This report concerns the oauth2 package on ELPA. Hope that’s OK. It affects
downstream users of it such as org-gcal and org-caldav.
The authentication scheme used by oauth2 has been deprecated by Google
services. I have a patch to update to the newer, recommended way. The OAuth2
maintainer said it would be a good addition, but I should find someone on ELPA
that is happy to review it in order to contribute.
Is there someone willing to review and merge a potential patch?
More details:
The current authentication scheme is out-of-band authentication; a code is displayed in the browser and the user copies it into Emacs. The new scheme involves spinning up an (extremely simple) HTTP server on Emacs to handle a redirect in the browser.
I have an implementation of the HTTP authentication handler, and emailed Julien
Danjou (the oauth2 maintainer) about it. Julien said it would be a good
incorporation to the package but they don’t have time to review it.
Thank you for your time.
Adrià Garriga-Alonso