[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#16880: 24.3; oauth2: 401-responses not handled transparently [oauth2

From: Øyvind Stegard
Subject: bug#16880: 24.3; oauth2: 401-responses not handled transparently [oauth2 0.10]
Date: Tue, 25 Feb 2014 15:10:23 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)

Package: oauth2
Version: 0.10

I use oauth2.el to access the Google Contacts API and it has been
working fine for a long time. But in recent versions (after v0.9 I
think) I have been getting 401 http responses from Google whenever a
token refresh was necessary. Subsequently retrying the http request by
calling `oauth2-url-retrieve-synchronously' again makes it work OK, and
"200 OK" with expected results is returned.

It looks like the initial 401 http response, which is supposed to be
handled transparently, is what actually ends up in the buffer returned
by `oauth2-url-retrieve-synchronously' when a token refresh has been
automatically executed (in "oauth-hack" advice around
`url-http-handle-authentication'). (The token refresh itself seems to
work fine and is updated in the plstore.)

There is a hack in oauth2.el for hooking into url-http library
authentication handling, and the hack overrides the standard mechanism
by using an around-advice ("oauth-hack") and a conditional variable
which triggers the special behaviour when called from oauth2.

This advice sets the url internal variable `success' to t at the end,
but the advised function `url-http-handle-authentication' does not do
this after its own call to `url-retrieve-internal' at the end (in Emacs
24.3 at least).

I tried commenting out this (oauth2.el line 205):
   (when (boundp 'success) (setq success t)) ;For URL library in Emacs<24.4.

so `success' was not set to t. And this causes things to work like
expected; the initial 401-response is handled behind the scenes, and the
reponse of the last http request (with updated access token) is what
ends up in the buffer returned by `oauth2-url-retrieve-synchronously'. I
have not deep enough knowledge of the url library to see exactly why
this works, and I would appreciate if you could look into it.

To reproduce, I simply invalidate the access token in the oauth plstore,
forcing oauth2 to refresh it, before calling function

Also, what is the point of the (let ...) block with only variable
bindings and no body at line 196 in oauth.el ? (Parentheses mishap ?)


Øyvind S.
< Øyvind Stegard

reply via email to

[Prev in Thread] Current Thread [Next in Thread]