haskell/yesod-auth-oauth2
1
0
Fork 0
mirror of https://github.com/freckle/yesod-auth-oauth2.git synced 2026-04-24 11:47:44 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

Restyled by brittany

Browse Source
This commit is contained in:
Restyled.io 2023-06-30 19:53:18 +00:00 committed by William R. Arellano
parent c04092cfc5
commit a20f38ff18
4 changed files with 83 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
example/Main.hs
View File

@ -34,13 +34,13 @@ import Yesod.Auth.OAuth2.GitHub
import Yesod.Auth.OAuth2.GitLab import Yesod.Auth.OAuth2.GitLab
import Yesod.Auth.OAuth2.Google import Yesod.Auth.OAuth2.Google
import Yesod.Auth.OAuth2.Nylas import Yesod.Auth.OAuth2.Nylas
import Yesod.Auth.OAuth2.Okta
import Yesod.Auth.OAuth2.Salesforce import Yesod.Auth.OAuth2.Salesforce
import Yesod.Auth.OAuth2.Slack import Yesod.Auth.OAuth2.Slack
import Yesod.Auth.OAuth2.Spotify import Yesod.Auth.OAuth2.Spotify
import Yesod.Auth.OAuth2.Twitch import Yesod.Auth.OAuth2.Twitch
import Yesod.Auth.OAuth2.Upcase import Yesod.Auth.OAuth2.Upcase
import Yesod.Auth.OAuth2.WordPressDotCom import Yesod.Auth.OAuth2.WordPressDotCom
import Yesod.Auth.OAuth2.Okta
data App = App data App = App
{ appHttpManager :: Manager { appHttpManager :: Manager
@ -148,7 +148,9 @@ mkFoundation = do
, loadPlugin oauth2Twitch "TWITCH" , loadPlugin oauth2Twitch "TWITCH"
, loadPlugin oauth2WordPressDotCom "WORDPRESS_DOT_COM" , loadPlugin oauth2WordPressDotCom "WORDPRESS_DOT_COM"
, loadPlugin oauth2Upcase "UPCASE" , loadPlugin oauth2Upcase "UPCASE"
, loadPlugin (oauth2Okta False (fromString oktaHost) "default" Nothing) "OKTA" , loadPlugin
(oauth2Okta False (fromString oktaHost) "default" Nothing)
"OKTA"
] ]
return App { .. } return App { .. }

10
src/Yesod/Auth/OAuth2/Dispatch.hs
View File

@ -18,8 +18,8 @@ import qualified Data.Text as T
import Data.Text.Encoding (encodeUtf8) import Data.Text.Encoding (encodeUtf8)
import Network.HTTP.Conduit (Manager) import Network.HTTP.Conduit (Manager)
import Network.OAuth.OAuth2.Compat import Network.OAuth.OAuth2.Compat
import UnliftIO.Exception
import URI.ByteString.Extension import URI.ByteString.Extension
import UnliftIO.Exception
import Yesod.Auth hiding (ServerError) import Yesod.Auth hiding (ServerError)
import Yesod.Auth.OAuth2.DispatchError import Yesod.Auth.OAuth2.DispatchError
import Yesod.Auth.OAuth2.ErrorResponse import Yesod.Auth.OAuth2.ErrorResponse
@ -101,10 +101,10 @@ withCallbackAndState
-> m OAuth2 -> m OAuth2
withCallbackAndState name oauth2 csrf = do withCallbackAndState name oauth2 csrf = do
pluginURI <- ($ PluginR name ["callback"]) <$> getParentUrlRender pluginURI <- ($ PluginR name ["callback"]) <$> getParentUrlRender
let uri = let
case oauth2AppRoot oauth2 of uri = case oauth2AppRoot oauth2 of
Just root -> root <> pluginURI Just root -> root <> pluginURI
Nothing -> pluginURI Nothing -> pluginURI
callback <- maybe (throwError $ InvalidCallbackUri uri) pure $ fromText uri callback <- maybe (throwError $ InvalidCallbackUri uri) pure $ fromText uri
pure oauth2 pure oauth2
{ oauth2RedirectUri = Just callback { oauth2RedirectUri = Just callback

