From f9f7e1b73b664dd93c3726589e56f8301e8a6a78 Mon Sep 17 00:00:00 2001
From: jaanisfehling <57713516+jaanisfehling@users.noreply.github.com>
Date: Fri, 1 Mar 2024 15:18:39 +0100
Subject: [PATCH 01/10] Add custom scope and/or widget options to GitHub plugin

---
 src/Yesod/Auth/OAuth2/GitHub.hs | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/src/Yesod/Auth/OAuth2/GitHub.hs b/src/Yesod/Auth/OAuth2/GitHub.hs
index 9725703..92a67c4 100644
--- a/src/Yesod/Auth/OAuth2/GitHub.hs
+++ b/src/Yesod/Auth/OAuth2/GitHub.hs
@@ -1,4 +1,5 @@
 {-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE QuasiQuotes #-}
 
 -- |
 --
@@ -8,12 +9,14 @@
 -- * Uses github user id as credentials identifier
 module Yesod.Auth.OAuth2.GitHub
   ( oauth2GitHub
+  , oauth2GitHubWidget
   , oauth2GitHubScoped
+  , oauth2GitHubScopedWidget
   ) where
 
-import Yesod.Auth.OAuth2.Prelude
-
 import qualified Data.Text as T
+import Yesod.Auth.OAuth2.Prelude
+import Yesod.Core (WidgetFor, whamlet)
 
 newtype User = User Int
 
@@ -29,9 +32,18 @@ defaultScopes = ["user:email"]
 oauth2GitHub :: YesodAuth m => Text -> Text -> AuthPlugin m
 oauth2GitHub = oauth2GitHubScoped defaultScopes
 
+oauth2GitHubWidget
+  :: YesodAuth m => WidgetFor m () -> Text -> Text -> AuthPlugin m
+oauth2GitHubWidget widget = oauth2GitHubScopedWidget widget defaultScopes
+
 oauth2GitHubScoped :: YesodAuth m => [Text] -> Text -> Text -> AuthPlugin m
-oauth2GitHubScoped scopes clientId clientSecret =
-  authOAuth2 pluginName oauth2 $ \manager token -> do
+oauth2GitHubScoped =
+  oauth2GitHubScopedWidget [whamlet|Login via #{pluginName}|]
+
+oauth2GitHubScopedWidget
+  :: YesodAuth m => WidgetFor m () -> [Text] -> Text -> Text -> AuthPlugin m
+oauth2GitHubScopedWidget widget scopes clientId clientSecret =
+  authOAuth2Widget widget pluginName oauth2 $ \manager token -> do
     (User userId, userResponse) <-
       authGetProfile
         pluginName

From 0b4f249bf46d5e436fbce089797a8b5a64e0971a Mon Sep 17 00:00:00 2001
From: patrick brisbin <pbrisbin@gmail.com>
Date: Fri, 1 Mar 2024 09:20:06 -0500
Subject: [PATCH 02/10] Version bump

---
 CHANGELOG.md            | 7 ++++++-
 package.yaml            | 2 +-
 yesod-auth-oauth2.cabal | 4 ++--
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1e7c583..afec968 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,9 @@
-## [_Unreleased_](https://github.com/thoughtbot/yesod-auth-oauth2/compare/v0.7.1.3...main)
+## [_Unreleased_](https://github.com/thoughtbot/yesod-auth-oauth2/compare/v0.7.2.0...main)
+
+## [v0.7.2.0](https://github.com/thoughtbot/yesod-auth-oauth2/compare/v0.7.1.3...v0.7.2.0)
+
+- Add `oauth2GitHubWidget` and `oauth2GitHubScopedWidget`
+  [@jaanisfehling](https://github.com/freckle/yesod-auth-oauth2/pull/181)
 
