUnU7mgD9xW9VoEZgYc0YHyRPuPB0IhS8S3GYyCmT4NxnT2TduJ2bXpkg2KeKcDu+6xA9Wp9ZHbzb7iZ3R0AX284hLg==
Authentication-Results: gnu.org; dkim=none (message not signed)
 header.d=none;gnu.org; dmarc=none action=none header.from=ust.hk;
Original-Received: from TYAP286MB0282.JPNP286.PROD.OUTLOOK.COM (2603:1096:404:8039::16)
 by TYAP286MB0716.JPNP286.PROD.OUTLOOK.COM (2603:1096:402:3e::7) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.17; Thu, 12 Aug
 2021 02:34:05 +0000
Original-Received: from TYAP286MB0282.JPNP286.PROD.OUTLOOK.COM
 ([fe80::455a:6595:5a00:6de2]) by TYAP286MB0282.JPNP286.PROD.OUTLOOK.COM
 ([fe80::455a:6595:5a00:6de2%9]) with mapi id 15.20.4415.017; Thu, 12 Aug 2021
 02:34:05 +0000
In-Reply-To: <E1mE0HB-0000hY-TZ@fencepost.gnu.org> (Richard Stallman's message
 of "Wed, 11 Aug 2021 22:16:57 -0400")
X-ClientProxiedBy: TYAPR01CA0190.jpnprd01.prod.outlook.com
 (2603:1096:404:ba::34) To TYAP286MB0282.JPNP286.PROD.OUTLOOK.COM
 (2603:1096:404:8039::16)
X-MS-Exchange-MessageSentRepresentingType: 1
Original-Received: from hanan (193.176.211.29) by
 TYAPR01CA0190.jpnprd01.prod.outlook.com (2603:1096:404:ba::34) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.4415.16 via Frontend Transport; Thu, 12 Aug 2021 02:34:03 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 439264d3-93df-417a-17db-08d95d39a6c4
X-MS-TrafficTypeDiagnostic: TYAP286MB0716:
X-Microsoft-Antispam-PRVS: <TYAP286MB0716958A33BF08AE70850CF1ABF99@TYAP286MB0716.JPNP286.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: p8Vv6NVoOXH77fLVcCmCUIpDK3QjZSha54B0Kf9UHBo/sqtQmp+9TQMQ5iHajVCHFL/fg6/3xgXqC6J1ZcWpAvw0qgMMaMbwI8fVbx0e/iWY6fW3W2aCu6oCJMnJlK17IB4Z3UqtSG+WC0Hc+NIO14C3Y6nyqm3PGPJGRpmlfr5uY5CCKhdSisYNezMsFGggPUNjXsIElAmAvCg7gZ+54D2sJ+V9HKBcaS90SOgM17Q62a6TGXxXuoX1/GhxD/ykfX1J0UbdeBZV9j4yt2vCeurq8DCuMjrvH0K48scYwZMY/dNW9XqChgNNBx3tQZfnyQY5zizfybJUFaNTNje3FJgP46+I8r1qIzVFDDOjsH8EgLMneBJqNDcqourxCvGl/ANIpohtakzaf/PEUG2DFM+z21VwccnSmeGdbX6K6rYe3WEsx1UwsJfobCmwW0JH9nrE+q3LD/HoruM2NpxRRdXFD2gvSmVIVHv2yqXwYR6VZSOspISt6dZLcpbsKUsTMxdbvBxtmWlcjYCXWsGAaQzxUTZ0XMSqaJ7uWXQKBEVpNwqnU99D7V/9Cby5isWAJ85IOZq9qMcxEVjHeyslZ/y+vhY6a8Z9hstS6zcTmAZ838os5zniPUPWoD3um3vEmVeFGuNtVYThAZPtLvPtAA==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:TYAP286MB0282.JPNP286.PROD.OUTLOOK.COM; PTR:; CAT:NONE;
 SFS:(4636009)(366004)(6666004)(86362001)(26005)(186003)(36916002)(6496006)(36756003)(956004)(2906002)(5660300002)(2616005)(8936002)(508600001)(6916009)(66476007)(4326008)(6486002)(83380400001)(8676002)(66556008)(786003)(316002)(450100002)(38100700002)(66946007);
 DIR:OUT; SFP:1102; 
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?u6tdzkl2Xj66APB9wVM2QKddgnmPVsJfk4po+zzfnju3zY9Okd+J4hRckmaM?=
 =?us-ascii?Q?KcxItbbMl9JMTHWwMJkkyiyazBt9mW6j/gGVlLjyJwnBoxEm8e6Mu0rziibv?=
 =?us-ascii?Q?5NL58Ku/xbLwoaKRvu+31Fxc44bNj3FAy0+Jw9AWEaxzgZ53+losmD9ZELeX?=
 =?us-ascii?Q?CpLA4L4FV4j/92lE4V75SWZMOYxmqJFl2I1hvlu3qhDSjt2tclnfHxhIX17r?=
 =?us-ascii?Q?/LCHsUMvLJjys3Pq0WEUzvYCN56SxnX84sFrw6n+r9zdfxNS7MNjN2DoueHU?=
 =?us-ascii?Q?klqUqdcQxhQDWoHb4F2JmY0uNlmMObt4o5K3s1mlXcYtd6SwjggD5Mn5hKoU?=
 =?us-ascii?Q?6382ZcctM1HG6gDqgtfyvFHUEoJvpvp3wBFtGO3O9iPcJuFqKHBsyuyVScFz?=
 =?us-ascii?Q?Mc3prvptleYLEtZnezcERQWB2mGGGziXScyv/ZJJy6ScnlOOu9KbFcaCzRUv?=
 =?us-ascii?Q?t5CHVT8yJrIYd6navbjkoqJJHMImsVWJMkk5d0J/Q1YzLmaHZ70m1Aqaz+s+?=
 =?us-ascii?Q?1fR3IcwlIWKzQKIXE5ZOEGOOfAhw6mHJ2X9z/4v9Xb7psdjeAIb7flAVzQXM?=
 =?us-ascii?Q?wE5xCretdCWgeRgDhzeEUF8IhuhoNZBgi7X7683t7bCF1hK4tE9qyDkpdNpl?=
 =?us-ascii?Q?vl 
X-OriginatorOrg: ust.hk
X-MS-Exchange-CrossTenant-Network-Message-Id: 439264d3-93df-417a-17db-08d95d39a6c4
X-MS-Exchange-CrossTenant-AuthSource: TYAP286MB0282.JPNP286.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Aug 2021 02:34:04.4881 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: c917f3e2-9322-4926-9bb3-daca730413ca
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: F3tYj+KXUdlQJEk2FexkgZPZ7X4RHMzjWgJrmzkL90Btlfov5wI4okovZyKSPxH/
X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYAP286MB0716
Received-SPF: pass client-ip=40.107.141.133; envelope-from=acohen@ust.hk;
 helo=JPN01-OS2-obe.outbound.protection.outlook.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001,
 RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Original-Sender: "Emacs-devel"
 <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.devel:272337
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/272337>

