From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.devel Subject: Re: OAuth2 implementation in Elisp Date: Tue, 27 Sep 2011 05:18:35 -0500 Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos Message-ID: <87fwjiuw3o.fsf@lifelogs.com> References: <87sjnojl7j.fsf@keller.adm.naquadah.org> <4E7BAFA4.8090800@dogan.se> <4E7BAFE2.2090102@dogan.se> <87k490jkaw.fsf@keller.adm.naquadah.org> <87d3eo984j.fsf@lifelogs.com> <87mxdsbx1n.fsf@keller.adm.naquadah.org> <87litc695c.fsf@lifelogs.com> <87vcsfmxzd.fsf@keller.adm.naquadah.org> <87y5xb4bgj.fsf@lifelogs.com> <87ehz32vm5.fsf@keller.adm.naquadah.org> <87y5xbvvyz.fsf@lifelogs.com> Reply-To: emacs-devel@gnu.org NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: dough.gmane.org 1317118830 29358 80.91.229.12 (27 Sep 2011 10:20:30 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Tue, 27 Sep 2011 10:20:30 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Sep 27 12:20:26 2011 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1R8Um1-000538-11 for ged-emacs-devel@m.gmane.org; Tue, 27 Sep 2011 12:20:25 +0200 Original-Received: from localhost ([::1]:41897 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1R8Um0-0007hd-I8 for ged-emacs-devel@m.gmane.org; Tue, 27 Sep 2011 06:20:24 -0400 Original-Received: from eggs.gnu.org ([140.186.70.92]:43560) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1R8Uls-0007hJ-4v for emacs-devel@gnu.org; Tue, 27 Sep 2011 06:20:21 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1R8Ulm-00039L-3y for emacs-devel@gnu.org; Tue, 27 Sep 2011 06:20:16 -0400 Original-Received: from lo.gmane.org ([80.91.229.12]:60493) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1R8Ull-00039C-QI for emacs-devel@gnu.org; Tue, 27 Sep 2011 06:20:10 -0400 Original-Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1R8Ulk-0004w7-BX for emacs-devel@gnu.org; Tue, 27 Sep 2011 12:20:08 +0200 Original-Received: from 38.98.147.133 ([38.98.147.133]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 27 Sep 2011 12:20:08 +0200 Original-Received: from tzz by 38.98.147.133 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 27 Sep 2011 12:20:08 +0200 X-Injected-Via-Gmane: http://gmane.org/ Mail-Followup-To: emacs-devel@gnu.org Original-Lines: 31 Original-X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: 38.98.147.133 X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.50 (gnu/linux) Cancel-Lock: sha1:K5URf4rlwkapuFettnaLGIgU6tw= X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-Received-From: 80.91.229.12 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:144394 Archived-At: On Mon, 26 Sep 2011 16:23:48 -0500 Ted Zlatanov wrote: TZ> On Mon, 26 Sep 2011 17:04:18 +0200 Julien Danjou wrote: JD> When the client is a native client (like Emacs), the user is sent to an JD> URL where the OAuth provider prints the following: JD> "The application $REGISTERED-APPLICATION-NAME is trying to access your JD> data in $THIS-WAY. Is this OK? JD> [YES] [NO]" JD> If the user clicks yes, an authorization code is printed, the user give JD> it to Emacs, and Emacs can obtain an access token from the OAuth JD> provider to access the user data. Point. TZ> You are asking the user to visit a URL (with `browse-url') with an TZ> external web browser that can run Javascript, then maybe they get back TZ> an auth code, and then they paste it back to Emacs. The way you have TZ> written oauth2.el, anyone that has customized `browse-url' to use w3m or TZ> other non-Javascript browsers will not know that something went wrong. TZ> Maybe oauth2.el should check for that case. I've confirmed this is completely broken with w3m, at least. I can't even use the "OK" button in the displayed screen because oauth2.el is waiting for me in the minibuffer, and of course w3m can't process the form because it doesn't store cookies by default (I didn't go further in the testing). So please check that `browse-url' is not set to one of the internal Emacs choices. Thanks Ted