bug#72358: 29.4; oauth2.el improvements

[Björn Bidar]

Robert Pluim <rpluim@gmail.com> writes:

>     Xiyue> - This will invalidate all existing entries and a user will have 
> to redo
>     Xiyue>   the authorization process again to get a new refresh token.  
> However,
>     Xiyue>   I think it's more important to ensure that oauth2.el works 
> correctly
>     Xiyue>   for multiple accounts of the same provider, or a user may suffer 
> from
>     Xiyue>   confusion when adding a new account invalidates a previous 
> account.
>
> I donʼt think thatʼs too big a concern. 'modern' authentication flows
> regularly re-prompt, so this will not be too surprising (although
> maybe call it out in the packageʼs NEWS or README).

In many cases the refreshing of tokens is transparent to the user there
doesn't have to be a re-prompt to refresh the token if the OAuth
provider support it.
Micrsofts OAuth workflow is quite good in this regard as there's a
non-standard error to indicate when the user has to re-authorize the
application.

I assume all implementation of OAuth have their quirks.