 ## [v0.7.1.3](https://github.com/thoughtbot/yesod-auth-oauth2/compare/v0.7.1.2...v0.7.1.3)
 
diff --git a/package.yaml b/package.yaml
index bfde2bd..8e07abd 100644
--- a/package.yaml
+++ b/package.yaml
@@ -1,6 +1,6 @@
 ---
 name: yesod-auth-oauth2
-version: 0.7.1.3
+version: 0.7.2.0
 synopsis: OAuth 2.0 authentication plugins
 description: Library to authenticate with OAuth 2.0 for Yesod web applications.
 category: Web
diff --git a/yesod-auth-oauth2.cabal b/yesod-auth-oauth2.cabal
index a4c187c..57e7c63 100644
--- a/yesod-auth-oauth2.cabal
+++ b/yesod-auth-oauth2.cabal
@@ -4,10 +4,10 @@ cabal-version: 1.18
 --
 -- see: https://github.com/sol/hpack
 --
--- hash: 207152c226dff43499a366c34fa97543df920deaad084999e3942ae0dc32a30f
+-- hash: 0bef4a9a180a48d0f0187fb359f4a27027166f3a0dd3827b76a6accb71753a27
 
 name:           yesod-auth-oauth2
-version:        0.7.1.3
+version:        0.7.2.0
 synopsis:       OAuth 2.0 authentication plugins
 description:    Library to authenticate with OAuth 2.0 for Yesod web applications.
 category:       Web

From acb69f8da40b9c91b4020296ce105119e76fdf1d Mon Sep 17 00:00:00 2001
From: patrick brisbin <pbrisbin@gmail.com>
Date: Fri, 1 Mar 2024 09:22:24 -0500
Subject: [PATCH 03/10] Fix release.yml

---
 .github/workflows/release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 33acda8..20ad7e7 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -14,7 +14,7 @@ jobs:
         uses: freckle/haskell-tag-action@v1
 
       - if: steps.tag.outputs.tag
-        run: stack upload --pvp-bounds lower
+        run: stack upload --pvp-bounds lower .
         env:
           HACKAGE_KEY: ${{ secrets.HACKAGE_UPLOAD_API_KEY }}
 

From 433e8b324b03a7450ad8752e543b5cff90a60e4a Mon Sep 17 00:00:00 2001
From: patrick brisbin <pbrisbin@gmail.com>
Date: Mon, 8 Jul 2024 10:11:13 -0400
Subject: [PATCH 04/10] Replace cryptonite with crypton

https://github.com/commercialhaskell/stackage/issues/7474#issuecomment-2208142024
---
 package.yaml                |  2 +-
 stack-hoauth2-2.0.yaml      |  1 +
 stack-hoauth2-2.0.yaml.lock |  7 +++++++
 stack-hoauth2-2.2.yaml      |  1 +
 stack-hoauth2-2.2.yaml.lock |  7 +++++++
 stack-hoauth2-2.3.yaml      |  1 +
 stack-hoauth2-2.3.yaml.lock |  7 +++++++
 stack-hoauth2-2.6.yaml      |  1 +
 stack-hoauth2-2.6.yaml.lock |  7 +++++++
 stack-lts-14.27.yaml        |  3 ---
 stack-lts-14.27.yaml.lock   | 19 -------------------
 stack-lts-16.31.yaml        |  2 ++
 stack-lts-16.31.yaml.lock   |  9 ++++++++-
 stack-lts-18.28.yaml        |  2 ++
 stack-lts-18.28.yaml.lock   |  9 ++++++++-
 stack-lts-19.33.yaml        |  2 ++
 stack-lts-19.33.yaml.lock   |  9 ++++++++-
 stack-lts-20.26.yaml        |  2 ++
 stack-lts-20.26.yaml.lock   |  9 ++++++++-
 yesod-auth-oauth2.cabal     |  4 ++--
 20 files changed, 75 insertions(+), 29 deletions(-)
 delete mode 100644 stack-lts-14.27.yaml
 delete mode 100644 stack-lts-14.27.yaml.lock

diff --git a/package.yaml b/package.yaml
index 8e07abd..568b8c8 100644
--- a/package.yaml
+++ b/package.yaml
@@ -27,7 +27,7 @@ library:
   dependencies:
     - aeson >=0.6
     - bytestring >=0.9.1.4
-    - cryptonite >=0.25
+    - crypton
     - errors
     - hoauth2 >=1.11.0
     - http-client >=0.4.0
diff --git a/stack-hoauth2-2.0.yaml b/stack-hoauth2-2.0.yaml
index 1aa8208..272210b 100644
--- a/stack-hoauth2-2.0.yaml
+++ b/stack-hoauth2-2.0.yaml
@@ -1,3 +1,4 @@
 resolver: lts-18.28
 extra-deps:
+  - crypton-1.0.0
   - hoauth2-2.0.0
diff --git a/stack-hoauth2-2.0.yaml.lock b/stack-hoauth2-2.0.yaml.lock
index 032866a..006dcbf 100644
--- a/stack-hoauth2-2.0.yaml.lock
+++ b/stack-hoauth2-2.0.yaml.lock
@@ -4,6 +4,13 @@
 #   https://docs.haskellstack.org/en/stable/lock_files
 
