Sign a request using fresh credentials.

The simplest way to execute a set of authenticated requests. Produces invalid ThreeLegged requests---use runOAuth to provide Server and ThreeLegged configuration information.

Run's an OAuthT using a fresh EntropyPool.

Perform authenticated requests using a shared Manager and a particular set of Creds.

OAuthT wrapped over IO.

Given a ResourceToken of some kind, run an inner OAuthT session with the same configuration but new credentials.

Tokens are public, private key pairs and come in many varieties, Client, Temporary, and Permanent.

Credentials pair a Client Token and either a Temporary or Permanent token corresponding to a particular set of user resources on the server.

Client Credentials and Tokens are assigned to a particular client by the server and are used for all requests sent by that client. They form the core component of resource specific credentials.

Temporary Tokens and Credentials are created during authorization protocols and are rarely meant to be kept for more than a few minutes. Typically they are authorized to access only a very select set of server resources. During "three-legged authorization" in OAuth 1.0 they are used to generate the authorization request URI the client sends and, after that, in the Permanent Token request.

Permanent Tokens and Credentials are the primary means of accessing server resources. They must be maintained by the client for each user who authorizes that client to access resources on their behalf.

Parses a www-form-urlencoded stream to produce a Token if possible. The first result value is whether or not the token data is OAuth 1.0a compatible.

>>> fromUrlEncoded "oauth_token=key&oauth_token_secret=secret"
Just (False, Token "key" "secret")

>>> fromUrlEncoded "oauth_token=key&oauth_token_secret=secret&oauth_callback_confirmed=true"
Just (True, Token "key" "secret")

The Server information contains details which parameterize how a particular server wants to interpret OAuth requests.

The default Server parameterization uses OAuth recommended parameters.

The OAuth spec suggest that the OAuth parameter be passed via the Authorization header, but allows for other methods of transmission (see section "3.5. Parameter Transmission") so we select the 'Server'\'s preferred method with this type.

OAuth culminates in the creation of the oauth_signature which signs and authenticates the request using the secret components of a particular OAuth Cred.

Several methods exist for generating these signatures, the most popular being HmacSha1.

OAuth has progressed through several versions since its inception. In particular, there are two community editions "OAuth Core 1.0" (2007) and "OAuth Core 1.0a" (2009) along with the IETF Official version RFC 5849 (2010) which is confusingly named "OAuth 1.0".

/Servers which only implement the obsoleted community edition "OAuth Core 1.0" are susceptible to a session fixation attack./

If at all possible, choose the RFC 5849 version (the OAuth1 value) as it is the modern standard. Some servers may only be compliant with an earlier OAuth version---this should be tested against each server, in particular the protocols defined in Network.OAuth.ThreeLegged.

Data parameterizing the "Three-legged OAuth" redirection-based authorization protocol. These parameters cover the protocol as described in the community editions OAuth Core 1.0 and OAuth Core 1.0a as well as RFC 5849.

Convenience method for creating a ThreeLegged configuration from a trio of URLs and a Callback. Returns Nothing if one of the callback URLs could not be parsed correctly.

When performing the second leg of the three-leg token request workflow, the user must pass the oauth_verifier code back to the client. In order to ensure that this protocol is secure, OAuth demands that the client associates this "callback method" with the temporary credentials generated for the workflow. This Callback method may be a URL where the parameters are returned to or the string "oob" which indicates that the user is responsible for returning the oauth_verifier to the client OutOfBand.

A Verifier is produced when a user authorizes a set of Temporary Creds. Using the Verifier allows the client to request Permanent Creds.

Run a full Three-legged authorization protocol using the simple interface of this module. This is similar to the requestTokenProtocol in Network.OAuth.ThreeLegged, but offers better error handling due in part to the easier management of configuration state.