135
src/Yesod/Auth/OAuth2/Okta.hs
View File

@ -8,18 +8,17 @@
-- -- * Authenticates against a specific Okta application -- -- * Authenticates against a specific Okta application
-- -- * Uses Okta sub as user id -- -- * Uses Okta sub as user id
module Yesod.Auth.OAuth2.Okta module Yesod.Auth.OAuth2.Okta
( oauth2Okta, ( oauth2Okta
oauth2OktaWithScopes, , oauth2OktaWithScopes
defaultOktaScopes, , defaultOktaScopes
pluginName, , pluginName
User (..), , User(..)
) ) where
where
import Data.Aeson as Aeson import Data.Aeson as Aeson
import Data.ByteString (ByteString) import Data.ByteString (ByteString)
import Yesod.Auth.OAuth2.Prelude
import Prelude import Prelude
import Yesod.Auth.OAuth2.Prelude
-- | Okta User's info: https://developer.okta.com/docs/reference/api/oidc/#userinfo -- | Okta User's info: https://developer.okta.com/docs/reference/api/oidc/#userinfo
newtype User = User Text newtype User = User Text
@ -36,80 +35,92 @@ pluginName :: Text
pluginName = "okta" pluginName = "okta"
-- | Creates an Okta 'AuthPlugin' for application using the default scopes. -- | Creates an Okta 'AuthPlugin' for application using the default scopes.
oauth2Okta :: oauth2Okta
YesodAuth m => :: YesodAuth m
=>
-- | Prompt login on authorize redirect -- | Prompt login on authorize redirect
Bool -> Bool
->
-- | The host address of the Okta application (absolute) -- | The host address of the Okta application (absolute)
URI -> URI
->
-- | The authorization server -- | The authorization server
ByteString -> ByteString
->
-- | Application Root for redirect links -- | Application Root for redirect links
Maybe Text -> Maybe Text
->
-- | Client ID of the Okta application -- | Client ID of the Okta application
Text -> Text
->
-- | Client Secret of the Okta application -- | Client Secret of the Okta application
Text -> Text
AuthPlugin m -> AuthPlugin m
oauth2Okta = oauth2OktaWithScopes defaultOktaScopes oauth2Okta = oauth2OktaWithScopes defaultOktaScopes
-- | Creates an Okta 'AuthPlugin' for application with access to the provided scopes. -- | Creates an Okta 'AuthPlugin' for application with access to the provided scopes.
oauth2OktaWithScopes :: oauth2OktaWithScopes
YesodAuth m => :: YesodAuth m
=>
-- | The scopes accessible to the 'AuthPlugin' -- | The scopes accessible to the 'AuthPlugin'
[Text] -> [Text]
->
-- | Prompt login on authorize redirect -- | Prompt login on authorize redirect
Bool -> Bool
->
-- | The host address of the Okta application (absolute) -- | The host address of the Okta application (absolute)
URI -> URI
->
-- | The authorization server -- | The authorization server
ByteString -> ByteString
->
-- | Application Root for building callbacks -- | Application Root for building callbacks
Maybe Text -> Maybe Text
->
-- | Client ID of the Okta application -- | Client ID of the Okta application
Text -> Text
->
-- | Client Secret of the Okta application -- | Client Secret of the Okta application
Text -> Text
AuthPlugin m -> AuthPlugin m
oauth2OktaWithScopes scopes shouldPrompt host authorizationServer appRoot clientId clientSecret = oauth2OktaWithScopes scopes shouldPrompt host authorizationServer appRoot clientId clientSecret
authOAuth2 pluginName oauth2 $ \manager token -> do = authOAuth2 pluginName oauth2 $ \manager token -> do
(User uid, userResponse) <- (User uid, userResponse) <- authGetProfile
authGetProfile pluginName
pluginName manager
manager token
token (host `withPath` (mkEndpointSegment authorizationServer "userinfo"))
(host `withPath` (mkEndpointSegment authorizationServer "userinfo")) pure Creds
pure { credsPlugin = pluginName
Creds , credsIdent = uid
{ credsPlugin = pluginName, , credsExtra = setExtra token userResponse
credsIdent = uid, }
credsExtra = setExtra token userResponse where
} queryParams = if shouldPrompt
where then [scopeParam " " scopes, ("prompt", "login")]
queryParams = else [scopeParam " " scopes]
if shouldPrompt oauth2 = OAuth2
then [scopeParam " " scopes, ("prompt", "login")] { oauth2ClientId = clientId
else [scopeParam " " scopes] , oauth2ClientSecret = Just clientSecret
oauth2 = , oauth2AuthorizeEndpoint =
OAuth2 host
{ oauth2ClientId = clientId, `withPath` (mkEndpointSegment authorizationServer "authorize")
oauth2ClientSecret = Just clientSecret, `withQuery` queryParams
oauth2AuthorizeEndpoint = , oauth2TokenEndpoint =
host host `withPath` (mkEndpointSegment authorizationServer "token")
`withPath` (mkEndpointSegment authorizationServer "authorize") , oauth2RedirectUri = Nothing
`withQuery` queryParams, , oauth2AppRoot = appRoot
oauth2TokenEndpoint = host `withPath` (mkEndpointSegment authorizationServer "token"), }
oauth2RedirectUri = Nothing,
oauth2AppRoot = appRoot
}
-- | Helper function for creating an endpoint path segment for the given authorization server -- | Helper function for creating an endpoint path segment for the given authorization server
-- and endpoint. -- and endpoint.
mkEndpointSegment :: mkEndpointSegment
::
-- | Authorization server ID -- | Authorization server ID
ByteString -> ByteString
->
-- | Endpoint -- | Endpoint
ByteString -> ByteString
ByteString -> ByteString
mkEndpointSegment authorizationServer endpoint = mkEndpointSegment authorizationServer endpoint =
"/oauth2/" <> authorizationServer <> "/v1/" <> endpoint "/oauth2/" <> authorizationServer <> "/v1/" <> endpoint

2
src/Yesod/Auth/OAuth2/Slack.hs
View File

@ -14,7 +14,7 @@ module Yesod.Auth.OAuth2.Slack
import Yesod.Auth.OAuth2.Prelude import Yesod.Auth.OAuth2.Prelude
import Network.HTTP.Client import Network.HTTP.Client
(httpLbs, parseUrlThrow, responseBody, setQueryString) (httpLbs, parseUrlThrow, responseBody, setQueryString)
import Yesod.Auth.OAuth2.Exception as YesodOAuth2Exception import Yesod.Auth.OAuth2.Exception as YesodOAuth2Exception
data SlackScope data SlackScope