Re: OAuth2 implementation in Elisp

[Ted Zlatanov]

On Mon, 26 Sep 2011 11:52:54 +0200 Julien Danjou <address@hidden> wrote: 

>> That makes no sense.  You are asking the user to enter information Emacs
>> is displaying.  Can you grab that information for them, so they don't
>> have to enter it?

JD> No, this would kill the whole point of OAuth. You may want to take a
JD> look at the spec of the protocol to understand how it works. :)

On Sun, 25 Sep 2011 13:50:05 -0700 Justin Lilly <address@hidden> wrote: 

JL> w/r/t the entering a string, this is part of how oauth2 works for
JL> desktop applications. The other workflow is for web apps specifically.
JL> Familiarizing yourself with the spec might make reviewing the code a
JL> bit more sane as it should clear up some of these ambiguities.

Why can't Emacs behave like a web app?

I used OAuth 1 which had a similarly annoying feature.  It made it very
unlikely for users to try my code and I got many bug reports.  So I hope
we can avoid it.

The OAuth 2 spec (I found it at 
http://tools.ietf.org/html/draft-ietf-oauth-v2-22)
seems to provide for a seamless experience where the user authenticates
against a server and then the security code is fed back to the client
application through a redirect.  Perhaps I'm misunderstanding the flow;
my question is simply "if there's information Emacs knows, can you
please avoid asking the user to retype it?"  

I hope I don't have to know how to implement OAuth2 in order to
understand your answer to that question.

Ted