| Safe Haskell | Safe-Inferred |
|---|---|
| Language | Haskell2010 |
Network.OAuth2.Session
Description
MS Identity user session based on OAuth tokens
The library supports the following authentication scenarios :
- Client Credentials (server/server or automation accounts)
- Authorization Code (with human users being prompted to delegate some access rights to the app)
and provides functions to keep tokens up to date in the background.
Synopsis
- type Token t = TVar (Maybe t)
- newNoToken :: MonadIO m => m (Token t)
- expireToken :: MonadIO m => Token t -> m ()
- readToken :: MonadIO m => Token t -> m (Maybe t)
- fetchUpdateToken :: MonadIO m => IdpApplication 'ClientCredentials AzureAD -> Token OAuth2Token -> Manager -> m ()
- loginEndpoint :: MonadIO m => IdpApplication 'AuthorizationCode AzureAD -> RoutePattern -> Scotty m ()
- replyEndpoint :: MonadIO m => IdpApplication 'AuthorizationCode AzureAD -> Tokens UserSub OAuth2Token -> Manager -> RoutePattern -> Scotty m ()
- type Tokens uid t = TVar (TokensData uid t)
- newTokens :: (MonadIO m, Ord uid) => m (Tokens uid t)
- data UserSub
- lookupUser :: (MonadIO m, Ord uid) => Tokens uid t -> uid -> m (Maybe t)
- expireUser :: (MonadIO m, Ord uid) => Tokens uid t -> uid -> m ()
- tokensToList :: MonadIO m => Tokens k a -> m [(k, a)]
- withAADUser :: MonadIO m => Tokens UserSub t -> Text -> (t -> Action m ()) -> Action m ()
- type Scotty = ScottyT Text
- type Action = ActionT Text
App-only flow
newNoToken :: MonadIO m => m (Token t) Source #
expireToken :: MonadIO m => Token t -> m () Source #
Arguments
| :: MonadIO m | |
| => IdpApplication 'ClientCredentials AzureAD | |
| -> Token OAuth2Token | token TVar |
| -> Manager | |
| -> m () |
Fetch an OAuth token and keep it updated. Should be called as a first thing in the app
NB : forks a thread in the background
https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow
Auth code grant flow
OAuth endpoints
Arguments
| :: MonadIO m | |
| => IdpApplication 'AuthorizationCode AzureAD | |
| -> RoutePattern | e.g. |
| -> Scotty m () |
Login endpoint
see azureADApp
Arguments
| :: MonadIO m | |
| => IdpApplication 'AuthorizationCode AzureAD | |
| -> Tokens UserSub OAuth2Token | token TVar |
| -> Manager | |
| -> RoutePattern | e.g. |
| -> Scotty m () |
The identity provider redirects the client to the reply endpoint as part of the OAuth flow : https://learn.microsoft.com/en-us/graph/auth-v2-user?view=graph-rest-1.0&tabs=http#authorization-response
NB : forks a thread per logged in user to keep their tokens up to date
In-memory user session
sub field
Instances
| FromJSON UserSub Source # | |
| FromJSONKey UserSub Source # | |
Defined in Network.OAuth2.JWT Methods | |
| ToJSON UserSub Source # | |
Defined in Network.OAuth2.JWT | |
| ToJSONKey UserSub Source # | |
Defined in Network.OAuth2.JWT | |
| IsString UserSub Source # | |
Defined in Network.OAuth2.JWT Methods fromString :: String -> UserSub # | |
| Generic UserSub Source # | |
| Show UserSub Source # | |
| Eq UserSub Source # | |
| Ord UserSub Source # | |
| type Rep UserSub Source # | |
Defined in Network.OAuth2.JWT | |
Look up a user identifier and return their current token, if any
Remove a user, i.e. they will have to authenticate once more
tokensToList :: MonadIO m => Tokens k a -> m [(k, a)] Source #
return a list representation of the Tokens object
Scotty misc
Azure App Service
Arguments
| :: MonadIO m | |
| => Tokens UserSub t | |
| -> Text | login URI |
| -> (t -> Action m ()) | call MSGraph APIs with token |
| -> Action m () |
Decode the App Service ID token header X-MS-TOKEN-AAD-ID-TOKEN, look its user up in the local token store, supply token t to continuation. If the user sub cannot be found in the token store the browser is redirected to the login URI.
Special case of aadHeaderIdToken