haskell/yesod-auth-oauth2
1
0
Fork 0
mirror of https://github.com/freckle/yesod-auth-oauth2.git synced 2026-02-16 12:55:47 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
8e434df38a
yesod-auth-oauth2/src/Yesod/Auth/OAuth2/Nylas.hs
patrick brisbin 8e434df38a Support hoauth2-2.0 
The new major version improves the naming of the fields of the OAuth2
record type. This type is central to this library and we leak it freely.

Users who make their own plugins are expected to construct values of
this type to pass into our functions, this makes the new version
disruptive to our code and our users'.

We have two options:

1. Update and release our own new major version

   The major downside is that the current LTS resolver will then not
   update beyond our currently-released version. We have no immediate
   plans for new features in this library, but if we have bugs reported
   to be fixed we would either have to manage a complex backporting or
   ask our Stack users to wait for the next major LTS, which has
   historically been many months.

   Users who wish to use our new version would need to also bring in
   hoauth2, and who knows what else.

2. Release a fully-compatible update

   As mentioned, we leak OAuth2(..) through this library's interface. In
   order to be truly backwards-compatible, we would have to use CCP to
   define an "old style" OAuth2 and use that throughout, such that
   in-the-wild OAuth2 values continue to work as-is.

   This would not be a good long-term solution as it introduces a fair
   amount of naming confusion and will lead to import conflicts for any
   users who also import hoauth2-2.0 modules in the same project.

3. Release a mostly-compatible update

   This is the path this commit explores. We can update our own code to
   be hoauth2-2.0 compatible and use CPP to define the hoauth2-2.0-like
   OAuth2 if we're still on hoauth2-1.x.

   This gets us compiling in either case and "forward functional", with
   the exception of users who define their own plugins (which is rare).

   Because of that use-case, this should technically be a major version
   bump for ourselves (though I'm open to the argument we could treat
   the local-provider use-case differently), however it is still better
   than Option 1 in a few ways:

   - We still compile with hoauth2-1.x, so can be brought in easily as
     an isolated extra-dep
   - If there is a reported bug that we decide to only fix in the newer
     versions, the path for the user is better: they can pull us as an
     extra-dep and likely need no changes. Even if they're doing a
     custom plugin, the required changes are minor
2022-01-31 16:02:35 -05:00

70 lines
2.4 KiB
Haskell
Raw Blame History

{-# LANGUAGE OverloadedStrings #-}
module Yesod.Auth.OAuth2.Nylas
( oauth2Nylas
)
where
import Yesod.Auth.OAuth2.Prelude
import Control.Monad (unless)
import qualified Data.ByteString.Lazy.Char8 as BL8
import Network.HTTP.Client
import qualified Network.HTTP.Types as HT
import qualified Yesod.Auth.OAuth2.Exception as YesodOAuth2Exception
newtype User = User Text
instance FromJSON User where
parseJSON = withObject "User" $ \o -> User <$> o .: "id"
pluginName :: Text
pluginName = "nylas"
defaultScopes :: [Text]
defaultScopes = ["email"]
oauth2Nylas :: YesodAuth m => Text -> Text -> AuthPlugin m
oauth2Nylas clientId clientSecret =
authOAuth2 pluginName oauth $ \manager token -> do
req <- applyBasicAuth (encodeUtf8 $ atoken $ accessToken token) ""
<$> parseRequest "https://api.nylas.com/account"
resp <- httpLbs req manager
let userResponse = responseBody resp
-- FIXME: was this working? I'm 95% sure that the client will throw its
-- own exception on unsuccessful status codes.
unless (HT.statusIsSuccessful $ responseStatus resp)
$ throwIO
$ YesodOAuth2Exception.GenericError pluginName
$ "Unsuccessful HTTP response: "
<> BL8.unpack userResponse
either
(throwIO . YesodOAuth2Exception.JSONDecodingError pluginName)
(\(User userId) -> pure Creds
{ credsPlugin = pluginName
, credsIdent = userId
, credsExtra = setExtra token userResponse
}
)
$ eitherDecode userResponse
where
oauth = OAuth2
{ oauth2ClientId = clientId
, oauth2ClientSecret = Just clientSecret
, oauth2AuthorizeEndpoint =
"https://api.nylas.com/oauth/authorize"
`withQuery` [ ("response_type", "code")
, ( "client_id"
, encodeUtf8 clientId
)
-- N.B. The scopes delimeter is unknown/untested. Verify that before
-- extracting this to an argument and offering a Scoped function. In
-- its current state, it doesn't matter because it's only one scope.
, scopeParam "," defaultScopes
]
, oauth2TokenEndpoint = "https://api.nylas.com/oauth/token"
, oauth2RedirectUri = Nothing
}
Reference in New Issue View Git Blame Copy Permalink