 packages:
+- completed:
+    hackage: crypton-1.0.0@sha256:637e58581978c84ef1288d14fa9cac1d2905ef60e319924293bc11250aca882d,14527
+    pantry-tree:
+      sha256: 4b5e5511567c0fe735a224cb8b2b278e1caa79344f2940d030d169e69b1b81e1
+      size: 23275
+  original:
+    hackage: crypton-1.0.0
 - completed:
     hackage: hoauth2-2.0.0@sha256:4686d776272d4c57d3c8dbeb9e58b04afe4d2b410382011bd78a3d2bfb08a3fe,5662
     pantry-tree:
diff --git a/stack-hoauth2-2.2.yaml b/stack-hoauth2-2.2.yaml
index c1b27a7..9ea808d 100644
--- a/stack-hoauth2-2.2.yaml
+++ b/stack-hoauth2-2.2.yaml
@@ -1,3 +1,4 @@
 resolver: nightly-2022-02-25
 extra-deps:
+  - crypton-1.0.0
   - hoauth2-2.2.0
diff --git a/stack-hoauth2-2.2.yaml.lock b/stack-hoauth2-2.2.yaml.lock
index de9f9c0..d2632cf 100644
--- a/stack-hoauth2-2.2.yaml.lock
+++ b/stack-hoauth2-2.2.yaml.lock
@@ -4,6 +4,13 @@
 #   https://docs.haskellstack.org/en/stable/lock_files
 
 packages:
+- completed:
+    hackage: crypton-1.0.0@sha256:637e58581978c84ef1288d14fa9cac1d2905ef60e319924293bc11250aca882d,14527
+    pantry-tree:
+      sha256: 4b5e5511567c0fe735a224cb8b2b278e1caa79344f2940d030d169e69b1b81e1
+      size: 23275
+  original:
+    hackage: crypton-1.0.0
 - completed:
     hackage: hoauth2-2.2.0@sha256:83a96156717d9e2c93394b35bef4151f82b90dc88b83d0e35c0bf1158bd41c6c,2801
     pantry-tree:
diff --git a/stack-hoauth2-2.3.yaml b/stack-hoauth2-2.3.yaml
index 8274e74..1013787 100644
--- a/stack-hoauth2-2.3.yaml
+++ b/stack-hoauth2-2.3.yaml
@@ -1,3 +1,4 @@
 resolver: nightly-2022-02-25
 extra-deps:
+  - crypton-1.0.0
   - hoauth2-2.3.0
diff --git a/stack-hoauth2-2.3.yaml.lock b/stack-hoauth2-2.3.yaml.lock
index 60671cd..8301e9b 100644
--- a/stack-hoauth2-2.3.yaml.lock
+++ b/stack-hoauth2-2.3.yaml.lock
@@ -4,6 +4,13 @@
 #   https://docs.haskellstack.org/en/stable/lock_files
 
 packages:
+- completed:
+    hackage: crypton-1.0.0@sha256:637e58581978c84ef1288d14fa9cac1d2905ef60e319924293bc11250aca882d,14527
+    pantry-tree:
+      sha256: 4b5e5511567c0fe735a224cb8b2b278e1caa79344f2940d030d169e69b1b81e1
+      size: 23275
+  original:
+    hackage: crypton-1.0.0
 - completed:
     hackage: hoauth2-2.3.0@sha256:213744356007a4686ff3bb72105843d478bc0ba6229659429cbe241a99f55095,2816
     pantry-tree:
diff --git a/stack-hoauth2-2.6.yaml b/stack-hoauth2-2.6.yaml
index 181a354..9c93469 100644
--- a/stack-hoauth2-2.6.yaml
+++ b/stack-hoauth2-2.6.yaml
@@ -1,5 +1,6 @@
 resolver: nightly-2022-12-09
 extra-deps:
+  - crypton-1.0.0
   - hoauth2-2.6.0
 allow-newer: true
 allow-newer-deps:
diff --git a/stack-hoauth2-2.6.yaml.lock b/stack-hoauth2-2.6.yaml.lock
index 3dbaac6..6dd4c65 100644
--- a/stack-hoauth2-2.6.yaml.lock
+++ b/stack-hoauth2-2.6.yaml.lock
@@ -4,6 +4,13 @@
 #   https://docs.haskellstack.org/en/stable/lock_files
 
