[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OAuth2 implementation in Elisp

From: Justin Lilly
Subject: Re: OAuth2 implementation in Elisp
Date: Sun, 25 Sep 2011 13:50:05 -0700

w/r/t the entering a string, this is part of how oauth2 works for
desktop applications. The other workflow is for web apps specifically.
Familiarizing yourself with the spec might make reviewing the code a
bit more sane as it should clear up some of these ambiguities.


2011/9/25 Ted Zlatanov <address@hidden>:
> On Sun, 25 Sep 2011 14:56:20 +0200 Julien Danjou <address@hidden> wrote:
> JD> On Sun, Sep 25 2011, Ted Zlatanov wrote:
>>> Could you format it to wrap the long lines?
> JD> Long? What's the limit? The longest is 122, which does not seem long to
> JD> me in 2011.
> If you could stay under 78 it would be polite.  I can't find the
> reference but I'm pretty sure for Emacs submissions at least it's
> required.
>>> Some usage examples would be nice.
> JD> Sure, I'll may be add, but the commentary should be enough for anybody
> JD> to start using it. :)
> It wasn't for me, sorry.  I don't know OAuth2 well.
>>> I don't think you are encoding URL parameters so your URLs are not
>>> safely constructed.  I think the url libraries have functions for that;
>>> you could also submit a POST (if OAuth2 supports it, I don't know the
>>> spec) so you don't have to encode things at all.
> JD> It is a POST request for the authorization request. And about encoding,
> JD> I'm not sure there's actually a problem, but if you could point me on a
> JD> specific point I'd be glad to take a look.
> #+begin_src lisp
>  (browse-url (concat auth-url
>                      (if (string-match-p "\?" auth-url) "&" "?")
>                      "client_id=" client-id
> "&response_type=code&redirect_uri=urn:ietf:wg:oauth:2.0:oob"
>                      (if scope (concat "&scope=" (url-hexify-string scope)) 
> "")
>                      (if state (concat "&state=" state) "")))
> #+end_src
> This is not a POST and `client_id' for instance could have invalid
> characters for a URL.
>>> Can `oauth2-request-authorization' be automated so the user doesn't have
>>> to enter a string they see on the screen?  That seems painful.
> JD> If Emacs was a Web app, yes.
> That makes no sense.  You are asking the user to enter information Emacs
> is displaying.  Can you grab that information for them, so they don't
> have to enter it?
> Thanks
> Ted

reply via email to

[Prev in Thread] Current Thread [Next in Thread]