From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Gregory Heytings Newsgroups: gmane.emacs.devel Subject: Re: oauth2 support for Emacs email clients Date: Tue, 03 Aug 2021 22:02:44 +0000 Message-ID: References: <52589.36892.953561.24840@gargle.gargle.HOWL> <39093.96315.985670.24841@gargle.gargle.HOWL> Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset=us-ascii Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="1369"; mail-complaints-to="usenet@ciao.gmane.io" Cc: emacs-devel@gnu.org To: Roland Winkler Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Wed Aug 04 00:03:47 2021 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mB2Vm-00008y-Qf for ged-emacs-devel@m.gmane-mx.org; Wed, 04 Aug 2021 00:03:46 +0200 Original-Received: from localhost ([::1]:50370 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mB2Vl-000690-F1 for ged-emacs-devel@m.gmane-mx.org; Tue, 03 Aug 2021 18:03:45 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:55982) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mB2Us-0004mt-Ls for emacs-devel@gnu.org; Tue, 03 Aug 2021 18:02:50 -0400 Original-Received: from heytings.org ([95.142.160.155]:38404) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mB2Uq-0006hh-Iz; Tue, 03 Aug 2021 18:02:50 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heytings.org; s=20210101; t=1628028164; bh=0LpR18VGWNV8F/A7cKRSuFpkovhG/oucyJo4Bp76TFE=; h=Date:From:To:cc:Subject:In-Reply-To:Message-ID:References:From; b=nzs9YfHda4VCN546Q4ZSp9cBmy8EKPBk0K9vdeH/Ieocfx2n9RpwupO0OX1970Ihu olTLYJtY3dQznK0vv5n/+Q6LdE+yIt1ohGPXWojHUlUrzYe9w9h5keZmsuGpKz9RsN zBYkzEdbb5KBz++cKqWf2m+koJnGPBOFXTNsmAFJYmNNdwY1HixxST0AgJ0QO5xZu6 JWo5T3gdkcS9XiDLXj9B8cEumEoMQccfbd/0r0hkDo/VW06Wssp7u846L7intw7Hu4 BUKM+K/xrEVe6STeRy8sh6ondoLRabyY92NQa+DVH25NU7imU/OfKfggllOZhjQ25z 0LrSJHFACrJnA== In-Reply-To: <39093.96315.985670.24841@gargle.gargle.HOWL> Received-SPF: pass client-ip=95.142.160.155; envelope-from=gregory@heytings.org; helo=heytings.org X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:272007 Archived-At: > > Upon authentication, oauth2.el does not support `access_type=offline'. > It is my understanding that this is needed to get upon authorization not > only an access token, but also a refresh token. The latter is needed to > grant an app continuous access beyond the short lifetime of an access > token. > Your understanding is correct, except that AFAIK it is not "needed", at least not in general. But of course as you might guess each provider implemented their own variant / extensions of the OAuth protocol. If you need these parameters in your case, you can add them in oauth2-request-authorization. > > However, the emacs url machinery also lacks the code that is needed to > use the referesh token in order to request a new access token if the > current access token has expired. > This should work AFAIU; I don't use oauth2.el myself, but a comment says "If the token needs to be refreshed, the code handles it automatically and store the new value of the access token", and that refreshing mechanism is an essential part of OAuth, if it is not present OAuth is not usable.