]> code.delx.au - gnu-emacs-elpa/blob - packages/oauth2/oauth2.el
delx.au / code / gnu-emacs-elpa / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
oauth2: store access-reponse, bump versino to 0.7
[gnu-emacs-elpa] / packages / oauth2 / oauth2.el
1 ;;; oauth2.el --- OAuth 2.0 Authorization Protocol
2
3 ;; Copyright (C) 2011-2012 Free Software Foundation, Inc
4
5 ;; Author: Julien Danjou <julien@danjou.info>
6 ;; Version: 0.7
7 ;; Keywords: comm
8
9 ;; This file is part of GNU Emacs.
10
11 ;; GNU Emacs is free software: you can redistribute it and/or modify
12 ;; it under the terms of the GNU General Public License as published by
13 ;; the Free Software Foundation, either version 3 of the License, or
14 ;; (at your option) any later version.
15
16 ;; GNU Emacs is distributed in the hope that it will be useful,
17 ;; but WITHOUT ANY WARRANTY; without even the implied warranty of
18 ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 ;; GNU General Public License for more details.
20
21 ;; You should have received a copy of the GNU General Public License
22 ;; along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>.
23
24 ;;; Commentary:
25
26 ;; Implementation of the OAuth 2.0 draft.
27 ;;
28 ;; The main entry point is `oauth2-auth-and-store' which will return a token
29 ;; structure. This token structure can be then used with
30 ;; `oauth2-url-retrieve-synchronously' to retrieve any data that need OAuth
31 ;; authentication to be accessed.
32 ;;
33 ;; If the token needs to be refreshed, the code handles it automatically and
34 ;; store the new value of the access token.
35
36 ;;; Code:
37
38 (require 'plstore)
39 (require 'json)
40
41 (defun oauth2-request-authorization (auth-url client-id &optional scope state redirect-uri)
42 "Request OAuth authorization at AUTH-URL by launching `browse-url'.
43 CLIENT-ID is the client id provided by the provider.
44 It returns the code provided by the service."
45 (browse-url (concat auth-url
46 (if (string-match-p "\?" auth-url) "&" "?")
47 "client_id=" (url-hexify-string client-id)
48 "&response_type=code"
49 "&redirect_uri=" (url-hexify-string (or redirect-uri "urn:ietf:wg:oauth:2.0:oob"))
50 (if scope (concat "&scope=" (url-hexify-string scope)) "")
51 (if state (concat "&state=" (url-hexify-string state)) "")))
52 (read-string "Enter the code your browser displayed: "))
53
54 (defun oauth2-request-access-parse ()
55 "Parse the result of an OAuth request."
56 (goto-char (point-min))
57 (when (search-forward-regexp "^$" nil t)
58 (json-read)))
59
60 (defun oauth2-make-access-request (url data)
61 "Make an access request to URL using DATA in POST."
62 (let ((url-request-method "POST")
63 (url-request-data data)
64 (url-request-extra-headers
65 '(("Content-Type" . "application/x-www-form-urlencoded"))))
66 (with-current-buffer (url-retrieve-synchronously url)
67 (let ((data (oauth2-request-access-parse)))
68 (kill-buffer (current-buffer))
69 data))))
70
71 (defstruct oauth2-token
72 plstore
73 plstore-id
74 client-id
75 client-secret
76 access-token
77 refresh-token
78 token-url
79 access-response)
80
81 (defun oauth2-request-access (token-url client-id client-secret code &optional redirect-uri)
82 "Request OAuth access at TOKEN-URL.
83 The CODE should be obtained with `oauth2-request-authorization'.
84 Return an `oauth2-token' structure."
85 (when code
86 (let ((result
87 (oauth2-make-access-request
88 token-url
89 (concat
90 "client_id=" client-id
91 "&client_secret=" client-secret
92 "&code=" code
93 "&redirect_uri=" (url-hexify-string (or redirect-uri "urn:ietf:wg:oauth:2.0:oob"))
94 "&grant_type=authorization_code"))))
95 (make-oauth2-token :client-id client-id
96 :client-secret client-secret
97 :access-token (cdr (assoc 'access_token result))
98 :refresh-token (cdr (assoc 'refresh_token result))
99 :token-url token-url
100 :access-response result))))
101
102 ;;;###autoload
103 (defun oauth2-refresh-access (token)
104 "Refresh OAuth access TOKEN.
