Safe Haskell | Safe-Inferred |
---|---|
Language | Haskell2010 |
Settings for using Azure Active Directory as OAuth identity provider
Both Delegated
(On-Behalf-Of) and App-only
(i.e. Client Credentials) authentication flows are supported. The former is useful when a user needs to login and delegate some permissions to the application (i.e. accessing personal data), whereas the second is for server processes and automation accounts.
Synopsis
- data AzureAD
- azureADApp :: Text -> ClientId -> ClientSecret -> [Scope] -> IdpApplication 'ClientCredentials AzureAD
- data OAuthCfg = OAuthCfg {}
- data AzureADUser
- azureOAuthADApp :: OAuthCfg -> IdpApplication 'AuthorizationCode AzureAD
Documentation
App flow
:: Text | application name |
-> ClientId | |
-> ClientSecret | |
-> [Scope] | scopes |
-> IdpApplication 'ClientCredentials AzureAD |
Azure OAuth application (i.e. with user consent screen)
NB : scope offline_access
is ALWAYS requested
create app at https://go.microsoft.com/fwlink/?linkid=2083908
also be aware to find the right client id. see https://stackoverflow.com/a/70670961
Delegated permissions OAuth2 flow
Configuration object of the OAuth2 application
OAuthCfg | |
|
data AzureADUser Source #
Instances
FromJSON AzureADUser Source # | |
Defined in Network.OAuth2.Provider.AzureAD parseJSON :: Value -> Parser AzureADUser # parseJSONList :: Value -> Parser [AzureADUser] # | |
Show AzureADUser Source # | |
Defined in Network.OAuth2.Provider.AzureAD showsPrec :: Int -> AzureADUser -> ShowS # show :: AzureADUser -> String # showList :: [AzureADUser] -> ShowS # | |
Eq AzureADUser Source # | |
Defined in Network.OAuth2.Provider.AzureAD (==) :: AzureADUser -> AzureADUser -> Bool # (/=) :: AzureADUser -> AzureADUser -> Bool # | |
Ord AzureADUser Source # | |
Defined in Network.OAuth2.Provider.AzureAD compare :: AzureADUser -> AzureADUser -> Ordering # (<) :: AzureADUser -> AzureADUser -> Bool # (<=) :: AzureADUser -> AzureADUser -> Bool # (>) :: AzureADUser -> AzureADUser -> Bool # (>=) :: AzureADUser -> AzureADUser -> Bool # max :: AzureADUser -> AzureADUser -> AzureADUser # min :: AzureADUser -> AzureADUser -> AzureADUser # |
:: OAuthCfg | OAuth configuration |
-> IdpApplication 'AuthorizationCode AzureAD |
Azure OAuth application (i.e. with user consent screen)
NB : scopes openid
and offline_access
are ALWAYS requested since the library assumes we have access to refresh tokens and ID tokens
Reference on Microsoft Graph permissions : https://learn.microsoft.com/en-us/graph/permissions-reference
create app at https://go.microsoft.com/fwlink/?linkid=2083908
also be aware to find the right client id. see https://stackoverflow.com/a/70670961