haskell/yesod-auth-oauth2
1
0
Fork 0
mirror of https://github.com/freckle/yesod-auth-oauth2.git synced 2026-02-20 23:05:48 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat(okta): make login prompt optional

Browse Source
This commit is contained in:
William R. Arellano 2023-06-30 14:48:15 -05:00
parent 25f9960b40
commit c04092cfc5
2 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
example/Main.hs
View File

@ -148,7 +148,7 @@ mkFoundation = do
, loadPlugin oauth2Twitch "TWITCH" , loadPlugin oauth2Twitch "TWITCH"
, loadPlugin oauth2WordPressDotCom "WORDPRESS_DOT_COM" , loadPlugin oauth2WordPressDotCom "WORDPRESS_DOT_COM"
, loadPlugin oauth2Upcase "UPCASE" , loadPlugin oauth2Upcase "UPCASE"
, loadPlugin (oauth2Okta (fromString oktaHost) "default" Nothing) "OKTA" , loadPlugin (oauth2Okta False (fromString oktaHost) "default" Nothing) "OKTA"
] ]
return App { .. } return App { .. }

12
src/Yesod/Auth/OAuth2/Okta.hs
View File

@ -38,6 +38,8 @@ pluginName = "okta"
-- | Creates an Okta 'AuthPlugin' for application using the default scopes. -- | Creates an Okta 'AuthPlugin' for application using the default scopes.
oauth2Okta :: oauth2Okta ::
YesodAuth m => YesodAuth m =>
-- | Prompt login on authorize redirect
Bool ->
-- | The host address of the Okta application (absolute) -- | The host address of the Okta application (absolute)
URI -> URI ->
-- | The authorization server -- | The authorization server
@ -56,6 +58,8 @@ oauth2OktaWithScopes ::
YesodAuth m => YesodAuth m =>
-- | The scopes accessible to the 'AuthPlugin' -- | The scopes accessible to the 'AuthPlugin'
[Text] -> [Text] ->
-- | Prompt login on authorize redirect
Bool ->
-- | The host address of the Okta application (absolute) -- | The host address of the Okta application (absolute)
URI -> URI ->
-- | The authorization server -- | The authorization server
@ -67,7 +71,7 @@ oauth2OktaWithScopes ::
-- | Client Secret of the Okta application -- | Client Secret of the Okta application
Text -> Text ->
AuthPlugin m AuthPlugin m
oauth2OktaWithScopes scopes host authorizationServer appRoot clientId clientSecret = oauth2OktaWithScopes scopes shouldPrompt host authorizationServer appRoot clientId clientSecret =
authOAuth2 pluginName oauth2 $ \manager token -> do authOAuth2 pluginName oauth2 $ \manager token -> do
(User uid, userResponse) <- (User uid, userResponse) <-
authGetProfile authGetProfile
@ -82,6 +86,10 @@ oauth2OktaWithScopes scopes host authorizationServer appRoot clientId clientSecr
credsExtra = setExtra token userResponse credsExtra = setExtra token userResponse
} }
where where
queryParams =
if shouldPrompt
then [scopeParam " " scopes, ("prompt", "login")]
else [scopeParam " " scopes]
oauth2 = oauth2 =
OAuth2 OAuth2
{ oauth2ClientId = clientId, { oauth2ClientId = clientId,
@ -89,7 +97,7 @@ oauth2OktaWithScopes scopes host authorizationServer appRoot clientId clientSecr
oauth2AuthorizeEndpoint = oauth2AuthorizeEndpoint =
host host
`withPath` (mkEndpointSegment authorizationServer "authorize") `withPath` (mkEndpointSegment authorizationServer "authorize")
`withQuery` [scopeParam " " scopes, ("prompt", "login")], `withQuery` queryParams,
oauth2TokenEndpoint = host `withPath` (mkEndpointSegment authorizationServer "token"), oauth2TokenEndpoint = host `withPath` (mkEndpointSegment authorizationServer "token"),
oauth2RedirectUri = Nothing, oauth2RedirectUri = Nothing,
oauth2AppRoot = appRoot oauth2AppRoot = appRoot