 packages:
+- completed:
+    hackage: crypton-1.0.0@sha256:637e58581978c84ef1288d14fa9cac1d2905ef60e319924293bc11250aca882d,14527
+    pantry-tree:
+      sha256: 4b5e5511567c0fe735a224cb8b2b278e1caa79344f2940d030d169e69b1b81e1
+      size: 23275
+  original:
+    hackage: crypton-1.0.0
 - completed:
     hackage: hoauth2-2.6.0@sha256:168321df73bf75dc7cdda8e72725e9f3f624a9776b1fe59ae46c29c45029dc5d,2262
     pantry-tree:
diff --git a/stack-lts-14.27.yaml b/stack-lts-14.27.yaml
deleted file mode 100644
index 2be442d..0000000
--- a/stack-lts-14.27.yaml
+++ /dev/null
@@ -1,3 +0,0 @@
-resolver: lts-14.27
-extra-deps:
-  - hoauth2-1.14.0
diff --git a/stack-lts-14.27.yaml.lock b/stack-lts-14.27.yaml.lock
deleted file mode 100644
index 5ce20b8..0000000
--- a/stack-lts-14.27.yaml.lock
+++ /dev/null
@@ -1,19 +0,0 @@
-# This file was autogenerated by Stack.
-# You should not edit this file by hand.
-# For more information, please see the documentation at:
-#   https://docs.haskellstack.org/en/stable/lock_files
-
-packages:
-- completed:
-    hackage: hoauth2-1.14.0@sha256:fcb4284fc78950c91d5b548317c51bd99a5ced84f4bb9e6153624b5783e4215f,5628
-    pantry-tree:
-      sha256: f25e2c2c101312196159dad5a3e2a4c8f549ed2d036d9566b66786d758db7dba
-      size: 2046
-  original:
-    hackage: hoauth2-1.14.0
-snapshots:
-- completed:
-    sha256: 7ea31a280c56bf36ff591a7397cc384d0dff622e7f9e4225b47d8980f019a0f0
-    size: 524996
-    url: https://raw.githubusercontent.com/commercialhaskell/stackage-snapshots/master/lts/14/27.yaml
-  original: lts-14.27
diff --git a/stack-lts-16.31.yaml b/stack-lts-16.31.yaml
index 53095f7..22688b1 100644
--- a/stack-lts-16.31.yaml
+++ b/stack-lts-16.31.yaml
@@ -1 +1,3 @@
 resolver: lts-16.31
+extra-deps:
+  - crypton-1.0.0
diff --git a/stack-lts-16.31.yaml.lock b/stack-lts-16.31.yaml.lock
index a3bf80f..783dcb5 100644
--- a/stack-lts-16.31.yaml.lock
+++ b/stack-lts-16.31.yaml.lock
@@ -3,7 +3,14 @@
 # For more information, please see the documentation at:
 #   https://docs.haskellstack.org/en/stable/lock_files
 
-packages: []
+packages:
+- completed:
+    hackage: crypton-1.0.0@sha256:637e58581978c84ef1288d14fa9cac1d2905ef60e319924293bc11250aca882d,14527
+    pantry-tree:
+      sha256: 4b5e5511567c0fe735a224cb8b2b278e1caa79344f2940d030d169e69b1b81e1
+      size: 23275
+  original:
+    hackage: crypton-1.0.0
 snapshots:
 - completed:
     sha256: 637fb77049b25560622a224845b7acfe81a09fdb6a96a3c75997a10b651667f6
diff --git a/stack-lts-18.28.yaml b/stack-lts-18.28.yaml
index 773d5c9..c070685 100644
--- a/stack-lts-18.28.yaml
+++ b/stack-lts-18.28.yaml
@@ -1 +1,3 @@
 resolver: lts-18.28
+extra-deps:
+  - crypton-1.0.0
diff --git a/stack-lts-18.28.yaml.lock b/stack-lts-18.28.yaml.lock
index da10c3e..a23fd96 100644
--- a/stack-lts-18.28.yaml.lock
+++ b/stack-lts-18.28.yaml.lock
@@ -3,7 +3,14 @@
 # For more information, please see the documentation at:
 #   https://docs.haskellstack.org/en/stable/lock_files
 
