mirror of
https://github.com/freckle/yesod-auth-oauth2.git
synced 2026-01-11 19:58:28 +01:00
a8de561848
This adds support for `ghc-9.12` / `hoauth2-2.15` and drops support for
`ghc < 9.4` / `hoauth2 < 2.8`.
Since this would be a major version bump no matter what, I've changed
the interface we present to align with `hoauth2-2.15`. This means using
the newer `fetch` functions, and `TokenResponse{,Error}` type names.
I've maintained our own `OAuth2` type so that the redirect-uri can
remain a `Maybe` field. The way plugins are constructed, we need to
build an `OAuth2` value in a pure context without one, which is then
supplied later, when we have `MonadHandler` and so can render URLs.
60 lines
1.5 KiB
Haskell
60 lines
1.5 KiB
Haskell
{-# LANGUAGE OverloadedStrings #-}
|
|
|
|
-- |
|
|
--
|
|
-- OAuth2 plugin for Azure AD.
|
|
--
|
|
-- * Authenticates against Azure AD
|
|
-- * Uses email as credentials identifier
|
|
module Yesod.Auth.OAuth2.AzureAD
|
|
( oauth2AzureAD
|
|
, oauth2AzureADScoped
|
|
) where
|
|
|
|
import Yesod.Auth.OAuth2.Prelude
|
|
import Prelude
|
|
|
|
newtype User = User Text
|
|
|
|
instance FromJSON User where
|
|
parseJSON = withObject "User" $ \o -> User <$> o .: "mail"
|
|
|
|
pluginName :: Text
|
|
pluginName = "azuread"
|
|
|
|
defaultScopes :: [Text]
|
|
defaultScopes = ["openid", "profile"]
|
|
|
|
oauth2AzureAD :: YesodAuth m => Text -> Text -> AuthPlugin m
|
|
oauth2AzureAD = oauth2AzureADScoped defaultScopes
|
|
|
|
oauth2AzureADScoped :: YesodAuth m => [Text] -> Text -> Text -> AuthPlugin m
|
|
oauth2AzureADScoped scopes clientId clientSecret =
|
|
authOAuth2 pluginName oauth2 $ \manager token -> do
|
|
(User userId, userResponse) <-
|
|
authGetProfile
|
|
pluginName
|
|
manager
|
|
token
|
|
"https://graph.microsoft.com/v1.0/me"
|
|
|
|
pure
|
|
Creds
|
|
{ credsPlugin = pluginName
|
|
, credsIdent = userId
|
|
, credsExtra = setExtra token userResponse
|
|
}
|
|
where
|
|
oauth2 =
|
|
OAuth2
|
|
{ oauth2ClientId = clientId
|
|
, oauth2ClientSecret = clientSecret
|
|
, oauth2AuthorizeEndpoint =
|
|
"https://login.windows.net/common/oauth2/authorize"
|
|
`withQuery` [ scopeParam "," scopes
|
|
, ("resource", "https://graph.microsoft.com")
|
|
]
|
|
, oauth2TokenEndpoint = "https://login.windows.net/common/oauth2/token"
|
|
, oauth2RedirectUri = Nothing
|
|
}
|