From: ori@eigenstate.org
To: 9fans@9fans.net
Subject: Re: [9fans] OAuth2 in factotum
Date: Tue, 17 Aug 2021 00:13:45 -0400 [thread overview]
Message-ID: <7EA3DC247AC9813D5F4838AB2791F295@eigenstate.org> (raw)
In-Reply-To: <CALo7eEuXOfgr=2nj7A-rKNDejHdyBHWg98eJhvmLTneNaM5=Gw@mail.gmail.com>
[full disclosure, I've been involved in this as a gsoc
mentor; moving discussion to public list.]
These are the two main sticking points, IMO.
Quoth Demetrius Iatrakis <demetrius.iatrakis@gmail.com>:
> Only the device and refresh flows are supported. There is an
> implementation of the authorization code flow (tested on macOS) here:
> https://github.com/Mitsos101/plan9port/pull/1. However, it is not
> included in the module as there is no good browser to plumb the URL
> to.
First off, for those following along at home, device
flow is a browserless way of using oauth, but providers
appear to often limit it beyond the point usefulness, so
we'd need to find a way to make factotum communicate
with a browser in order to get the tokens in.
Sadly, even the netsurf port isn't enough browser to run
Google's oauth login page.
So, the question here becomes how to glue in a helper
program between factotum and oauth.
There are a few options -- using the plumber in both
directions will work, but it's a bit gross -- and
involves broadcasting the tokens.
The only real alternative I can imagine is having a
special file that factotum calls out to in the namespace,
something like:
/rc/bin/oauth-helper:
#!/bin/rc
ssh user@unix invoke-browser-and-get-token-helper
> Refresh tokens are not saved to persistent storage when factotum
> exits. The user must provide consent every time factotum is restarted.
For this, the tokens should probably be persisted into
secstore -- but there are some security implications
in giving factotum long-lived access to the persistent key
store.
------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/T6899bf3f0654295d-M4a39ddac185f3a4de8c91e0a
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
next prev parent reply other threads:[~2021-08-17 4:14 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-16 11:15 Demetrius Iatrakis
2021-08-17 3:48 ` Lucio De Re
2021-08-17 7:47 ` Keith Gibbs
2021-08-18 3:55 ` Lucio De Re
2021-08-18 7:02 ` [9fans] Software philosophy Skip Tavakkolian
2021-08-18 7:19 ` hiro
2021-08-18 10:15 ` Lucio De Re
2021-08-18 9:46 ` Keith Gibbs
2021-08-18 10:13 ` vic.thacker
2021-08-18 11:34 ` Keith Gibbs
2021-08-18 11:47 ` Lucio De Re
2021-08-18 23:44 ` hiro
2021-08-19 4:34 ` Lucio De Re
2021-08-19 10:44 ` Keith Gibbs
2021-08-19 18:53 ` Git & Conventional Browsers (Was Re: [9fans] Software philosophy) unobe
2021-08-19 19:00 ` ori
2021-08-18 11:34 ` [9fans] Software philosophy Lucio De Re
2021-08-18 11:28 ` Lucio De Re
2021-08-18 12:02 ` Keith Gibbs
2021-08-18 19:33 ` leimy2k via 9fans
2021-08-18 20:09 ` David du Colombier
2021-08-18 22:00 ` Eli Cohen
2021-08-19 7:08 ` Keith Gibbs
2021-08-19 7:59 ` sirjofri
2021-08-19 9:27 ` Lucio De Re
2021-08-19 9:45 ` hiro
2021-08-19 9:51 ` hiro
2021-08-19 10:10 ` sirjofri
2021-08-19 10:38 ` Keith Gibbs
2021-08-19 11:45 ` hiro
2021-08-19 12:43 ` Eli Cohen
2021-08-19 19:58 ` Aram Hăvărneanu
2021-08-19 10:56 ` kvik
2021-08-19 11:33 ` sirjofri
2021-08-19 20:44 ` ori
2021-08-19 9:29 ` hiro
2021-08-19 9:44 ` sirjofri
2021-08-19 9:19 ` hiro
2021-08-22 2:46 ` kokamoto
2021-08-22 3:16 ` Eli Cohen
2021-08-22 7:07 ` [9fans] Drawterm GPU (was: Software philosophy) sirjofri
2021-08-22 10:04 ` Frank D. Engel, Jr.
2021-08-22 11:49 ` sirjofri
2021-08-22 12:24 ` Chris McGee
2021-08-18 9:18 ` [9fans] OAuth2 in factotum Keith Gibbs
2021-08-18 12:10 ` Ethan Gardener
2021-08-18 15:23 ` Stuart Morrow
2021-08-18 16:58 ` Stuart Morrow
2021-08-18 17:06 ` Sigrid Solveig Haflínudóttir
2021-08-17 15:25 ` ori
2021-08-18 3:59 ` Lucio De Re
2021-08-18 4:20 ` ori
2021-08-18 4:42 ` Eli Cohen
2021-08-18 5:06 ` Lucio De Re
2021-08-17 4:13 ` ori [this message]
2021-08-17 5:43 ` Lucio De Re
2021-08-19 3:52 ` Kurt H Maier
2021-08-19 5:38 ` ori
2021-08-22 20:16 ` ori
2021-08-22 20:32 ` Demetrius Iatrakis
2021-08-22 20:38 ` ori
2021-08-22 20:36 ` ori
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7EA3DC247AC9813D5F4838AB2791F295@eigenstate.org \
--to=ori@eigenstate.org \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).