diff --git a/src/Network/OAuth/OAuth2/Compat.hs b/src/Network/OAuth/OAuth2/Compat.hs index 18364d3..bb0d899 100644 --- a/src/Network/OAuth/OAuth2/Compat.hs +++ b/src/Network/OAuth/OAuth2/Compat.hs @@ -44,6 +44,7 @@ data OAuth2 = OAuth2 , oauth2AuthorizeEndpoint :: URIRef Absolute , oauth2TokenEndpoint :: URIRef Absolute , oauth2RedirectUri :: Maybe (URIRef Absolute) + , oauth2AppRoot :: Maybe Text } #if MIN_VERSION_hoauth2(2,7,0) diff --git a/src/Yesod/Auth/OAuth2/Auth0.hs b/src/Yesod/Auth/OAuth2/Auth0.hs index b1a1cb8..6113702 100644 --- a/src/Yesod/Auth/OAuth2/Auth0.hs +++ b/src/Yesod/Auth/OAuth2/Auth0.hs @@ -54,4 +54,5 @@ oauth2Auth0HostScopes host scopes clientId clientSecret = host `withPath` "/authorize" `withQuery` [scopeParam " " scopes] , oauth2TokenEndpoint = host `withPath` "/oauth/token" , oauth2RedirectUri = Nothing + , oauth2AppRoot = Nothing } diff --git a/src/Yesod/Auth/OAuth2/AzureAD.hs b/src/Yesod/Auth/OAuth2/AzureAD.hs index 6538646..ce4be03 100644 --- a/src/Yesod/Auth/OAuth2/AzureAD.hs +++ b/src/Yesod/Auth/OAuth2/AzureAD.hs @@ -53,4 +53,5 @@ oauth2AzureADScoped scopes clientId clientSecret = ] , oauth2TokenEndpoint = "https://login.windows.net/common/oauth2/token" , oauth2RedirectUri = Nothing + , oauth2AppRoot = Nothing } diff --git a/src/Yesod/Auth/OAuth2/AzureADv2.hs b/src/Yesod/Auth/OAuth2/AzureADv2.hs index 96d9cde..58d4e8a 100644 --- a/src/Yesod/Auth/OAuth2/AzureADv2.hs +++ b/src/Yesod/Auth/OAuth2/AzureADv2.hs @@ -72,6 +72,7 @@ oauth2AzureADv2Scoped scopes tenantId clientId clientSecret = tenantUrl "/authorize" `withQuery` [scopeParam " " scopes] , oauth2TokenEndpoint = tenantUrl "/token" , oauth2RedirectUri = Nothing + , oauth2AppRoot = Nothing } tenantUrl path = diff --git a/src/Yesod/Auth/OAuth2/BattleNet.hs b/src/Yesod/Auth/OAuth2/BattleNet.hs index f84ba2f..f12c461 100644 --- a/src/Yesod/Auth/OAuth2/BattleNet.hs +++ b/src/Yesod/Auth/OAuth2/BattleNet.hs @@ -52,6 +52,7 @@ oauth2BattleNet widget region clientId clientSecret = , oauth2AuthorizeEndpoint = fromRelative "https" host "/oauth/authorize" , oauth2TokenEndpoint = fromRelative "https" host "/oauth/token" , oauth2RedirectUri = Nothing + , oauth2AppRoot = Nothing } diff --git a/src/Yesod/Auth/OAuth2/Bitbucket.hs b/src/Yesod/Auth/OAuth2/Bitbucket.hs index 0c53819..a47c277 100644 --- a/src/Yesod/Auth/OAuth2/Bitbucket.hs +++ b/src/Yesod/Auth/OAuth2/Bitbucket.hs @@ -58,4 +58,5 @@ oauth2BitbucketScoped scopes clientId clientSecret = `withQuery` [scopeParam "," scopes] , oauth2TokenEndpoint = "https://bitbucket.com/site/oauth2/access_token" , oauth2RedirectUri = Nothing + , oauth2AppRoot = Nothing } diff --git a/src/Yesod/Auth/OAuth2/ClassLink.hs b/src/Yesod/Auth/OAuth2/ClassLink.hs index 0cc6146..7c69e25 100644 --- a/src/Yesod/Auth/OAuth2/ClassLink.hs +++ b/src/Yesod/Auth/OAuth2/ClassLink.hs @@ -46,4 +46,5 @@ oauth2ClassLinkScoped scopes clientId clientSecret = `withQuery` [scopeParam "," scopes] , oauth2TokenEndpoint = "https://launchpad.classlink.com/oauth2/v2/token" , oauth2RedirectUri = Nothing + , oauth2AppRoot = Nothing } diff --git a/src/Yesod/Auth/OAuth2/Dispatch.hs b/src/Yesod/Auth/OAuth2/Dispatch.hs index 244e535..534e908 100644 --- a/src/Yesod/Auth/OAuth2/Dispatch.hs +++ b/src/Yesod/Auth/OAuth2/Dispatch.hs @@ -100,7 +100,11 @@ withCallbackAndState -> Text -> m OAuth2 withCallbackAndState name oauth2 csrf = do - uri <- ($ PluginR name ["callback"]) <$> getParentUrlRender + pluginURI <- ($ PluginR name ["callback"]) <$> getParentUrlRender + let uri = + case oauth2AppRoot oauth2 of + Just root -> root <> pluginURI + Nothing -> pluginURI callback <- maybe (throwError $ InvalidCallbackUri uri) pure $ fromText uri pure oauth2 { oauth2RedirectUri = Just callback diff --git a/src/Yesod/Auth/OAuth2/EveOnline.hs b/src/Yesod/Auth/OAuth2/EveOnline.hs index b31f948..53ca8f6 100644 --- a/src/Yesod/Auth/OAuth2/EveOnline.hs +++ b/src/Yesod/Auth/OAuth2/EveOnline.hs @@ -78,4 +78,5 @@ oauth2EveScoped scopes widgetType clientId clientSecret = `withQuery` [("response_type", "code"), scopeParam " " scopes] , oauth2TokenEndpoint = "https://login.eveonline.com/oauth/token" , oauth2RedirectUri = Nothing + , oauth2AppRoot = Nothing } diff --git a/src/Yesod/Auth/OAuth2/GitHub.hs b/src/Yesod/Auth/OAuth2/GitHub.hs index 753ba82..794796d 100644 --- a/src/Yesod/Auth/OAuth2/GitHub.hs +++ b/src/Yesod/Auth/OAuth2/GitHub.hs @@ -52,4 +52,5 @@ oauth2GitHubScoped scopes clientId clientSecret = `withQuery` [scopeParam "," scopes] , oauth2TokenEndpoint = "https://github.com/login/oauth/access_token" , oauth2RedirectUri = Nothing + , oauth2AppRoot = Nothing } diff --git a/src/Yesod/Auth/OAuth2/GitLab.hs b/src/Yesod/Auth/OAuth2/GitLab.hs index 72d0bbd..64ed372 100644 --- a/src/Yesod/Auth/OAuth2/GitLab.hs +++ b/src/Yesod/Auth/OAuth2/GitLab.hs @@ -56,4 +56,5 @@ oauth2GitLabHostScopes host scopes clientId clientSecret = host `withPath` "/oauth/authorize" `withQuery` [scopeParam " " scopes] , oauth2TokenEndpoint = host `withPath` "/oauth/token" , oauth2RedirectUri = Nothing + , oauth2AppRoot = Nothing } diff --git a/src/Yesod/Auth/OAuth2/Google.hs b/src/Yesod/Auth/OAuth2/Google.hs index 2e293ae..b19d2e5 100644 --- a/src/Yesod/Auth/OAuth2/Google.hs +++ b/src/Yesod/Auth/OAuth2/Google.hs @@ -83,4 +83,5 @@ oauth2GoogleScopedWidget widget scopes clientId clientSecret = `withQuery` [scopeParam " " scopes] , oauth2TokenEndpoint = "https://www.googleapis.com/oauth2/v3/token" , oauth2RedirectUri = Nothing + , oauth2AppRoot = Nothing } diff --git a/src/Yesod/Auth/OAuth2/Nylas.hs b/src/Yesod/Auth/OAuth2/Nylas.hs index 99b5dce..9a44414 100644 --- a/src/Yesod/Auth/OAuth2/Nylas.hs +++ b/src/Yesod/Auth/OAuth2/Nylas.hs @@ -63,4 +63,5 @@ oauth2Nylas clientId clientSecret = ] , oauth2TokenEndpoint = "https://api.nylas.com/oauth/token" , oauth2RedirectUri = Nothing + , oauth2AppRoot = Nothing } diff --git a/src/Yesod/Auth/OAuth2/Okta.hs b/src/Yesod/Auth/OAuth2/Okta.hs index b2514d3..d830025 100644 --- a/src/Yesod/Auth/OAuth2/Okta.hs +++ b/src/Yesod/Auth/OAuth2/Okta.hs @@ -46,6 +46,8 @@ oauth2Okta :: Text -> -- | The authorization server ByteString -> + -- | Application Root for redirect links + Maybe (URIRef Absolute) -> AuthPlugin m oauth2Okta = oauth2OktaWithScopes defaultOktaScopes @@ -62,8 +64,10 @@ oauth2OktaWithScopes :: Text -> -- | The authorization server ByteString -> + -- | Application Root for building callbacks + Maybe (URIRef Absolute) -> AuthPlugin m -oauth2OktaWithScopes scopes host clientId