From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Xiyue Deng Newsgroups: gmane.emacs.bugs Subject: bug#72992: 29.4; towards xoauth2 support in Emacs Date: Thu, 03 Oct 2024 15:41:34 -0700 Message-ID: <87wmio3j35.fsf@debian-hx90.lan> References: <87h6ayfo87.fsf_-_@debian-hx90.lan> <877cb8oihg.fsf@debian-hx90.lan> <878qvocjkz.fsf@ust.hk> <87ldzom4rz.fsf@debian-hx90.lan> <87zfo4au81.fsf@ust.hk> <878qvnmfrp.fsf@debian-hx90.lan> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="35549"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Notmuch/0.38.3 (https://notmuchmail.org) Emacs/29.4 (x86_64-pc-linux-gnu) Cc: Ted Zlatanov , Philip Kaludercic , 72992@debbugs.gnu.org, Stefan Kangas To: Andrew Cohen Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Fri Oct 04 00:43:24 2024 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1swUXa-00092G-Qn for geb-bug-gnu-emacs@m.gmane-mx.org; Fri, 04 Oct 2024 00:43:23 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1swUXE-0005Wg-Lx; Thu, 03 Oct 2024 18:43:00 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1swUXD-0005WW-Qo for bug-gnu-emacs@gnu.org; Thu, 03 Oct 2024 18:43:00 -0400 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1swUXD-0008LW-Hh for bug-gnu-emacs@gnu.org; Thu, 03 Oct 2024 18:42:59 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:References:In-Reply-To:From:To:Subject; bh=rpElN9scKlZZDXOEBAnJKf/U7Vocz6/v9fDts9akSgc=; b=hRl3BoywW5hxuvhggZFZv1nhf5+ZtH0Yhlisk72JzQXyWjXLlfSvXKrSrBxZ1qT1P42nLxriYtoCx1D1mUOdqjI/eOV2GxTwkMxlDD6Mr3X1l86zi5Jy8Z9DIgISbk8vUQ50LtwZyGUW7JIAysEMKI123rYO88G9GS4crCwVqq14pRtCvmb6zZTjovo9hylEmIQycmWTijiC9HkMzujRb7k/+FbwfrF8hYcsIG3dGIj2UrX4jslPJ7ycddd3wSCCxOfNSi9K3q++Fsrxlq6XS0aMM6c/ut1qy2F1vkF7JUHx1Wir46AokzQjC5ysTSYj957ziI6Za8HKaxBAsFpoKg==; Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1swUXF-0000PM-Rl for bug-gnu-emacs@gnu.org; Thu, 03 Oct 2024 18:43:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Xiyue Deng Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 03 Oct 2024 22:43:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 72992 X-GNU-PR-Package: emacs Original-Received: via spool by 72992-submit@debbugs.gnu.org id=B72992.17279953641525 (code B ref 72992); Thu, 03 Oct 2024 22:43:01 +0000 Original-Received: (at 72992) by debbugs.gnu.org; 3 Oct 2024 22:42:44 +0000 Original-Received: from localhost ([127.0.0.1]:34063 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1swUWx-0000OX-RL for submit@debbugs.gnu.org; Thu, 03 Oct 2024 18:42:44 -0400 Original-Received: from mail-pl1-f182.google.com ([209.85.214.182]:56331) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1swUWv-0000OL-4M for 72992@debbugs.gnu.org; Thu, 03 Oct 2024 18:42:42 -0400 Original-Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-20bc506347dso12951185ad.0 for <72992@debbugs.gnu.org>; Thu, 03 Oct 2024 15:42:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1727995298; x=1728600098; darn=debbugs.gnu.org; h=mime-version:message-id:date:user-agent:references:in-reply-to :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=rpElN9scKlZZDXOEBAnJKf/U7Vocz6/v9fDts9akSgc=; b=IuQewmjafgPjz705f0p7Lbxxi3pb62hwrm6mS3gHyEVfiZu36HAJjFQUZ+XEO0Kn0G KCw/TTbumvmUayHr9OAndgaicezP3wdA/dlxaZTS9Yu3CVEBa7Drl2EbOQ0j6sHvpglY fNc6hCXPov3qrNENPwl/mS9J+CFqDRZ1HNs7Fa3+cv97sPcWYx07v6yheXNz/UbDygzN 7uMldey9ZSCsu6mG/6Oo+Bpe3jT4mzxBjU3jXEW+A8TBRRpKFd2j37MvJtU/QY2EEf+n /qh27w8GB+4O4FGBg/70DxX/hzMmBG4apY3j/IYL2VaZH6N28HeDdxfsl0YhnXLuZtmz nz5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727995298; x=1728600098; h=mime-version:message-id:date:user-agent:references:in-reply-to :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=rpElN9scKlZZDXOEBAnJKf/U7Vocz6/v9fDts9akSgc=; b=hVlb27lDk+dkOTMk6T3gBgvPjZ5KFFfxtX6ueIYAXnt9XVlJ9kWSzTkpXDabzlK2RF 7Z8xRtfxhbOPjQFDFi9AQAzKb9LNwuUmnTuYJD2KZLC3nno5dhZTFbr4EsexTbh8Rbpp