This is a preview of OAuth2 support in factotum, as part of this year's GSoC: https://github.com/Mitsos101/plan9front/pull/1
Installation, on 9front: git/clone https://github.com/Mitsos101/plan9front plan9front-oauth cd plan9front-oauth git/branch oauth bind sys/include /sys/include @{cd sys/src/libauth && mk install} @{cd sys/src/cmd/auth && mk install} @{cd sys/src/cmd/webfs && mk install} This will replace your factotum. Usage: You need to obtain OAuth credentials from your issuer first. See, for example, Google's guide: https://developers.google.com/identity/protocols/oauth2. % echo 'key proto=oauth issuer=https://accounts.google.com scope=email client_id=1234 !client_secret=5678' > /mnt/factotum/ctl % auth/oauth 'client_id=1234' go to https://google.com/device your code is ABCD-EFGH <after user consent is provided, the access token is printed> auth_oauth is also available in libauth. Webfs uses it to implement the preoauth command. Bugs: This code is specific to 9front, as libjson is required and Plan 9's webfs doesn't support preoauth. factotum uses the needkey RPC to display the verification URL and code to the user. This means that, for now, the needkey file must not be open so that fgui doesn't intercept it. The module imports lots of code to support HTTP/1.0 so that the refresh token doesn't leave factotum's address space. Only the device and refresh flows are supported. There is an implementation of the authorization code flow (tested on macOS) here: https://github.com/Mitsos101/plan9port/pull/1. However, it is not included in the module as there is no good browser to plumb the URL to. Refresh tokens are not saved to persistent storage when factotum exits. The user must provide consent every time factotum is restarted. -- Demetrius ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/T6899bf3f0654295d-Mf96a66de0d3d224f967f3983 Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
