Re: oauth2 support for Emacs email clients

[Andrew Cohen]

>>>>> "RS" == Richard Stallman <rms@gnu.org> writes:

    RS> [[[ To any NSA and FBI agents reading my email: please consider
    RS> ]]] [[[ whether defending the US Constitution against all
    RS> enemies, ]]] [[[ foreign or domestic, requires you to follow
    RS> Snowden's example. ]]]

    RS> Could you please post a summary of what part of the overall
    RS> problem is solved by your changes, with auth-source?

    RS> Which services can users use, in which circumstances -- and what
    RS> conditions does this depend on?

The changes to auth-source have nothing to do with oauth2 nor do they
involve any particular service. Plstore is code that allows storing
plists on disk with arbitrary parts of the list stored in plaintext and
other parts stored in encrypted form. The current plstore backend of the
auth-source code however only allows the :secret to be encrypted but
nothing else. The code change I am suggesting enhances the auth-source
plstore backend to allow other parts of the entry to be encrypted as
well, according to a user specification. The default is unchanged (the
:secret entry is encrypted but nothing else), while passing a :create
key to auth-source-search allows selecting exactly which parts should be
stored encrypted and which parts should be stored unencrypted in the
on-disk storage.

If/when I push this there will be a simple documentation update to make
this clear.

Why did this come up in the context of oauth2? I am using the plstore
backend of auth-source to store my oauth2 credentials (this is a user
choice: other backends, like the netrc backend, work fine as well) and
wanted the oauth2 security tokens that are included in my plstore
authentication entry to be stored on disk in an encrypted form. This
change makes that slightly more convenient to do (it can be already be
done by invoking plstore directly, but I find it convenient to use
auth-source to manage my service authentication entries).

--