XQFScTLBp8ufDo8rYf7Q2hwUxfrLcNt1kDGve5fYi6VanxEmEDMblft0SERXBkGWOE9e pkpZhJwFdzcS1if2pXU2Y65SLwLdlNGdoIBmV5ZyE+fsA6NLnQKMCfGA3TPVUJcBshbH gdj6gXf1/WZCxbknsDE1pDgvQlwTEs2CVbbhpJAeScHOBWHv7l5VLq8BD12wsWjrUjbn uDVg== X-Forwarded-Encrypted: i=1; AJvYcCWrOIWM0FacqxKmwZ+RkU4WkLRRGB01GZsSPXCeZWX66nUYPwzY/Hcwazug8Zgep4Hh9RKn4w==@debbugs.gnu.org X-Gm-Message-State: AOJu0YwbLCWf+jcvSiumwtTxMJApmUYvwz2CH13TKGZ+ZCl4T9wgeSv7 lC7583+cc/L3AckOwFIHhP35hGv59K240to496n8XlYfG+RsBeY7 X-Google-Smtp-Source: AGHT+IGUu5KRilK396Wc/wiX8w4HPKX76FY03UJGHL4mb1v/HUwLiZ/BLpP3BDjdQppwJxEIGlG7vQ== X-Received: by 2002:a17:903:22cf:b0:202:26d:146c with SMTP id d9443c01a7336-20bfdf803dcmr10842475ad.5.1727995297567; Thu, 03 Oct 2024 15:41:37 -0700 (PDT) Original-Received: from debian-hx90 (syn-076-094-249-045.res.spectrum.com. [76.94.249.45]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-20bef7074fesm13627735ad.250.2024.10.03.15.41.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Oct 2024 15:41:37 -0700 (PDT) In-Reply-To: <878qvnmfrp.fsf@debian-hx90.lan> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:292928 Archived-At: Xiyue Deng writes: > Andrew Cohen writes: > > [...] > >> By the way there are some significant bugs in auth-source.el which I >> have fixed in my personal tree but haven't yet pushed. I have so little >> time for emacs at the moment, but I'll try to get around to it. And >> there is one major deficiency in auth-source.el that I want to deal >> with: obfuscation of the :secret. When Ted originally wrote >> auth-source.el he wrapped the :secret in a closure so that the secret >> itself wasn't visible in memory. At the time he did this, closures >> weren't fully part of emacs, and their implementation at the time didn't >> expose the contents of the closure in bytecode. But the current official >> implementation does, so this obfuscation trick no longer works. I want >> to remove it since it no longer works and might lead to confusion. >> > > Looking forward to it! > Just want to follow up on this: may we try your fixes and maybe try to contribute for committing upstream? Also, for the :secret in closures, do you suggest to remove it or is there another up-to-date way to hide it in memory? >> XD> Maybe auth-source source can host a helper function that checks >> XD> if `:secret' is not set and xaouth2 is preferred (e.g. `:auth' >> XD> is `xoauth2') and all required credentials are available it will >> XD> get the access_token and put it `:secret' (or basically my hacky >> XD> advice :) >> >> I think this isn't the right way to go. Currently xoauth2 is one of >> several supported SASL methods. The logic is supposed to be to try them >> in a certain order, but this hasn't worked properly for some >> time. Nobody has noticed since almost everyone uses only the basic >> method. In gnus there has always been a server variable, >> nnimap-authenticator, that chooses the preferred sasl method, which is >> how the current support for xaouth2 is designed to work. I think this >> is the right way to handle this (rather than relying on some specific >> form of the auth-source entry) but it would be good to fix the logic in >> nnimap.el to allow multiple methods to be tried. >> > > Right. The `:auth' trick I did is just to workaround the restriction > that `nnimap-login' chooses basic method over other methods, and I'd > prefer a better built-in support in auth-source myself. As you > mentioned, maybe it can be remodeled after `smtpmail-try-auth-method' to > so that the login method is chosen on demand instead of trial-and-error. > In this regard, is it desirable to make `auth-source-search-backends' a defgeneric acting on a given protocol (basic vs. xoauth2 vs. others), and similarly for `nnimap-login' et al.? >> [...] >> -- Xiyue Deng