-packages: []
+packages:
+- completed:
+    hackage: crypton-1.0.0@sha256:637e58581978c84ef1288d14fa9cac1d2905ef60e319924293bc11250aca882d,14527
+    pantry-tree:
+      sha256: 4b5e5511567c0fe735a224cb8b2b278e1caa79344f2940d030d169e69b1b81e1
+      size: 23275
+  original:
+    hackage: crypton-1.0.0
 snapshots:
 - completed:
     sha256: 428ec8d5ce932190d3cbe266b9eb3c175cd81e984babf876b64019e2cbe4ea68
diff --git a/stack-lts-19.33.yaml b/stack-lts-19.33.yaml
index f9994e6..c552550 100644
--- a/stack-lts-19.33.yaml
+++ b/stack-lts-19.33.yaml
@@ -1 +1,3 @@
 resolver: lts-19.33
+extra-deps:
+  - crypton-1.0.0
diff --git a/stack-lts-19.33.yaml.lock b/stack-lts-19.33.yaml.lock
index d79c369..c81ce8a 100644
--- a/stack-lts-19.33.yaml.lock
+++ b/stack-lts-19.33.yaml.lock
@@ -3,7 +3,14 @@
 # For more information, please see the documentation at:
 #   https://docs.haskellstack.org/en/stable/lock_files
 
-packages: []
+packages:
+- completed:
+    hackage: crypton-1.0.0@sha256:637e58581978c84ef1288d14fa9cac1d2905ef60e319924293bc11250aca882d,14527
+    pantry-tree:
+      sha256: 4b5e5511567c0fe735a224cb8b2b278e1caa79344f2940d030d169e69b1b81e1
+      size: 23275
+  original:
+    hackage: crypton-1.0.0
 snapshots:
 - completed:
     sha256: 6d1532d40621957a25bad5195bfca7938e8a06d923c91bc52aa0f3c41181f2d4
diff --git a/stack-lts-20.26.yaml b/stack-lts-20.26.yaml
index fc9172f..c421558 100644
--- a/stack-lts-20.26.yaml
+++ b/stack-lts-20.26.yaml
@@ -1 +1,3 @@
 resolver: lts-20.26
+extra-deps:
+  - crypton-1.0.0
diff --git a/stack-lts-20.26.yaml.lock b/stack-lts-20.26.yaml.lock
index ea5a850..0d30195 100644
--- a/stack-lts-20.26.yaml.lock
+++ b/stack-lts-20.26.yaml.lock
@@ -3,7 +3,14 @@
 # For more information, please see the documentation at:
 #   https://docs.haskellstack.org/en/stable/lock_files
 
-packages: []
+packages:
+- completed:
+    hackage: crypton-1.0.0@sha256:637e58581978c84ef1288d14fa9cac1d2905ef60e319924293bc11250aca882d,14527
+    pantry-tree:
+      sha256: 4b5e5511567c0fe735a224cb8b2b278e1caa79344f2940d030d169e69b1b81e1
+      size: 23275
+  original:
+    hackage: crypton-1.0.0
 snapshots:
 - completed:
     sha256: 5a59b2a405b3aba3c00188453be172b85893cab8ebc352b1ef58b0eae5d248a2
diff --git a/yesod-auth-oauth2.cabal b/yesod-auth-oauth2.cabal
index 57e7c63..d5c0145 100644
--- a/yesod-auth-oauth2.cabal
+++ b/yesod-auth-oauth2.cabal
@@ -4,7 +4,7 @@ cabal-version: 1.18
 --
 -- see: https://github.com/sol/hpack
 --
--- hash: 0bef4a9a180a48d0f0187fb359f4a27027166f3a0dd3827b76a6accb71753a27
+-- hash: a9bf86bc3dabd56dd108a6550bbd114607294b7add72c38d081f7f58085af3e9
 
 name:           yesod-auth-oauth2
 version:        0.7.2.0
@@ -71,7 +71,7 @@ library
       aeson >=0.6
     , base >=4.9.0.0 && <5
     , bytestring >=0.9.1.4
-    , cryptonite >=0.25
+    , crypton
     , errors
     , hoauth2 >=1.11.0
     , http-client >=0.4.0

