From: Ted Zlatanov <tzz@lifelogs.com>
To: ding@gnus.org
Cc: tramp-devel@mail.freesoftware.fsf.org
Subject: Re: auth-source tokens
Date: Tue, 26 Oct 2010 11:56:07 -0500 [thread overview]
Message-ID: <87wrp4yjtk.fsf@lifelogs.com> (raw)
In-Reply-To: <87fwvu5ele.fsf_-_@lifelogs.com>
Here's my auth-source API proposal. `auth-source-user-or-password' will
still be provided but this will be the main entry point. In some ways
it's a Lisp-y interpretation of the Secrets API.
We may end up with a C implementation of some parts for security, so I'm
trying to move away from plain values and to use tokens instead. As
you'll see at the end of the docstring, if the token's :value key holds
a function, the user has to call it (I may provide a helper function for
this). That makes it much easier to provide secure storage for the
tokens.
Backends are searched with the same SPEC as the tokens themselves. That
lets the user and applications define arbitrary search criteria for
backends, including the "username" mentioned earlier in this thread. It
also simplifies the API and the auth-source internals.
:max is an important change. It ensures we stop searching backends as
soon as we have enough tokens and defaults to 1.
:create is another important one. It unifies create-if-missing and
delete-existing in a clean way (I think).
Because this will affect many parts of Emacs, I want feedback before I
implement it. I've spent a lot of time thinking about this API so I
hope you'll agree it's an improvement over
`auth-source-user-or-password'. I have some code written but didn't
append it because I'm perfectly willing to throw it away if the API has
flaws, and I think it's harder to ask for that if you see working code :)
Thanks
Ted
(defun auth-source-search (&rest spec)
"Parse `auth-sources' for matches of the SPEC plist.
Common keys are :type, :max, :host, :protocol, and :user.
A string value is matched as a regex for the
file (netrc) backend and literally by the Secrets API. A symbol
is matched as its string value. All the SPEC values can be
single values or lists.
:create t means to create a token if possible. When it is
'rewrite-existing, any matching existing token will be copied
into the new token and deleted. This defaults to nil and will
generate an error if used with :max greater than 1..
:max N means to return at most N items (defaults to 1)
:types (A B C) means to match only tokens of types A, B, or C.
Common types include `password and `login. Defaults to t.
:host (X Y Z) means to match only hosts X, Y, or Z as a regular
expression. Defaults to t.
:protocol (P Q R) means to match only protocols P, Q, or R.
Defaults to t.
:K (V1 V2 V3) for any other key K will match values V1, V2, or
V3. If any of the values are strings, they are matched as
regular expressions in the file (netrc) backend and literally in
the Secrets API. If any are symbols, they are matched literally
as the symbol name.
Return value is a list with at most :max tokens. Each token is a
plist with keys :backend, :value, :type, :max, :host, :protocol,
and :user, plus any other keys provided by the backend.
The token's :value key can hold a function. In that case you must call
it to obtain the actual value."
)
next prev parent reply other threads:[~2010-10-26 16:56 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-25 2:59 nnimap-username Daiki Ueno
2010-10-25 6:33 ` nnimap-username Reiner Steib
2010-10-25 7:13 ` nnimap-username Daiki Ueno
2010-10-25 18:09 ` auth-source tokens (was: nnimap-username) Ted Zlatanov
2010-10-26 16:56 ` Ted Zlatanov [this message]
2010-10-29 8:04 ` auth-source tokens Michael Albinus
2010-10-29 22:15 ` Lars Magne Ingebrigtsen
2010-11-11 16:22 ` Ted Zlatanov
2010-11-14 17:24 ` Michael Albinus
2010-11-15 0:59 ` Ted Zlatanov
2010-11-15 4:47 ` Michael Albinus
2010-11-15 15:14 ` Ted Zlatanov
2010-11-15 16:03 ` Michael Albinus
2011-01-24 17:27 ` auth-source.el rewrite (was: auth-source tokens) Ted Zlatanov
2011-01-24 23:36 ` auth-source.el rewrite Lars Ingebrigtsen
2011-01-25 16:59 ` Ted Zlatanov
2011-01-25 21:09 ` Michael Albinus
2011-01-25 21:42 ` Ted Zlatanov
2011-01-26 8:32 ` Michael Albinus
2011-01-26 17:03 ` Ted Zlatanov
2011-01-26 19:35 ` Michael Albinus
2011-01-26 20:35 ` Ted Zlatanov
2011-01-26 22:15 ` Ted Zlatanov
2011-01-27 16:49 ` Michael Albinus
2011-01-27 20:20 ` Ted Zlatanov
2011-01-29 14:11 ` Michael Albinus
2011-01-31 2:49 ` Ted Zlatanov
2011-01-31 14:30 ` Michael Albinus
2011-01-31 17:09 ` Ted Zlatanov
2011-01-27 12:35 ` Michael Albinus
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87wrp4yjtk.fsf@lifelogs.com \
--to=tzz@lifelogs.com \
--cc=ding@gnus.org \
--cc=tramp-devel@mail.freesoftware.fsf.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).