mirror of
https://github.com/freckle/yesod-auth-oauth2.git
synced 2026-01-26 02:41:56 +01:00
28d2113674
- Update to ghc-8.8 / lts-16.0 - Update to hoauth2 >= 1.11.0 - authGetBS has pre-encoded errors a v1.9 - oauthClientSecret is Maybe at v1.11 - Tweak non-default Resolvers as required
59 lines
1.6 KiB
Haskell
59 lines
1.6 KiB
Haskell
{-# LANGUAGE OverloadedStrings #-}
|
|
-- |
|
|
--
|
|
-- OAuth2 plugin for Azure AD.
|
|
--
|
|
-- * Authenticates against Azure AD
|
|
-- * Uses email as credentials identifier
|
|
--
|
|
module Yesod.Auth.OAuth2.AzureAD
|
|
( oauth2AzureAD
|
|
, oauth2AzureADScoped
|
|
)
|
|
where
|
|
|
|
import Prelude
|
|
import Yesod.Auth.OAuth2.Prelude
|
|
|
|
newtype User = User Text
|
|
|
|
instance FromJSON User where
|
|
parseJSON = withObject "User" $ \o -> User <$> o .: "mail"
|
|
|
|
pluginName :: Text
|
|
pluginName = "azuread"
|
|
|
|
defaultScopes :: [Text]
|
|
defaultScopes = ["openid", "profile"]
|
|
|
|
oauth2AzureAD :: YesodAuth m => Text -> Text -> AuthPlugin m
|
|
oauth2AzureAD = oauth2AzureADScoped defaultScopes
|
|
|
|
oauth2AzureADScoped :: YesodAuth m => [Text] -> Text -> Text -> AuthPlugin m
|
|
oauth2AzureADScoped scopes clientId clientSecret =
|
|
authOAuth2 pluginName oauth2 $ \manager token -> do
|
|
(User userId, userResponse) <- authGetProfile
|
|
pluginName
|
|
manager
|
|
token
|
|
"https://graph.microsoft.com/v1.0/me"
|
|
|
|
pure Creds
|
|
{ credsPlugin = pluginName
|
|
, credsIdent = userId
|
|
, credsExtra = setExtra token userResponse
|
|
}
|
|
where
|
|
oauth2 = OAuth2
|
|
{ oauthClientId = clientId
|
|
, oauthClientSecret = Just clientSecret
|
|
, oauthOAuthorizeEndpoint =
|
|
"https://login.windows.net/common/oauth2/authorize"
|
|
`withQuery` [ scopeParam "," scopes
|
|
, ("resource", "https://graph.microsoft.com")
|
|
]
|
|
, oauthAccessTokenEndpoint =
|
|
"https://login.windows.net/common/oauth2/token"
|
|
, oauthCallback = Nothing
|
|
}
|