[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OAuth2 implementation in Elisp
From: |
Justin Lilly |
Subject: |
Re: OAuth2 implementation in Elisp |
Date: |
Sun, 25 Sep 2011 13:50:05 -0700 |
w/r/t the entering a string, this is part of how oauth2 works for
desktop applications. The other workflow is for web apps specifically.
Familiarizing yourself with the spec might make reviewing the code a
bit more sane as it should clear up some of these ambiguities.
-justin
2011/9/25 Ted Zlatanov <address@hidden>:
> On Sun, 25 Sep 2011 14:56:20 +0200 Julien Danjou <address@hidden> wrote:
>
> JD> On Sun, Sep 25 2011, Ted Zlatanov wrote:
>>> Could you format it to wrap the long lines?
>
> JD> Long? What's the limit? The longest is 122, which does not seem long to
> JD> me in 2011.
>
> If you could stay under 78 it would be polite. I can't find the
> reference but I'm pretty sure for Emacs submissions at least it's
> required.
>
>>> Some usage examples would be nice.
>
> JD> Sure, I'll may be add, but the commentary should be enough for anybody
> JD> to start using it. :)
>
> It wasn't for me, sorry. I don't know OAuth2 well.
>
>>> I don't think you are encoding URL parameters so your URLs are not
>>> safely constructed. I think the url libraries have functions for that;
>>> you could also submit a POST (if OAuth2 supports it, I don't know the
>>> spec) so you don't have to encode things at all.
>
> JD> It is a POST request for the authorization request. And about encoding,
> JD> I'm not sure there's actually a problem, but if you could point me on a
> JD> specific point I'd be glad to take a look.
>
> #+begin_src lisp
> (browse-url (concat auth-url
> (if (string-match-p "\?" auth-url) "&" "?")
> "client_id=" client-id
>
> "&response_type=code&redirect_uri=urn:ietf:wg:oauth:2.0:oob"
> (if scope (concat "&scope=" (url-hexify-string scope))
> "")
> (if state (concat "&state=" state) "")))
>
> #+end_src
>
> This is not a POST and `client_id' for instance could have invalid
> characters for a URL.
>
>>> Can `oauth2-request-authorization' be automated so the user doesn't have
>>> to enter a string they see on the screen? That seems painful.
>
> JD> If Emacs was a Web app, yes.
>
> That makes no sense. You are asking the user to enter information Emacs
> is displaying. Can you grab that information for them, so they don't
> have to enter it?
>
> Thanks
> Ted
>
>
>
- OAuth2 implementation in Elisp, Julien Danjou, 2011/09/22
- Re: OAuth2 implementation in Elisp, Deniz Dogan, 2011/09/22
- Re: OAuth2 implementation in Elisp, Deniz Dogan, 2011/09/22
- Re: OAuth2 implementation in Elisp, Julien Danjou, 2011/09/22
- Re: OAuth2 implementation in Elisp, Ted Zlatanov, 2011/09/25
- Re: OAuth2 implementation in Elisp, Julien Danjou, 2011/09/25
- Re: OAuth2 implementation in Elisp, Ted Zlatanov, 2011/09/25
- Re: OAuth2 implementation in Elisp, Karl Fogel, 2011/09/25
- Re: OAuth2 implementation in Elisp,
Justin Lilly <=
- Re: OAuth2 implementation in Elisp, Julien Danjou, 2011/09/26
- Re: OAuth2 implementation in Elisp, Ted Zlatanov, 2011/09/26
- Re: OAuth2 implementation in Elisp, Julien Danjou, 2011/09/26
- Re: OAuth2 implementation in Elisp, Lars Magne Ingebrigtsen, 2011/09/26
- Re: OAuth2 implementation in Elisp, Julien Danjou, 2011/09/26
- Re: OAuth2 implementation in Elisp, Lars Magne Ingebrigtsen, 2011/09/26
- Re: OAuth2 implementation in Elisp, Julien Danjou, 2011/09/27
- Re: OAuth2 implementation in Elisp, Richard Stallman, 2011/09/27
- Re: OAuth2 implementation in Elisp, joakim, 2011/09/26
- Re: OAuth2 implementation in Elisp, Ted Zlatanov, 2011/09/26