haskell/yesod-auth-oauth2
1
0
Fork 0
mirror of https://github.com/freckle/yesod-auth-oauth2.git synced 2026-02-02 14:20:26 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
6b3c6af895
yesod-auth-oauth2/src/Yesod/Auth/OAuth2/Google.hs
patrick brisbin 8cc250523b DRY up via setExtra 
Adds some safety to the stringly-typed keys we're standardizing on.
2018-02-12 09:10:34 -08:00

72 lines
2.2 KiB
Haskell
Raw Blame History

{-# LANGUAGE OverloadedStrings #-}
-- |
--
-- OAuth2 plugin for http://www.google.com
--
-- * Authenticates against Google
-- * Uses Google user id as credentials identifier
--
-- If you were previously relying on the ability to parse email as the creds
-- identifier, you can still do that by overriding it in the creds returned by
-- the plugin. For example:
--
-- > --
-- > -- NOTE: proper use of Maybe/Either omitted for clarity.
-- > --
-- >
-- > parseEmail :: ByteString -> Text
-- > parseEmail = undefined
-- >
-- > authenticate creds = do
-- > let userResponseJSON = fromJust $ lookup "userResponseJSON" credsExtra creds
-- > userEmail = parseEmail userResponseJSON
-- > updatedCreds = creds { credsIdent = userEmail }
-- >
-- > -- continue normally with updatedCreds
--
--
module Yesod.Auth.OAuth2.Google
( oauth2Google
, oauth2GoogleScoped
) where
import Yesod.Auth.OAuth2.Prelude
newtype User = User Text
instance FromJSON User where
parseJSON = withObject "User" $ \o -> User
-- Required for data backwards-compatibility
<$> (("google-uid:" <>) <$> o .: "sub")
pluginName :: Text
pluginName = "google"
defaultScopes :: [Text]
defaultScopes = ["openid", "email"]
oauth2Google :: YesodAuth m => Text -> Text -> AuthPlugin m
oauth2Google = oauth2GoogleScoped defaultScopes
oauth2GoogleScoped :: YesodAuth m => [Text] -> Text -> Text -> AuthPlugin m
oauth2GoogleScoped scopes clientId clientSecret =
authOAuth2 pluginName oauth2 $ \manager token -> do
(User userId, userResponseJSON) <-
authGetProfile pluginName manager token "https://www.googleapis.com/oauth2/v3/userinfo"
pure Creds
{ credsPlugin = pluginName
, credsIdent = userId
, credsExtra = setExtra token userResponseJSON
}
where
oauth2 = OAuth2
{ oauthClientId = clientId
, oauthClientSecret = clientSecret
, oauthOAuthorizeEndpoint = "https://accounts.google.com/o/oauth2/auth" `withQuery`
[ scopeParam "+" scopes
]
, oauthAccessTokenEndpoint = "https://www.googleapis.com/oauth2/v3/token"
, oauthCallback = Nothing
}
Reference in New Issue View Git Blame Copy Permalink