hsoz- Iron, Hawk, Oz: Web auth protocols

Safe HaskellNone




data OzTicket Source #

An object describing a ticket and its public properties. An Oz ticket is a set of Hawk credentials used by the application to access protected resources. Just like any other Hawk credentials.




  • ozTicketExp :: POSIXTime

    Ticket expiration time.

  • ozTicketApp :: OzAppId

    The application id the ticket was issued to.

  • ozTicketUser :: Maybe OzUserId

    The user id if the ticket represents access to user resources. If no user id is included, the ticket allows the application access to the application own resources only.

  • ozTicketScope :: OzScope

    The ticket scope. Defaults to [] if no scope is specified.

  • ozTicketGrant :: Maybe OzGrantId

    If user is set, includes the grant identifier referencing the authorization granted by the user to the application. Can be a unique identifier or string encoding the grant information as long as the server is able to parse the information later.

  • ozTicketDelegate :: Bool

    If false, the ticket cannot be delegated regardless of the application permissions. Defaults to true which means use the application permissions to delegate.

  • ozTicketDlg :: Maybe OzAppId

    If the ticket is the result of access delegation, the application id of the delegating application.

data OzSealedTicket Source #

A sealed ticket is the result of issue. It is JSON-encoded and given to the app.

Unlike most Hawk credential identifiers, the Oz ticket identifier is an encoded Iron string which when decoded contains an OzTicket




data OzApp Source #

An object describing an application.




data OzGrant Source #

A grant is the authorization given to an application by a user to access the user's protected resources. Grants can be persisted in a database (usually to support revocation) or can be self describing (using an encoded identifier).




data OzExt Source #

An object used to include custom server data in the ticket and response. The public part is included in the Oz reponse under ticket.ext. The private part is only available within the encoded ticket.





Eq OzExt Source # 


(==) :: OzExt -> OzExt -> Bool #

(/=) :: OzExt -> OzExt -> Bool #

Show OzExt Source # 


showsPrec :: Int -> OzExt -> ShowS #

show :: OzExt -> String #

showList :: [OzExt] -> ShowS #

Generic OzExt Source # 

Associated Types

type Rep OzExt :: * -> * #


from :: OzExt -> Rep OzExt x #

to :: Rep OzExt x -> OzExt #

Monoid OzExt Source # 


mempty :: OzExt #

mappend :: OzExt -> OzExt -> OzExt #

mconcat :: [OzExt] -> OzExt #

type Rep OzExt Source # 
type Rep OzExt = D1 (MetaData "OzExt" "Network.Oz.Types" "hsoz-" False) (C1 (MetaCons "OzExt" PrefixI True) ((:*:) (S1 (MetaSel (Just Symbol "ozExtPublic") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 Object)) (S1 (MetaSel (Just Symbol "ozExtPrivate") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 Object))))

data TicketOpts Source #

Ticket generation options. The default values are:

  • One hour ticket lifetime.
  • One minute RSVP lifetime.
  • Use the application permissions to delegate.
  • defaults Iron configuration.
  • 32 byte Hawk key length.
  • SHA256 message authentication.
  • No ext data.





type OzAppId = Text Source #

Identifies an Oz Application

type OzUserId = Text Source #

Identifies a user

type OzGrantId = Text Source #

Identifies an Oz grant

type OzPermission = Text Source #

Tag representing permissions of application

type OzScope = [OzPermission] Source #

Set of permissions for application

type OzTicketId = Text Source #

Oz ticket identifier, which is also a Iron encrypted version of the ticket.

type OzLoadApp = OzAppId -> IO (Either String OzApp) Source #

User-supplied function to look up an Oz app definition by its identifier.

type OzLoadGrant = OzGrantId -> IO (Either String (OzGrant, Maybe OzExt)) Source #

User-supplied function to look up an Oz grant by its identifier.

data Endpoints Source #

Describes the URL configuration of the Oz server.

defaultEndpoints :: Endpoints Source #

A normal set of endpoint URL paths.