From 07c6ea68754a9a4be0e8731898981fdbc1d0237b Mon Sep 17 00:00:00 2001
From: patrick brisbin <pbrisbin@gmail.com>
Date: Mon, 8 Jul 2024 10:16:12 -0400
Subject: [PATCH 05/10] Remove incorrect comment

---
 stack-hoauth2-2.6.yaml | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/stack-hoauth2-2.6.yaml b/stack-hoauth2-2.6.yaml
index 9c93469..4a6664b 100644
--- a/stack-hoauth2-2.6.yaml
+++ b/stack-hoauth2-2.6.yaml
@@ -4,9 +4,4 @@ extra-deps:
   - hoauth2-2.6.0
 allow-newer: true
 allow-newer-deps:
-  - hoauth2 # specifying the package itself is not necessary in the newest
-            # stack, and in fact doens't make conceptual sense. But it is
-            # required on the version of stack on GHA or you get a warning about
-            # ignoreing the bounds (as desired) but it still fails on them...
-  - memory
-  - text
+  - hoauth2 # allow newer memory and text

From 7b0d4f6243cc4593453cd353538040349fe7839a Mon Sep 17 00:00:00 2001
From: patrick brisbin <pbrisbin@gmail.com>
Date: Mon, 8 Jul 2024 10:19:33 -0400
Subject: [PATCH 06/10] HLint

---
 src/Yesod/Auth/OAuth2/Google.hs | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/Yesod/Auth/OAuth2/Google.hs b/src/Yesod/Auth/OAuth2/Google.hs
index 77e7726..0fc3475 100644
--- a/src/Yesod/Auth/OAuth2/Google.hs
+++ b/src/Yesod/Auth/OAuth2/Google.hs
@@ -39,9 +39,8 @@ newtype User = User Text
 instance FromJSON User where
   parseJSON =
     withObject "User" $ \o ->
-      User
-        -- Required for data backwards-compatibility
-        <$> (("google-uid:" <>) <$> o .: "sub")
+      -- Required for data backwards-compatibility
+      User . ("google-uid:" <>) <$> o .: "sub"
 
 pluginName :: Text
 pluginName = "google"

From 87a0231a6d19c14f67e830d4298eb8a65b0d05e1 Mon Sep 17 00:00:00 2001
From: patrick brisbin <pbrisbin@gmail.com>
Date: Mon, 8 Jul 2024 10:19:43 -0400
Subject: [PATCH 07/10] Update CI for removed lts-14 configuration

---
 .github/workflows/ci.yml      | 29 ++++++++++++++---------------
 .github/workflows/release.yml |  2 +-
 2 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index fd7f967..f25724b 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -10,32 +10,31 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  test:
+  generate:
     runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - id: generate
+        uses: freckle/stack-action/generate-matrix@v5
+    outputs:
+      stack-yamls: ${{ steps.generate.outputs.stack-yamls }}
 
+  test:
+    needs: generate
     strategy:
       matrix:
-        stack-yaml:
-          - stack-nightly.yaml     # ghc-9.8
-          - stack.yaml             # ghc-9.6
-          - stack-lts-21.25.yaml   # ghc-9.4
-          - stack-lts-20.26.yaml   # ghc-9.2
-          - stack-lts-19.33.yaml   # ghc-9.0
-          - stack-lts-18.28.yaml   # ghc-8.10
-          - stack-lts-16.31.yaml   # ghc-8.8
-          - stack-lts-14.27.yaml   # ghc-8.6 + hoauth2-1.14.0
-          - stack-hoauth2-2.6.yaml # ghc-9.4 (nightly-2022-12-09)
-          - stack-hoauth2-2.3.yaml # ghc-9.0 (nightly-2022-02-25)
-          - stack-hoauth2-2.2.yaml # ghc-9.0 (nightly-2022-02-25)
-          - stack-hoauth2-2.0.yaml # ghc-8.10
+        stack-yaml: ${{ fromJSON(needs.generate.outputs.stack-yamls) }}
       fail-fast: false
 
+    runs-on: ubuntu-latest
+
     steps:
       - uses: actions/checkout@v4
       - uses: freckle/stack-action@v5
         with:
-          stack-yaml: ${{ matrix.stack-yaml }}
           stack-build-arguments: --flag yesod-auth-oauth2:example
+        env:
+          STACK_YAML: ${{ matrix.stack-yaml }}
 
   lint:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 20ad7e7..65d1030 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -19,4 +19,4 @@ jobs:
           HACKAGE_KEY: ${{ secrets.HACKAGE_UPLOAD_API_KEY }}
 
