mirror of
https://github.com/freckle/yesod-auth-oauth2.git
synced 2026-04-06 11:49:03 +02:00
Update README
This commit is contained in:
patrick brisbin
parent
41eda086a1
commit
fccd7a1d66
113
README.md
113
README.md
@ -2,11 +2,9 @@
|
|||||||
|
|
||||||
OAuth2 `AuthPlugin`s for Yesod.
|
OAuth2 `AuthPlugin`s for Yesod.
|
||||||
|
|
||||||
## Basic Usage
|
## Usage
|
||||||
|
|
||||||
To use one of the supported providers:
|
```hs
|
||||||
|
|
||||||
```haskell
|
|
||||||
import Yesod.Auth
|
import Yesod.Auth
|
||||||
import Yesod.Auth.OAuth2.Github
|
import Yesod.Auth.OAuth2.Github
|
||||||
|
|
||||||
@ -25,56 +23,83 @@ clientSecret = "..."
|
|||||||
Some plugins, such as GitHub and Slack, have scoped functions for requesting
|
Some plugins, such as GitHub and Slack, have scoped functions for requesting
|
||||||
additional information:
|
additional information:
|
||||||
|
|
||||||
```haskell
|
```hs
|
||||||
import Yesod.Auth
|
oauth2SlackScoped [SlackBasicScope, SlackEmailScope] clientId clientSecret
|
||||||
import Yesod.Auth.OAuth2.Slack
|
|
||||||
|
|
||||||
instance YesodAuth App where
|
|
||||||
-- ...
|
|
||||||
|
|
||||||
authPlugins _ =
|
|
||||||
[oauth2SlackScoped clientId clientSecret slackScopes]
|
|
||||||
where
|
|
||||||
slackScopes = [SlackEmailScope, SlackAvatarScope, SlackTeamScope]
|
|
||||||
|
|
||||||
clientId :: Text
|
|
||||||
clientId = "..."
|
|
||||||
|
|
||||||
clientSecret :: Text
|
|
||||||
clientSecret = "..."
|
|
||||||
```
|
```
|
||||||
|
|
||||||
## Advanced Usage
|
## Working with Extra Data
|
||||||
|
|
||||||
To use any other provider:
|
We put the minimal amount of user data possible in `credsExtra` -- just enough
|
||||||
|
to support you parsing or fetching additional data yourself.
|
||||||
|
|
||||||
|
For example, if you work with GitHub and GitHub user profiles, you likely
|
||||||
|
already have a model and a way to parse the `/user` response. Rather than
|
||||||
|
duplicate all that in our own library, we try to make it easy for you to re-use
|
||||||
|
that code yourself:
|
||||||
|
|
||||||
|
```hs
|
||||||
|
authenticate creds = do
|
||||||
|
let
|
||||||
|
-- You can run your own FromJSON parser on the respose we already have
|
||||||
|
eGitHubUser :: Either String GitHubUser
|
||||||
|
eGitHubUser = getUserResponse creds
|
||||||
|
|
||||||
|
-- Avert your eyes
|
||||||
|
Right githubUser = eGitHubUser
|
||||||
|
|
||||||
|
-- Or make followup requests using our access token
|
||||||
|
runGitHub (getAccessToken creds) $ userRepositories githubUser
|
||||||
|
|
||||||
|
-- Or store it for later
|
||||||
|
insert User
|
||||||
|
{ userIdent = credsIdent creds
|
||||||
|
, userAccessToken = getAccessToken creds
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
**NOTE**: Avoid looking up values in `credsExtra` yourself; prefer the provided
|
||||||
|
`get` functions. The data representation itself is no longer considered public
|
||||||
|
API.
|
||||||
|
|
||||||
|
## Local Providers
|
||||||
|
|
||||||
|
If we don't supply a "Provider" (e.g. GitHub, Google, etc) you need. You can
|
||||||
|
write your own within your codebase:
|
||||||
|
|
||||||
```haskell
|
```haskell
|
||||||
import Yesod.Auth
|
import Yesod.Auth.OAuth2.Prelude
|
||||||
import Yesod.Auth.OAuth2
|
|
||||||
|
|
||||||
instance YesodAuth App where
|
pluginName :: Text
|
||||||
-- ...
|
pluginName = "mysite"
|
||||||
|
|
||||||
authPlugins _ = [myPlugin]
|
oauth2MySite :: YesodAuth m => Text -> Text -> AuthPlugin m
|
||||||
|
oauth2MySite clientId clientSecret =
|
||||||
|
authOAuth2 pluginName oauth2 $ \manager token -> do
|
||||||
|
-- Fetch a profile using the manager and token, leave it a ByteString
|
||||||
|
userResponseJSON <- -- ...
|
||||||
|
|
||||||
myPlugin :: AuthPlugin m
|
-- Parse it to your preferred identifier, see Data.Aeson
|
||||||
myPlugin = authOAuth2 "mysite"
|
userId <- -- ...
|
||||||
(OAuth2
|
|
||||||
{ oauthClientId = "..."
|
-- See authGetProfile for the typical case
|
||||||
, oauthClientSecret = "..."
|
|
||||||
, oauthOAuthorizeEndpoint = "https://mysite.com/oauth/authorize"
|
pure Creds
|
||||||
|
{ credsPlugin = pluginName
|
||||||
|
, credsIdent = userId
|
||||||
|
, credsExtra = setExtra token userResponseJSON
|
||||||
|
}
|
||||||
|
where
|
||||||
|
oauth2 = OAuth2
|
||||||
|
{ oauthClientId = clientId
|
||||||
|
, oauthClientSecret = clientSecret
|
||||||
|
, oauthOAuthorizeEndpoint = "https://mysite.com/oauth/authorize"
|
||||||
, oauthAccessTokenEndpoint = "https://mysite.com/oauth/token"
|
, oauthAccessTokenEndpoint = "https://mysite.com/oauth/token"
|
||||||
, oauthCallback = Nothing
|
, oauthCallback = Nothing
|
||||||
})
|
}
|
||||||
makeCredentials
|
|
||||||
|
|
||||||
makeCredentials :: Manager -> AccessToken -> IO (Creds m)
|
|
||||||
makeCredentials manager token = do
|
|
||||||
result <- authGetJSON manager token "https://mysite.com/api/me.json"
|
|
||||||
return $ -- Parse the JSON into (Creds m)
|
|
||||||
```
|
```
|
||||||
|
|
||||||
*If you write one of these, please consider opening a Pull Request*
|
The `Prelude` module is considered public API, though we may build something
|
||||||
|
higher-level that is more convenient for this use-case in the future.
|
||||||
|
|
||||||
## Development & Tests
|
## Development & Tests
|
||||||
|
|
||||||
@ -84,6 +109,8 @@ stack build --dependencies-only
|
|||||||
stack build --pedantic --test
|
stack build --pedantic --test
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Please also run HLint and Weeder before submitting PRs.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
[CHANGELOG](./CHANGELOG.md) | [LICENSE](./LICENSE)
|
[CHANGELOG](./CHANGELOG.md) | [LICENSE](./LICENSE)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user