Portability | non-portable |
---|---|
Stability | experimental |
Maintainer | me@jspha.com |
Safe Haskell | None |
Credentials, Cred
s, are built from Token
s, public/private key pairs, and
come in 3 varieties.
-
Client
: Represents a particular client or consumer, used as part of every transaction that client signs. -
Temporary
: Resource token representing a short-lived grant to access a restricted set of server resources on behalf of the user. Typically used as part of a authorization negotiation protocol. -
Permanent
: Resource token representing a long-lived grant to access an authorized set of server resources on behalf of the user. Outside of access negotiation this is the most common kind of resourceToken
.
- data Token ty = Token !Key !Secret
- type Key = ByteString
- type Secret = ByteString
- data Client
- data Temporary
- data Permanent
- class ResourceToken tk
- fromUrlEncoded :: ByteString -> Maybe (Bool, Token ty)
- data Cred ty
- clientCred :: Token Client -> Cred Client
- temporaryCred :: Token Temporary -> Cred Client -> Cred Temporary
- permanentCred :: Token Permanent -> Cred Client -> Cred Permanent
- key :: Lens (Token ty) (Token ty) Key Key
- secret :: Lens (Token ty) (Token ty) Secret Secret
- clientToken :: Lens (Cred ty) (Cred ty) (Token Client) (Token Client)
- resourceToken :: (ResourceToken ty, ResourceToken ty') => Lens (Cred ty) (Cred ty') (Token ty) (Token ty')
- getResourceTokenDef :: Cred ty -> Token ty
- signingKey :: Cred ty -> ByteString
Tokens and their parameterization
Typeable1 Token | |
Eq (Token ty) | |
Data ty => Data (Token ty) | |
Ord (Token ty) | |
Show (Token ty) | |
ToJSON (Token ty) | Produces a JSON object using keys named |
FromJSON (Token ty) | Parses a JSON object with keys |
type Key = ByteStringSource
type Secret = ByteStringSource
Temporary
Token
s and Cred
entials are created during authorization
protocols and are rarely meant to be kept for more than a few minutes.
Typically they are authorized to access only a very select set of server
resources. During "three-legged authorization" in OAuth 1.0 they are used
to generate the authorization request URI the client sends and, after that,
in the Permanent
Token
request.
Deserialization
fromUrlEncoded :: ByteString -> Maybe (Bool, Token ty)Source
Parses a www-form-urlencoded
stream to produce a Token
if possible.
The first result value is whether or not the token data is OAuth 1.0a
compatible.
>>>
fromUrlEncoded "oauth_token=key&oauth_token_secret=secret"
Just (False, Token "key" "secret")
>>>
fromUrlEncoded "oauth_token=key&oauth_token_secret=secret&oauth_callback_confirmed=true"
Just (True, Token "key" "secret")
Credentials and credential construction
Accessors
resourceToken :: (ResourceToken ty, ResourceToken ty') => Lens (Cred ty) (Cred ty') (Token ty) (Token ty')Source
getResourceTokenDef :: Cred ty -> Token tySource
signingKey :: Cred ty -> ByteStringSource
Produce a signingKey
from a set of credentials. This is a URL
encoded string built from the client secret and the token
secret.
If no token secret exists then the blank string is used.
\secret -> signingKey (clientCred $ Token "key" secret) == (pctEncode secret <> "&" <> "")