           # Use minimum LTS to set lowest lower bounds
-          STACK_YAML: stack-lts-14.27.yaml
+          STACK_YAML: stack-lts-16.31.yaml

From 624b2be5aa17b7395b5774751d9989d85905ddef Mon Sep 17 00:00:00 2001
From: Ding <c_ding@foxmail.com>
Date: Fri, 24 May 2024 22:34:48 +0800
Subject: [PATCH 08/10] Add ORCID OAuth provider

---
 example/Main.hs                |  2 ++
 src/Yesod/Auth/OAuth2/ORCID.hs | 50 ++++++++++++++++++++++++++++++++++
 yesod-auth-oauth2.cabal        |  3 +-
 3 files changed, 54 insertions(+), 1 deletion(-)
 create mode 100644 src/Yesod/Auth/OAuth2/ORCID.hs

diff --git a/example/Main.hs b/example/Main.hs
index 9c8d836..562bf31 100644
--- a/example/Main.hs
+++ b/example/Main.hs
@@ -40,6 +40,7 @@ import Yesod.Auth.OAuth2.Spotify
 import Yesod.Auth.OAuth2.Twitch
 import Yesod.Auth.OAuth2.Upcase
 import Yesod.Auth.OAuth2.WordPressDotCom
+import Yesod.Auth.OAuth2.ORCID
 
 data App = App
   { appHttpManager :: Manager
@@ -149,6 +150,7 @@ mkFoundation = do
       , loadPlugin (oauth2Spotify []) "SPOTIFY"
       , loadPlugin oauth2Twitch "TWITCH"
       , loadPlugin oauth2WordPressDotCom "WORDPRESS_DOT_COM"
+      , loadPlugin oauth2ORCID "ORCID"
       , loadPlugin oauth2Upcase "UPCASE"
       ]
 
diff --git a/src/Yesod/Auth/OAuth2/ORCID.hs b/src/Yesod/Auth/OAuth2/ORCID.hs
new file mode 100644
index 0000000..a60f394
--- /dev/null
+++ b/src/Yesod/Auth/OAuth2/ORCID.hs
@@ -0,0 +1,50 @@
+{-# LANGUAGE OverloadedStrings #-}
+
+module Yesod.Auth.OAuth2.ORCID
+  ( oauth2ORCID
+  ) where
+
+import qualified Data.Text as T
+import Yesod.Auth.OAuth2.Prelude
+
+pluginName :: Text
+pluginName = "orcid"
+
+newtype User = User Text
+
+instance FromJSON User where
+  parseJSON = withObject "User" $ \o -> User <$> o .: "sub"
+
+oauth2ORCID
+  :: YesodAuth m
+  => Text
+  -- ^ Client Id
+  -> Text
+  -- ^ Client Secret
+  -> AuthPlugin m
+oauth2ORCID clientId clientSecret =
+  authOAuth2 pluginName oauth2 $ \manager token -> do
+    (User userId, userResponse) <-
+      authGetProfile
+        pluginName
+        manager
+        token
+        "https://orcid.org/oauth/userinfo"
+
+    pure
+      Creds
+        { credsPlugin = pluginName
+        , credsIdent = T.pack $ show userId
+        , credsExtra = setExtra token userResponse
+        }
+ where
+  oauth2 =
+    OAuth2
+      { oauth2ClientId = clientId
+      , oauth2ClientSecret = Just clientSecret
+      , oauth2AuthorizeEndpoint =
+          "https://orcid.org/oauth/authorize"
+            `withQuery` [scopeParam " " ["openid"]]
+      , oauth2TokenEndpoint = "https://orcid.org/oauth/token"
+      , oauth2RedirectUri = Nothing
+      }
diff --git a/yesod-auth-oauth2.cabal b/yesod-auth-oauth2.cabal
index d5c0145..e290011 100644
--- a/yesod-auth-oauth2.cabal
+++ b/yesod-auth-oauth2.cabal
@@ -4,7 +4,7 @@ cabal-version: 1.18
 --
 -- see: https://github.com/sol/hpack
 --
--- hash: a9bf86bc3dabd56dd108a6550bbd114607294b7add72c38d081f7f58085af3e9
+-- hash: e92a1426ba46aee8b456d3b2454bcee06ae044afd5e1bb7b0d50641568b576ac
 
 name:           yesod-auth-oauth2
 version:        0.7.2.0
@@ -54,6 +54,7 @@ library
       Yesod.Auth.OAuth2.GitLab
       Yesod.Auth.OAuth2.Google
       Yesod.Auth.OAuth2.Nylas
+      Yesod.Auth.OAuth2.ORCID
       Yesod.Auth.OAuth2.Prelude
       Yesod.Auth.OAuth2.Random
       Yesod.Auth.OAuth2.Salesforce

