From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Stefan Kangas Newsgroups: gmane.emacs.bugs Subject: bug#72992: 29.4; towards xoauth2 support in Emacs Date: Tue, 17 Sep 2024 21:33:04 +0000 Message-ID: References: <87h6ayfo87.fsf_-_@debian-hx90.lan> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="29710"; mail-complaints-to="usenet@ciao.gmane.io" Cc: Ted Zlatanov To: Xiyue Deng , 72992@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Tue Sep 17 23:35:05 2024 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1sqfqi-0007ZY-R1 for geb-bug-gnu-emacs@m.gmane-mx.org; Tue, 17 Sep 2024 23:35:05 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sqfqU-0003k3-2m; Tue, 17 Sep 2024 17:34:50 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sqfqR-0003jt-Ez for bug-gnu-emacs@gnu.org; Tue, 17 Sep 2024 17:34:47 -0400 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sqfqR-0002Y8-5u for bug-gnu-emacs@gnu.org; Tue, 17 Sep 2024 17:34:47 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=Date:MIME-Version:References:In-Reply-To:From:To:Subject; bh=F0x1iyONWZdaHA2N9Wl8matPXl7mz1fl96oV7zh+jVs=; b=X8sNku/4WL5RhXC2NeIy2v55R6SlgKd2u++xm54KvVDdocwSn1BTKWDwjEHv1sBtOQibSemcyy8D5ttqlBBpICCZ50pNxSMgKk9LlVbG6M9mpYKV5NBvgFbu9zSV7oMo7pSZI17nOWfoUAcvzXoZcqCZ50ZJhBbfPvtUtHtiNCSLxo5ARn2eycV4C/KxZiY4lYC4/XnKVvoi3ty4YeEDAfdCS3pBDLuER5lGO8b5NcBozrcmh2lA6rDKFvExEEuxIvHcC32oYq1omy12uc0YKqXk5rsVnByjjJIO72NOo+5PJC+feZZvsPxwiCyAK0MdLG8gC6kTNO4cVMS0eJQ8GA==; Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1sqfqf-0006z6-L0 for bug-gnu-emacs@gnu.org; Tue, 17 Sep 2024 17:35:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Stefan Kangas Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 17 Sep 2024 21:35:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 72992 X-GNU-PR-Package: emacs Original-Received: via spool by 72992-submit@debbugs.gnu.org id=B72992.172660887026790 (code B ref 72992); Tue, 17 Sep 2024 21:35:01 +0000 Original-Received: (at 72992) by debbugs.gnu.org; 17 Sep 2024 21:34:30 +0000 Original-Received: from localhost ([127.0.0.1]:56140 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sqfq9-0006y1-Fp for submit@debbugs.gnu.org; Tue, 17 Sep 2024 17:34:29 -0400 Original-Received: from mail-ed1-f53.google.com ([209.85.208.53]:42436) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sqfq6-0006xk-8k for 72992@debbugs.gnu.org; Tue, 17 Sep 2024 17:34:27 -0400 Original-Received: by mail-ed1-f53.google.com with SMTP id 4fb4d7f45d1cf-5c40942358eso271876a12.1 for <72992@debbugs.gnu.org>; Tue, 17 Sep 2024 14:34:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1726608785; x=1727213585; darn=debbugs.gnu.org; h=cc:to:subject:message-id:date:mime-version:references:in-reply-to :from:from:to:cc:subject:date:message-id:reply-to; bh=F0x1iyONWZdaHA2N9Wl8matPXl7mz1fl96oV7zh+jVs=; b=HHoA4Y+W5tQSGMkTc7Pda1Q4ZGutXO8+fdt2DzxfWydE44/csOPxjwE/iKZV1GDfo7 Do8Wg1dPtW+UXgCsuCD0VgO1cobMPATXFxQE9tSZbq9Qq9qlb3ljU1a3ToNsNZczTGiT rNm9HOsl8+uM/UTVMrvLywuxiwQ36kDONU2CNY49PXLoRAySLvhvTX1bLkPhYnY4RseU YHQ35LQUjXcXv45gw8e5+aEEITsI5RBJkYqJcFSaIj47ktuvuwYJq1NVuzCBAKaAiGfJ ttfVWKRnCWC86UG+Xx1dq6IYZJNAJgU0FDDV5W0IzxAhXG4dHGASHo2MvRYICtVIVqba FWgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726608785; x=1727213585; h=cc:to:subject:message-id:date:mime-version:references:in-reply-to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=F0x1iyONWZdaHA2N9Wl8matPXl7mz1fl96oV7zh+jVs=; b=H58NiU10/lZjF+WW2evzaGlVfqw6qfqZHikQdgGk2pG3xNrxRy+7qEgioZR4Wpion1 MhCoqr1vFaVXWZbW5qfExi2GZDuUGepm8xCG0NvGGaus3id51VJlnjAq9rhQdL5107JY y9AHfeeBzvf4JY409Pl6OevO9Y4CgtpzWMwj8KygcbAGTwBWyrC1XJf8NtWTX6D/WYPN 8Kg8MkmQa6BIPvtLVGzKRdxTp5E9Zn4YnPRJzMTDxTD6lkqY35kByurwNeFzvlwOzeR1 fuVoxeUDmO6rGWBmctbYxLDU/YdHSO9GpGwQ8uBuyxhMTdYM1HtgPyU/AX7BtIVVfiVA cFRQ== X-Forwarded-Encrypted: i=1; AJvYcCVQ0FZhjTb/BZZeTgfNwMgY9J5NcBPVdd82iDLHHLKt2XJq+GrvDVXRXkIbvRDTx67em1RpzA==@debbugs.gnu.org X-Gm-Message-State: AOJu0YwcoQOQtngXNkIKzav65YAHABuQSDoLro4SDDMAi74tVlQ5KpNT mpDpxR1OOU0g6yVPv2jMEP24o9wA0/FWUj1WObyvxNF7aJ5ULbQJTzXSkA4A5dxYvAbNplmTKui JPR7vPSukdBPJNeZAZc+I873jAa4= X-Google-Smtp-Source: AGHT+IERF6YLeZUY3TIx1LSdegSUleQLmNBHXHQ0nGsIJW7Cn6PGhpM0XiCLu3YGqmyHGus79IAfGcQvmpRmiNZud9M= X-Received: by 2002:a50:8d85:0:b0:5c2:5f31:8888 with