clientSecret authorizationServer = +oauth2OktaWithScopes scopes host clientId clientSecret authorizationServer appRoot = authOAuth2 pluginName oauth2 $ \manager token -> do (User uid, userResponse) <- authGetProfile @@ -87,7 +91,8 @@ oauth2OktaWithScopes scopes host clientId clientSecret authorizationServer = `withPath` (mkEndpointSegment authorizationServer "authorize") `withQuery` [scopeParam " " scopes], oauth2TokenEndpoint = host `withPath` (mkEndpointSegment authorizationServer "token"), - oauth2RedirectUri = Nothing + oauth2RedirectUri = Nothing, + oauth2AppRoot = appRoot } -- | Helper function for creating an endpoint path segment for the given authorization server diff --git a/src/Yesod/Auth/OAuth2/Salesforce.hs b/src/Yesod/Auth/OAuth2/Salesforce.hs index 0fbff78..a1b8e0f 100644 --- a/src/Yesod/Auth/OAuth2/Salesforce.hs +++ b/src/Yesod/Auth/OAuth2/Salesforce.hs @@ -73,4 +73,5 @@ salesforceHelper name profileUri authorizeUri tokenUri scopes clientId clientSec , oauth2AuthorizeEndpoint = authorizeUri `withQuery` [scopeParam " " scopes] , oauth2TokenEndpoint = tokenUri , oauth2RedirectUri = Nothing + , oauth2AppRoot = Nothing } diff --git a/src/Yesod/Auth/OAuth2/Slack.hs b/src/Yesod/Auth/OAuth2/Slack.hs index b909b5b..293b118 100644 --- a/src/Yesod/Auth/OAuth2/Slack.hs +++ b/src/Yesod/Auth/OAuth2/Slack.hs @@ -72,4 +72,5 @@ oauth2SlackScoped scopes clientId clientSecret = `withQuery` [scopeParam "," $ map scopeText scopes] , oauth2TokenEndpoint = "https://slack.com/api/oauth.access" , oauth2RedirectUri = Nothing + , oauth2AppRoot = Nothing } diff --git a/src/Yesod/Auth/OAuth2/Spotify.hs b/src/Yesod/Auth/OAuth2/Spotify.hs index 93bcc48..450dd3a 100644 --- a/src/Yesod/Auth/OAuth2/Spotify.hs +++ b/src/Yesod/Auth/OAuth2/Spotify.hs @@ -40,4 +40,5 @@ oauth2Spotify scopes clientId clientSecret = `withQuery` [scopeParam " " scopes] , oauth2TokenEndpoint = "https://accounts.spotify.com/api/token" , oauth2RedirectUri = Nothing + , oauth2AppRoot = Nothing } diff --git a/src/Yesod/Auth/OAuth2/Twitch.hs b/src/Yesod/Auth/OAuth2/Twitch.hs index cfa066f..7566641 100644 --- a/src/Yesod/Auth/OAuth2/Twitch.hs +++ b/src/Yesod/Auth/OAuth2/Twitch.hs @@ -56,4 +56,5 @@ oauth2TwitchScoped scopes clientId clientSecret = , ("client_secret", T.encodeUtf8 clientSecret) ] , oauth2RedirectUri = Nothing + , oauth2AppRoot = Nothing } diff --git a/src/Yesod/Auth/OAuth2/Upcase.hs b/src/Yesod/Auth/OAuth2/Upcase.hs index 3d69474..c03f4be 100644 --- a/src/Yesod/Auth/OAuth2/Upcase.hs +++ b/src/Yesod/Auth/OAuth2/Upcase.hs @@ -45,4 +45,5 @@ oauth2Upcase clientId clientSecret = , oauth2AuthorizeEndpoint = "http://upcase.com/oauth/authorize" , oauth2TokenEndpoint = "http://upcase.com/oauth/token" , oauth2RedirectUri = Nothing + , oauth2AppRoot = Nothing } diff --git a/src/Yesod/Auth/OAuth2/WordPressDotCom.hs b/src/Yesod/Auth/OAuth2/WordPressDotCom.hs index 4c6b36d..8300e6b 100644 --- a/src/Yesod/Auth/OAuth2/WordPressDotCom.hs +++ b/src/Yesod/Auth/OAuth2/WordPressDotCom.hs @@ -43,4 +43,5 @@ oauth2WordPressDotCom clientId clientSecret = `withQuery` [scopeParam "," ["auth"]] , oauth2TokenEndpoint = "https://public-api.wordpress.com/oauth2/token" , oauth2RedirectUri = Nothing + , oauth2AppRoot = Nothing }