bug#23281: 24.5; oauth2 lacks "Authorization: Bearer"

all messages for Emacs-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed

From: npostavs@users.sourceforge.net
To: "Jon Kåre Hellan" <hellan@acm.org>
Cc: 23281@debbugs.gnu.org
Subject: bug#23281: 24.5; oauth2 lacks "Authorization: Bearer"
Date: Mon, 11 Jul 2016 20:43:08 -0400	[thread overview]
Message-ID: <87r3azfzz7.fsf@users.sourceforge.net> (raw)
In-Reply-To: <570E3400.8020708@acm.org> ("Jon Kåre Hellan"'s message of "Wed, 13 Apr 2016 13:56:48 +0200")

tags 23281 fixed
close 23281 oauth2/0.11
quit

Jon Kåre Hellan <hellan@acm.org> writes:

> The oauth2 elpa package provides oauth2 authentication. The Oauth2
> standard  works by passing around authentication tokens. The oauth2.el
> appends the token to the url as a query parameter. This works with some
> services, but the preferred way is to pass it in an
> "Authorization: Bearer" header. Quote from RFC 6570:
>
>    Because of the security weaknesses associated with the URI method
>    (see Section 5), including the high likelihood that the URL
>    containing the access token will be logged, it SHOULD NOT be used
>    unless it is impossible to transport the access token in the
>    "Authorization" request header field or the HTTP request entity-body.
>
> oauth2.el should be able to use the header mechanism, either mandatory
> or as a default.

This seems to have been implemented in oauth2 version 0.11 (elpa commit
55da50d5 2016-07-09 "oauth2: send authentication token via Authorization
header").

     prev parent reply	other threads:[~2016-07-12  0:43 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-04-13 11:56 bug#23281: 24.5; oauth2 lacks "Authorization: Bearer" Jon Kåre Hellan
2016-04-25 22:25 ` Lars Magne Ingebrigtsen
2016-07-12  0:43 ` npostavs [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87r3azfzz7.fsf@users.sourceforge.net \
    --to=npostavs@users.sourceforge.net \
    --cc=23281@debbugs.gnu.org \
    --cc=hellan@acm.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/emacs.git
	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.