SMTP id 4fb4d7f45d1cf-5c401602585mr22308168a12.15.1726608784772; Tue, 17 Sep 2024 14:33:04 -0700 (PDT) Original-Received: from 753933720722 named unknown by gmailapi.google.com with HTTPREST; Tue, 17 Sep 2024 21:33:04 +0000 In-Reply-To: <87h6ayfo87.fsf_-_@debian-hx90.lan> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:291976 Archived-At: Xiyue Deng writes: > Now that bug#72358 is done, as promised, I'm posting my plugin for > auth-sources that enables oauth2 handling which you can find on > Gitlab[1] (also attached). As the current approach tries to override > some existing handling in auth-source, I would like to gather some > comments on how to properly integrate this handling, and see if there is > any benefit on providing this as a separate package for older Emacs > versions. > > In the comment section of the package I put notes on how xoauth2 is > enabled as well as existing restrictions in auth-source and how it > workarounds them. I'll briefly explain below. I think it would be good if you could add to your package some general explanation of what xoauth2 is, and what are its use cases both in a general sense, and specifically together with the auth-source package. Don't assume that people already know what xoauth2 is, how it is different from oauth2, which services use it, etc. Explain it. I would add such general information to the beginning of the "Commentary" section. Nothing long is needed, just a general introduction and perhaps links for where to read more. Some examples of when it would be used, preferably with example code for some use cases, would also go a long way. > Currently, auth-source search requires that the result include `:secret' > most of the time, where when using xoauth2 it is actually the > access-token. Actually, auth-source has existing support for xoauth2 > authentication, though it assumes that the password value actually > stores the access-token. Where can we find this "existing support"? Do you mean the 'auth-source-xoauth2' package on GNU ELPA? > Because xoauth2 also makes use of > `secret'/`password', it makes it hard to determine whether to use > password-based or xoauth2-based authentication, which is why my plugin > asks users to set `auth' in auth-source to determine whether to use > xoauth2. Another complication from this is that auth-source search > requires the entry contains a `secret' most of the time, where it does > not need to be set when using xoauth2. Therefore I workaround this by > temporarily disables this check and try to retrieve access-token using > oauth2 and set the result as password. > > Given the inconveniences of reusing password for access-token, I wonder > whether we can add support for a separate `:access-token' key in the > auth-source entry and use that instead of password when authenticating > using xoauth2. This way, we can have both password and access-token in > an auth-source entry and nnimap and smtpmail can use either one. More > specifically: > > * When performing an auth-source search, if xoauth2 related fields are > set (see the list of fields in the comments of my plugin), it will > retrieve access-token using oauth2. > > * The search should change to check for either `secret'/`password' or > `access-token' is available. > > * For `nnimap-login' and `smtpmail-try-auth-method', pass in both > password and access-token, and for xoauth2 it should use access-token > instead of password. > > If this is an acceptable approach, I'll try to draft a patch to > implement this in Emacs. Otherwise, it may still worth implement the > current approach directly in Emacs so as to avoid using hack like > advice. I'm not very familiar with auth-source.el, but on a general level the above makes sense to me. I've also Cc:ed Ted Zlatanov, the author of auth-source.el > Meanwhile, I wonder whether this may be worth release as a separate > package so that users of older versions can use xoauth2 as well. I'd > like to make it compatible with the agreed-upon approach to minimize any > incompatibilities. > > Thanks for reading, and any comments are appreciated. Are you proposing to include this in Emacs core, on GNU ELPA, or something else? Thanks. > [1] https://gitlab.com/xiyueden/auth-source-xoauth2-plugin