The auth-source library lets you control logging output easily.
Set this variable to 'trivia
to see lots of output in
*Messages*, or set it to a function that behaves like
message
to do your own logging.
The auth-source library only has a few functions for external use.
This function searches (or modifies) authentication backends according to spec. See the function’s doc-string for details.
Let’s take a look at an example of using auth-source-search
from Gnus’s nnimap.el
.
(defun nnimap-credentials (address ports) (let* ((auth-source-creation-prompts '((user . "IMAP user at %h: ") (secret . "IMAP password for %u@%h: "))) (found (nth 0 (auth-source-search :max 1 :host address :port ports :require '(:user :secret) :create t)))) (if found (list (plist-get found :user) (auth-info-password found) (plist-get found :save-function)) nil)))
This call requires the user and password (secret) to be in the
results. It also requests that an entry be created if it doesn’t
exist already. While the created entry is being assembled, the shown
prompts will be used to interact with the user. The caller can also
pass data in auth-source-creation-defaults
to supply defaults
for any of the prompts.
Note that the password needs to be evaluated if it’s a function. It’s wrapped in a function to provide some security.
Later, after a successful login, nnimap.el
calls the
:save-function
like so:
(when (functionp (nth 2 credentials)) (funcall (nth 2 credentials)))
This will work whether the :save-function
was provided or not.
:save-function
will be provided only when a new entry was
created, so this effectively says “after a successful login, save the
authentication information we just used, if it was newly created.”
After the first time it’s called, the :save-function
will not
run again (but it will log something if you have set
auth-source-debug
to 'trivia
). This is so it won’t ask
the same question again, which is annoying. This is so it won’t ask
the same question again, which is annoying. This is so it won’t ask
the same question again, which is annoying.
So the responsibility of the API user that specified :create t
is to call the :save-function
if it’s provided.
This function deletes entries matching spec from the authentication backends. It returns the entries that were deleted. The backend may not actually delete the entries.
This function forgets any cached data that exactly matches spec.
It returns t
if it forget some data, and nil
if no
matching data was found.
This function forgets any cached data matching spec. It returns the number of items forgotten.
This function returns the password of the first record found by
applying auth-source-search
to spec.
This function extracts the password string from the auth-info record.