>>>>> "RS" == Richard Stallman <rms@gnu.org> writes:

    RS> [[[ To any NSA and FBI agents reading my email: please consider
    RS> ]]] [[[ whether defending the US Constitution against all
    RS> enemies, ]]] [[[ foreign or domestic, requires you to follow
    RS> Snowden's example. ]]]

    RS> Could you please post a summary of what part of the overall
    RS> problem is solved by your changes, with auth-source?

    RS> Which services can users use, in which circumstances -- and what
    RS> conditions does this depend on?

The changes to auth-source have nothing to do with oauth2 nor do they
involve any particular service. Plstore is code that allows storing
plists on disk with arbitrary parts of the list stored in plaintext and
other parts stored in encrypted form. The current plstore backend of the
auth-source code however only allows the :secret to be encrypted but
nothing else. The code change I am suggesting enhances the auth-source
plstore backend to allow other parts of the entry to be encrypted as
well, according to a user specification. The default is unchanged (the
:secret entry is encrypted but nothing else), while passing a :create
key to auth-source-search allows selecting exactly which parts should be
stored encrypted and which parts should be stored unencrypted in the
on-disk storage.

If/when I push this there will be a simple documentation update to make
this clear.

Why did this come up in the context of oauth2? I am using the plstore
backend of auth-source to store my oauth2 credentials (this is a user
choice: other backends, like the netrc backend, work fine as well) and
wanted the oauth2 security tokens that are included in my plstore
authentication entry to be stored on disk in an encrypted form. This
change makes that slightly more convenient to do (it can be already be
done by invoking plstore directly, but I find it convenient to use
auth-source to manage my service authentication entries).

--