bug#72992: 29.4; towards xoauth2 support in Emacs

[Andrew Cohen]

>>>>> "XD" == Xiyue Deng <dengxiyue@gmail.com> writes:

    XD> Hi Stefan, Stefan Kangas <stefankangas@gmail.com> writes:

    >> Xiyue Deng <manphiz@gmail.com> writes:
    >> 

[...]


    >>> Currently, auth-source search requires that the result include
    >>> `:secret' most of the time, where when using xoauth2 it is
    >>> actually the access-token. Actually, auth-source has existing
    >>> support for xoauth2 authentication, though it assumes that the
    >>> password value actually stores the access-token.
    >> 
    >> Where can we find this "existing support"?  Do you mean the
    >> 'auth-source-xoauth2' package on GNU ELPA?
    >> 

    XD> The basic support is actually in the Emacs core already,
    XD> e.g. for Gnus nnimap[2] and smtpmail[3].  However, this assumes
    XD> one to put the access_token in place of `:secret' in the
    XD> auth-source file as Emacs uses password as the access_token in
    XD> both places.  However, access_token expires quite frequently
    XD> (e.g. about 1 hour for Gmail) and without refreshing it
    XD> automatically it is practically impossible to use conveniently.
    XD> Hence the propose hack and the following suggestion.


This isn't actually true. When I added the support many years ago, I
updated auth-source so that the :secret field can be a function, and
this is how you should be using the current xoauth support. On the bug
thread I posted a suitable function that handles token refreshing (and
its on my list of changes to emacs that I expect to push at some
point). So everything necessary to use xoauth for nnimap and smtpmail
with auth-source, including automatic token refreshing, is already
present in emacs. 

Having said that, I think some of the ideas in Xiyue's code would be
useful. However I think it would be best to base this on the existing
code which works very well and is in use by at least me (and I think
some others as well).

Best,
Andy


-- 
Andrew Cohen