From 56c2d0a30da3967045f9efd7e33f1a4932e08663 Mon Sep 17 00:00:00 2001
From: patrick brisbin <pbrisbin@gmail.com>
Date: Mon, 8 Jul 2024 12:23:29 -0400
Subject: [PATCH 09/10] Fix import sorting in Main

---
 example/Main.hs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/example/Main.hs b/example/Main.hs
index 562bf31..1cbd42c 100644
--- a/example/Main.hs
+++ b/example/Main.hs
@@ -34,13 +34,13 @@ import Yesod.Auth.OAuth2.GitHub
 import Yesod.Auth.OAuth2.GitLab
 import Yesod.Auth.OAuth2.Google
 import Yesod.Auth.OAuth2.Nylas
+import Yesod.Auth.OAuth2.ORCID
 import Yesod.Auth.OAuth2.Salesforce
 import Yesod.Auth.OAuth2.Slack
 import Yesod.Auth.OAuth2.Spotify
 import Yesod.Auth.OAuth2.Twitch
 import Yesod.Auth.OAuth2.Upcase
 import Yesod.Auth.OAuth2.WordPressDotCom
-import Yesod.Auth.OAuth2.ORCID
 
 data App = App
   { appHttpManager :: Manager

From 50cc0ea49bcdb7af7fce5e2ca61ea071e4b1ad20 Mon Sep 17 00:00:00 2001
From: patrick brisbin <pbrisbin@gmail.com>
Date: Mon, 8 Jul 2024 12:27:08 -0400
Subject: [PATCH 10/10] Version bump

---
 CHANGELOG.md            | 8 +++++++-
 package.yaml            | 2 +-
 yesod-auth-oauth2.cabal | 4 ++--
 3 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index afec968..4c2aabd 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,10 @@
-## [_Unreleased_](https://github.com/thoughtbot/yesod-auth-oauth2/compare/v0.7.2.0...main)
+## [_Unreleased_](https://github.com/thoughtbot/yesod-auth-oauth2/compare/v0.7.3.0...main)
+
+## [v0.7.3.0](https://github.com/thoughtbot/yesod-auth-oauth2/compare/v0.7.2.0...v0.7.3.0)
+
+- Add ORCID provider
+- Drop support for LTS-12 / GHC-8.6
+- Replace `cryptonite` with `crypton`
 
 ## [v0.7.2.0](https://github.com/thoughtbot/yesod-auth-oauth2/compare/v0.7.1.3...v0.7.2.0)
 
diff --git a/package.yaml b/package.yaml
index 568b8c8..4bd676c 100644
--- a/package.yaml
+++ b/package.yaml
@@ -1,6 +1,6 @@
 ---
 name: yesod-auth-oauth2
-version: 0.7.2.0
+version: 0.7.3.0
 synopsis: OAuth 2.0 authentication plugins
 description: Library to authenticate with OAuth 2.0 for Yesod web applications.
 category: Web
diff --git a/yesod-auth-oauth2.cabal b/yesod-auth-oauth2.cabal
index e290011..dafcfb7 100644
--- a/yesod-auth-oauth2.cabal
+++ b/yesod-auth-oauth2.cabal
@@ -4,10 +4,10 @@ cabal-version: 1.18
 --
 -- see: https://github.com/sol/hpack
 --
--- hash: e92a1426ba46aee8b456d3b2454bcee06ae044afd5e1bb7b0d50641568b576ac
+-- hash: 148c53a7824b23fa36ce45e0641e643edec0da339f201937f076327d06b2054a
 
 name:           yesod-auth-oauth2
-version:        0.7.2.0
+version:        0.7.3.0
 synopsis:       OAuth 2.0 authentication plugins
 description:    Library to authenticate with OAuth 2.0 for Yesod web applications.
 category:       Web