From 55da50d5b8ea79c017c8ae938f5cc94ce0a24b8c Mon Sep 17 00:00:00 2001 From: Julien Danjou Date: Sat, 9 Jul 2016 19:21:30 +0200 Subject: [PATCH] oauth2: send authentication token via Authorization header --- packages/oauth2/oauth2.el | 39 ++++++++++++++++++++++++--------------- 1 file changed, 24 insertions(+), 15 deletions(-) diff --git a/packages/oauth2/oauth2.el b/packages/oauth2/oauth2.el index 180f79174..073ce37dc 100644 --- a/packages/oauth2/oauth2.el +++ b/packages/oauth2/oauth2.el @@ -1,9 +1,9 @@ ;;; oauth2.el --- OAuth 2.0 Authorization Protocol -;; Copyright (C) 2011-2013 Free Software Foundation, Inc +;; Copyright (C) 2011-2016 Free Software Foundation, Inc ;; Author: Julien Danjou -;; Version: 0.10 +;; Version: 0.11 ;; Keywords: comm ;; This file is part of GNU Emacs. @@ -189,18 +189,28 @@ This allows to store the token in an unique way." (defvar oauth--url-advice nil) (defvar oauth--token-data) +(defun oauth2-authz-bearer-header (token) + "Return 'Authoriztions: Bearer' header with TOKEN." + (cons "Authorization" (format "Bearer %s" token))) + +(defun oauth2-extra-headers (extra-headers) + "Return EXTRA-HEADERS with 'Authorization: Bearer' added." + (cons (oauth2-authz-bearer-header (oauth2-token-access-token (car oauth--token-data))) + extra-headers)) + + ;; FIXME: We should change URL so that this can be done without an advice. (defadvice url-http-handle-authentication (around oauth-hack activate) (if (not oauth--url-advice) ad-do-it (let ((url-request-method url-http-method) (url-request-data url-http-data) - (url-request-extra-headers url-http-extra-headers))) - (url-retrieve-internal (oauth2-url-append-access-token - (oauth2-refresh-access (car oauth--token-data)) - (cdr oauth--token-data)) - url-callback-function - url-callback-arguments) + (url-request-extra-headers + (oauth2-extra-headers url-http-extra-headers)))) + (oauth2-refresh-access (car oauth--token-data)) + (url-retrieve-internal (cdr oauth--token-data) + url-callback-function + url-callback-arguments) ;; This is to make `url' think it's done. (when (boundp 'success) (setq success t)) ;For URL library in Emacs<24.4. (setq ad-return-value t))) ;For URL library in Emacs≥24.4. @@ -213,9 +223,9 @@ TOKEN can be obtained with `oauth2-auth'." (let ((oauth--url-advice t) ;Activate our advice. (url-request-method request-method) (url-request-data request-data) - (url-request-extra-headers request-extra-headers)) - (url-retrieve-synchronously - (oauth2-url-append-access-token token url))))) + (url-request-extra-headers + (oauth2-extra-headers request-extra-headers))) + (url-retrieve-synchronously url)))) ;;;###autoload (defun oauth2-url-retrieve (token url callback &optional @@ -229,10 +239,9 @@ when finished. See `url-retrieve'." (let ((oauth--url-advice t) ;Activate our advice. (url-request-method request-method) (url-request-data request-data) - (url-request-extra-headers request-extra-headers)) - (url-retrieve - (oauth2-url-append-access-token token url) - callback cbargs)))) + (url-request-extra-headers + (oauth2-extra-headers request-extra-headers))) + (url-retrieve url callback cbargs)))) (provide 'oauth2) -- 2.39.2