[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OAuth2 implementation in Elisp

From: Ted Zlatanov
Subject: Re: OAuth2 implementation in Elisp
Date: Sun, 25 Sep 2011 08:31:27 -0500
User-agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.50 (gnu/linux)

On Sun, 25 Sep 2011 14:56:20 +0200 Julien Danjou <address@hidden> wrote: 

JD> On Sun, Sep 25 2011, Ted Zlatanov wrote:
>> Could you format it to wrap the long lines?

JD> Long? What's the limit? The longest is 122, which does not seem long to
JD> me in 2011.

If you could stay under 78 it would be polite.  I can't find the
reference but I'm pretty sure for Emacs submissions at least it's

>> Some usage examples would be nice.

JD> Sure, I'll may be add, but the commentary should be enough for anybody
JD> to start using it. :)

It wasn't for me, sorry.  I don't know OAuth2 well.

>> I don't think you are encoding URL parameters so your URLs are not
>> safely constructed.  I think the url libraries have functions for that;
>> you could also submit a POST (if OAuth2 supports it, I don't know the
>> spec) so you don't have to encode things at all.

JD> It is a POST request for the authorization request. And about encoding,
JD> I'm not sure there's actually a problem, but if you could point me on a
JD> specific point I'd be glad to take a look.

#+begin_src lisp
  (browse-url (concat auth-url
                      (if (string-match-p "\?" auth-url) "&" "?")
                      "client_id=" client-id
                      (if scope (concat "&scope=" (url-hexify-string scope)) "")
                      (if state (concat "&state=" state) "")))


This is not a POST and `client_id' for instance could have invalid
characters for a URL.

>> Can `oauth2-request-authorization' be automated so the user doesn't have
>> to enter a string they see on the screen?  That seems painful.

JD> If Emacs was a Web app, yes.

That makes no sense.  You are asking the user to enter information Emacs
is displaying.  Can you grab that information for them, so they don't
have to enter it?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]