[elpa] externals/oauth2 850127d1bd 4/6: Support storing data for multipl

emacs-elpa-diffs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[elpa] externals/oauth2 850127d1bd 4/6: Support storing data for multipl

From:	Philip Kaludercic
Subject:	[elpa] externals/oauth2 850127d1bd 4/6: Support storing data for multiple accounts of the same provider
Date:	Fri, 30 Aug 2024 03:10:34 -0400 (EDT)

branch: externals/oauth2
commit 850127d1bd7e55c6175e7e41f6b9fc4acada5f0e
Author: Xiyue Deng <manphiz@gmail.com>
Commit: Philip Kaludercic <philipk@posteo.net>

    Support storing data for multiple accounts of the same provider
    
    Currently the plstore id computed by "oauth2-compute-id" only takes
    "auth-url", "token-url", and "scope" into account, which could be the
    same for the same provider (e.g. Gmail).  This prevents storing
    information for multiple accounts of the same service for some
    providers.
    
    This patch adds "client-id" to the calculation of plstore id to make
    sure that it is unique for different accounts of the same provider.
    
    It also changes the hash function to sha512 to be more secure.
    
    * packages/oauth2/oauth2.el (oauth2-compute-id): add "client-id" as a
    parameter of "oauth2-compute-id" to ensure unique id amount multiple
    accounts of the same provider, and change hash function to
    sha512.  (Bug#72358)
---
 oauth2.el | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/oauth2.el b/oauth2.el
index 54ca61e1cf..c8011ebf9b 100644
--- a/oauth2.el
+++ b/oauth2.el
@@ -166,17 +166,17 @@ TOKEN should be obtained with `oauth2-request-access'."
   :group 'oauth2
   :type 'file)
 
-(defun oauth2-compute-id (auth-url token-url scope)
+(defun oauth2-compute-id (auth-url token-url scope client-id)
   "Compute an unique id based on URLs.
 This allows to store the token in an unique way."
-  (secure-hash 'md5 (concat auth-url token-url scope)))
+  (secure-hash 'sha512 (concat auth-url token-url scope client-id)))
 
 ;;;###autoload
 (defun oauth2-auth-and-store (auth-url token-url scope client-id client-secret 
&optional redirect-uri state)
   "Request access to a resource and store it using `plstore'."
   ;; We store a MD5 sum of all URL
   (let* ((plstore (plstore-open oauth2-token-file))
-         (id (oauth2-compute-id auth-url token-url scope))
+         (id (oauth2-compute-id auth-url token-url scope client-id))
          (plist (cdr (plstore-get plstore id))))
     ;; Check if we found something matching this access
     (if plist

[Prev in Thread]

Current Thread

[Next in Thread]

[elpa] externals/oauth2 updated (cc2dd7f3e2 -> 4a5acb4698), Philip Kaludercic, 2024/08/30
- [elpa] externals/oauth2 850127d1bd 4/6: Support storing data for multiple accounts of the same provider, Philip Kaludercic <=
- [elpa] externals/oauth2 fe12f44542 3/6: Encode URL when requesting access, Philip Kaludercic, 2024/08/30
- [elpa] externals/oauth2 6c14c8e987 2/6: Add parameters required by Google OAuth2 to get refresh_token, Philip Kaludercic, 2024/08/30
- [elpa] externals/oauth2 a0b9e26a82 5/6: Add debug messages and provide an option variable for enabling, Philip Kaludercic, 2024/08/30
- [elpa] externals/oauth2 9a4fe2153d 1/6: Show full authentication URL to let user choose how to visit it, Philip Kaludercic, 2024/08/30
- [elpa] externals/oauth2 4a5acb4698 6/6: Add NEWS file to document the changes to plstore id generation, Philip Kaludercic, 2024/08/30

Prev by Date: [elpa] externals/oauth2 updated (cc2dd7f3e2 -> 4a5acb4698)
Next by Date: [elpa] externals/oauth2 fe12f44542 3/6: Encode URL when requesting access
Previous by thread: [elpa] externals/oauth2 updated (cc2dd7f3e2 -> 4a5acb4698)
Next by thread: [elpa] externals/oauth2 fe12f44542 3/6: Encode URL when requesting access
Index(es):
- Date
- Thread