oauthenticated-0.0.5: Simple OAuth client code built atop http-conduit

Safe HaskellNone




Credentials, Creds, are built from Tokens, public/private key pairs, and come in 3 varieties.

  • Client: Represents a particular client or consumer, used as part of every transaction that client signs.
  • Temporary: Resource token representing a short-lived grant to access a restricted set of server resources on behalf of the user. Typically used as part of a authorization negotiation protocol.
  • Permanent: Resource token representing a long-lived grant to access an authorized set of server resources on behalf of the user. Outside of access negotiation this is the most common kind of resource Token.


Tokens and their parameterization

data Token ty Source

Tokens are public, private key pairs and come in many varieties, Client, Temporary, and Permanent.


Token !Key !Secret 


Typeable1 Token 
Eq (Token ty) 
Data ty => Data (Token ty) 
Ord (Token ty) 
Show (Token ty) 
ToJSON (Token ty)

Produces a JSON object using keys named oauth_token and oauth_token_secret.

FromJSON (Token ty)

Parses a JSON object with keys oauth_token and oauth_token_secret, the standard format for OAuth 1.0.

type Key = ByteStringSource

Token Keys are public keys which allow a server to uniquely identify a particular Token.

type Secret = ByteStringSource

Token Secrets are private keys which the Token uses for cryptographic purposes.

data Client Source

Client Credentials and Tokens are assigned to a particular client by the server and are used for all requests sent by that client. They form the core component of resource specific credentials.

data Temporary Source

Temporary Tokens and Credentials are created during authorization protocols and are rarely meant to be kept for more than a few minutes. Typically they are authorized to access only a very select set of server resources. During "three-legged authorization" in OAuth 1.0 they are used to generate the authorization request URI the client sends and, after that, in the Permanent Token request.

data Permanent Source

Permanent Tokens and Credentials are the primary means of accessing server resources. They must be maintained by the client for each user who authorizes that client to access resources on their behalf.


fromUrlEncoded :: ByteString -> Maybe (Bool, Token ty)Source

Parses a www-form-urlencoded stream to produce a Token if possible. The first result value is whether or not the token data is OAuth 1.0a compatible.

>>> fromUrlEncoded "oauth_token=key&oauth_token_secret=secret"
Just (False, Token "key" "secret")
>>> fromUrlEncoded "oauth_token=key&oauth_token_secret=secret&oauth_callback_confirmed=true"
Just (True, Token "key" "secret")

Credentials and credential construction

data Cred ty Source

Credentials pair a Client Token and either a Temporary or Permanent token corresponding to a particular set of user resources on the server.


Typeable1 Cred 
Eq (Cred ty) 
Data ty => Data (Cred ty) 
Ord (Cred ty) 
Show (Cred ty) 


clientToken :: Lens (Cred ty) (Cred ty) (Token Client) (Token Client)Source

All Creds have Client Token information.

resourceToken :: (ResourceToken ty, ResourceToken ty') => Lens (Cred ty) (Cred ty') (Token ty) (Token ty')Source

Some Creds have resource Token information, i.e. either Temporary or Permanent credentials. This lens can be used to change the type of a Cred.

getResourceTokenDef :: Cred ty -> Token tySource

OAuth assumes that, by default, any credential has a resource Token that is by default completely blank. In this way we can talk about the resource Token of even Client Creds.

>>> getResourceTokenDef (clientCred $ Token "key" "secret")
Token "" ""

signingKey :: Cred ty -> ByteStringSource

Produce a signingKey from a set of credentials. This is a URL encoded string built from the client secret and the token secret.

If no token secret exists then the blank string is used.

\secret -> signingKey (clientCred $ Token "key" secret) == (pctEncode secret <> "&" <> "")