bug#23281: 24.5; oauth2 lacks "Authorization: Bearer"

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#23281: 24.5; oauth2 lacks "Authorization: Bearer"

From:	npostavs
Subject:	bug#23281: 24.5; oauth2 lacks "Authorization: Bearer"
Date:	Mon, 11 Jul 2016 20:43:08 -0400
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/25.0.93 (gnu/linux)

tags 23281 fixed
close 23281 oauth2/0.11
quit

Jon Kåre Hellan <hellan@acm.org> writes:

> The oauth2 elpa package provides oauth2 authentication. The Oauth2
> standard  works by passing around authentication tokens. The oauth2.el
> appends the token to the url as a query parameter. This works with some
> services, but the preferred way is to pass it in an
> "Authorization: Bearer" header. Quote from RFC 6570:
>
>    Because of the security weaknesses associated with the URI method
>    (see Section 5), including the high likelihood that the URL
>    containing the access token will be logged, it SHOULD NOT be used
>    unless it is impossible to transport the access token in the
>    "Authorization" request header field or the HTTP request entity-body.
>
> oauth2.el should be able to use the header mechanism, either mandatory
> or as a default.

This seems to have been implemented in oauth2 version 0.11 (elpa commit
55da50d5 2016-07-09 "oauth2: send authentication token via Authorization
header").

[Prev in Thread]

Current Thread

[Next in Thread]

bug#23281: 24.5; oauth2 lacks "Authorization: Bearer", npostavs <=

Prev by Date: bug#23948: Expired Certificate on gnu.org
Next by Date: bug#23935: 25.1.50; simple reproducible crash for emacs -Q: `M-: (+ 1997 120 400)'
Previous by thread: bug#23831: 25.0.95; face Info-quoted is not displayed on Redhat 6.6
Next by thread: bug#23952: 25.0.95; Regression: vc (git) over TRAMP doesn't work anymore
Index(es):
- Date
- Thread