105 TOKEN should be obtained with `oauth2-request-access'."
106 (setf (oauth2-token-access-token token)
107 (cdr (assoc 'access_token
108 (oauth2-make-access-request
109 (oauth2-token-token-url token)
110 (concat "client_id=" (oauth2-token-client-id token)
111 "&client_secret=" (oauth2-token-client-secret token)
112 "&refresh_token=" (oauth2-token-refresh-token token)
113 "&grant_type=refresh_token")))))
114 ;; If the token has a plstore, update it
115 (let ((plstore (oauth2-token-plstore token)))
116 (when plstore
117 (plstore-put plstore (oauth2-token-plstore-id token)
118 nil `(:access-token
119 ,(oauth2-token-access-token token)
120 :refresh-token
121 ,(oauth2-token-refresh-token token)
122 :access-response
123 ,(oauth2-token-access-response token)
124 ))
125 (plstore-save plstore)))
126 token)
127
128 ;;;###autoload
129 (defun oauth2-auth (auth-url token-url client-id client-secret &optional scope state redirect-uri)
130 "Authenticate application via OAuth2."
131 (oauth2-request-access
132 token-url
133 client-id
134 client-secret
135 (oauth2-request-authorization
136 auth-url client-id scope state redirect-uri)
137 redirect-uri))
138
139 (defcustom oauth2-token-file (concat user-emacs-directory "oauth2.plstore")
140 "File path where store OAuth tokens."
141 :group 'oauth2
142 :type 'file)
143
144 (defun oauth2-compute-id (auth-url token-url resource-url)
145 "Compute an unique id based on URLs.
146 This allows to store the token in an unique way."
147 (secure-hash 'md5 (concat auth-url token-url resource-url)))
148
149 ;;;###autoload
150 (defun oauth2-auth-and-store (auth-url token-url resource-url client-id client-secret &optional redirect-uri)
151 "Request access to a resource and store it using `plstore'."
152 ;; We store a MD5 sum of all URL
153 (let* ((plstore (plstore-open oauth2-token-file))
154 (id (oauth2-compute-id auth-url token-url resource-url))
155 (plist (cdr (plstore-get plstore id))))
156 ;; Check if we found something matching this access
157 (if plist
158 ;; We did, return the token object
159 (make-oauth2-token :plstore plstore
160 :plstore-id id
161 :client-id client-id
162 :client-secret client-secret
163 :access-token (plist-get plist :access-token)
164 :refresh-token (plist-get plist :refresh-token)
165 :token-url token-url
166 :access-response (plist-get plist :access-response))
167 (let ((token (oauth2-auth auth-url token-url
168 client-id client-secret resource-url nil redirect-uri)))
169 ;; Set the plstore
170 (setf (oauth2-token-plstore token) plstore)
171 (setf (oauth2-token-plstore-id token) id)
172 (plstore-put plstore id nil `(:access-token
173 ,(oauth2-token-access-token token)
174 :refresh-token
175 ,(oauth2-token-refresh-token token)
176 :access-response
177 ,(oauth2-token-access-response token)))
178 (plstore-save plstore)
179 token))))
180
181 (defun oauth2-url-append-access-token (token url)
182 "Append access token to URL."
183 (concat url
184 (if (string-match-p "\?" url) "&" "?")
185 "access_token=" (oauth2-token-access-token token)))
186
187 ;; Local variable from `url'
188 ;; defined here to avoid compile warning
189 (defvar success)
190
191 ;;;###autoload
192 (defun oauth2-url-retrieve-synchronously (token url &optional request-method request-data request-extra-headers)
193 "Retrieve an URL synchronously using TOKENS to access it.
194 TOKENS can be obtained with `oauth2-auth'."
195 (let (tokens-need-renew)
196 (flet ((url-http-handle-authentication (proxy)
197 (setq tokens-need-renew t)
198 ;; This is to make `url' think
199 ;; it's done.
200 (setq success t)))
201 (let ((url-request-method request-method)
202 (url-request-data request-data)
203 (url-request-extra-headers request-extra-headers)
204 (url-buffer))
205 (setq url-buffer (url-retrieve-synchronously
206 (oauth2-url-append-access-token token url)))
207 (if tokens-need-renew
208 (oauth2-url-retrieve-synchronously (oauth2-refresh-access token) url request-method request-data request-extra-headers)
209 url-buffer)))))
210
211 (provide 'oauth2)
212
213 ;;; oauth2.el ends here