| Safe Haskell | None |
|---|---|
| Language | Haskell2010 |
Network.OAuth2.Experiment.Flows
Description
Module implementing various OAuth2 flow types and their request/response handling. Provides support for:
- Authorization Code Grant
- Device Authorization Grant
- PKCE Extension
- Token Refresh
- User Info Endpoints
Synopsis
- mkAuthorizationRequest :: forall {k} (i :: k). IdpApplication i AuthorizationCodeApplication -> URI
- mkPkceAuthorizeRequest :: forall {k} m (i :: k). MonadIO m => IdpApplication i AuthorizationCodeApplication -> m (URI, CodeVerifier)
- conduitDeviceAuthorizationRequest :: forall {k} (m :: Type -> Type) (i :: k). MonadIO m => IdpApplication i DeviceAuthorizationApplication -> Manager -> ExceptT ByteString m DeviceAuthorizationResponse
- pollDeviceTokenRequest :: forall {k} (m :: Type -> Type) (i :: k). MonadIO m => IdpApplication i DeviceAuthorizationApplication -> Manager -> DeviceAuthorizationResponse -> ExceptT TokenResponseError m TokenResponse
- pollDeviceTokenRequestInternal :: forall {k} (m :: Type -> Type) (i :: k). MonadIO m => IdpApplication i DeviceAuthorizationApplication -> Manager -> DeviceCode -> Int -> ExceptT TokenResponseError m TokenResponse
- conduitTokenRequest :: forall {k} a (m :: Type -> Type) (i :: k). (HasTokenRequest a, ToQueryParam (TokenRequest a), MonadIO m) => IdpApplication i a -> Manager -> ExchangeTokenInfo a -> ExceptT TokenResponseError m TokenResponse
- conduitPkceTokenRequest :: forall {k} a (m :: Type -> Type) (i :: k). (HasTokenRequest a, ToQueryParam (TokenRequest a), MonadIO m) => IdpApplication i a -> Manager -> (ExchangeTokenInfo a, CodeVerifier) -> ExceptT TokenResponseError m TokenResponse
- conduitRefreshTokenRequest :: forall {k} (m :: Type -> Type) a (i :: k). (MonadIO m, HasRefreshTokenRequest a) => IdpApplication i a -> Manager -> RefreshToken -> ExceptT TokenResponseError m TokenResponse
- conduitUserInfoRequest :: forall {k} (m :: Type -> Type) a b (i :: k). (MonadIO m, HasUserInfoRequest a, FromJSON b) => IdpApplication i a -> Manager -> AccessToken -> ExceptT ByteString m b
- conduitUserInfoRequestWithCustomMethod :: forall {k} (m :: Type -> Type) a b (i :: k). (MonadIO m, HasUserInfoRequest a, FromJSON b) => (Manager -> AccessToken -> URI -> ExceptT ByteString m b) -> IdpApplication i a -> Manager -> AccessToken -> ExceptT ByteString m b
- conduitTokenRequestInternal :: forall {k} (m :: Type -> Type) a b (i :: k). (MonadIO m, HasClientAuthenticationMethod a, FromJSON b) => IdpApplication i a -> Manager -> PostBody -> ExceptT TokenResponseError m b
Documentation
mkAuthorizationRequest :: forall {k} (i :: k). IdpApplication i AuthorizationCodeApplication -> URI Source #
Constructs an Authorization Code request URI according to RFC 6749 Section 4.1.1.
The generated URI includes: * client_id * response_type (always "code") * redirect_uri * state (if provided) * scope (if provided)
mkPkceAuthorizeRequest :: forall {k} m (i :: k). MonadIO m => IdpApplication i AuthorizationCodeApplication -> m (URI, CodeVerifier) Source #
Constructs an Authorization Code request URI with PKCE support according to RFC 7636.
Returns both the authorization URI and the generated code verifier. The code verifier must be stored securely for later use in the token request.
conduitDeviceAuthorizationRequest :: forall {k} (m :: Type -> Type) (i :: k). MonadIO m => IdpApplication i DeviceAuthorizationApplication -> Manager -> ExceptT ByteString m DeviceAuthorizationResponse Source #
Makes Device Authorization Request https://www.rfc-editor.org/rfc/rfc8628#section-3.1
pollDeviceTokenRequest :: forall {k} (m :: Type -> Type) (i :: k). MonadIO m => IdpApplication i DeviceAuthorizationApplication -> Manager -> DeviceAuthorizationResponse -> ExceptT TokenResponseError m TokenResponse Source #
Polls for a token using the device authorization flow.
This implements the polling mechanism described in RFC 8628 Section 3.5. Handles automatic retries and interval adjustments based on IdP responses.
pollDeviceTokenRequestInternal Source #
Arguments
| :: forall {k} (m :: Type -> Type) (i :: k). MonadIO m | |
| => IdpApplication i DeviceAuthorizationApplication | |
| -> Manager | |
| -> DeviceCode | |
| -> Int | |
| -> ExceptT TokenResponseError m TokenResponse | Polling Interval |
conduitTokenRequest :: forall {k} a (m :: Type -> Type) (i :: k). (HasTokenRequest a, ToQueryParam (TokenRequest a), MonadIO m) => IdpApplication i a -> Manager -> ExchangeTokenInfo a -> ExceptT TokenResponseError m TokenResponse Source #
Sends a token request according to RFC 6749 Section 4.1.3.
This is used for exchanging authorization codes, device codes, or other grant types for access tokens.
conduitPkceTokenRequest :: forall {k} a (m :: Type -> Type) (i :: k). (HasTokenRequest a, ToQueryParam (TokenRequest a), MonadIO m) => IdpApplication i a -> Manager -> (ExchangeTokenInfo a, CodeVerifier) -> ExceptT TokenResponseError m TokenResponse Source #
conduitRefreshTokenRequest :: forall {k} (m :: Type -> Type) a (i :: k). (MonadIO m, HasRefreshTokenRequest a) => IdpApplication i a -> Manager -> RefreshToken -> ExceptT TokenResponseError m TokenResponse Source #
Makes a Refresh Token Request according to RFC 6749 Section 6.
Used to obtain a new access token using a refresh token.
conduitUserInfoRequest :: forall {k} (m :: Type -> Type) a b (i :: k). (MonadIO m, HasUserInfoRequest a, FromJSON b) => IdpApplication i a -> Manager -> AccessToken -> ExceptT ByteString m b Source #
Makes a standard request to the userinfo endpoint using GET method.
This is commonly used with OpenID Connect providers to fetch user profile information using an access token.
conduitUserInfoRequestWithCustomMethod :: forall {k} (m :: Type -> Type) a b (i :: k). (MonadIO m, HasUserInfoRequest a, FromJSON b) => (Manager -> AccessToken -> URI -> ExceptT ByteString m b) -> IdpApplication i a -> Manager -> AccessToken -> ExceptT ByteString m b Source #
Makes a request to the userinfo endpoint using a custom HTTP method.
Some IdPs may require different HTTP methods (instead of GET) or custom headers for fetching user information. This function provides that flexibility.
conduitTokenRequestInternal Source #
Arguments
| :: forall {k} (m :: Type -> Type) a b (i :: k). (MonadIO m, HasClientAuthenticationMethod a, FromJSON b) | |
| => IdpApplication i a | |
| -> Manager | HTTP connection manager. |
| -> PostBody | Request body. |
| -> ExceptT TokenResponseError m b | Response as ByteString |