Copyright	This file is part of the package openid-connect. It is subject to the license terms in the LICENSE file found in the top-level directory of this distribution and at: https://code.devalot.com/open/openid-connect No part of this package including this file may be copied modified propagated or distributed except according to the terms contained in the LICENSE file.
License	BSD-2-Clause
Safe Haskell	Safe-Inferred
Language	Haskell2010

OpenID.Connect.Authentication

Description

Synopsis

data ClientAuthentication
- = ClientSecretBasic
- | ClientSecretPost
- | ClientSecretJwt
- | PrivateKeyJwt
- | None
- | UnsupportedAuthentication Text
data ClientSecret
data Credentials = Credentials {
}
type ClientID = Text
type ClientRedirectURI = URI
data AuthenticationRequest = AuthenticationRequest {
- authRequestRedirectURI :: ClientRedirectURI
- authRequestClientId :: Text
- authRequestScope :: Scope
- authRequestResponseType :: ByteString
- authRequestDisplay :: Maybe ByteString
- authRequestPrompt :: Maybe ByteString
- authRequestMaxAge :: Maybe Int
- authRequestUiLocales :: Maybe Words
- authRequestIdTokenHint :: Maybe ByteString
- authRequestLoginHint :: Maybe Text
- authRequestAcrValues :: Maybe Words
- authRequestOtherParams :: [QueryItem]
}

Documentation

data ClientAuthentication Source #

Methods that a client can use to authenticate with a provider.

Defined in OpenID Connect Core 1.0 §9.

Since: 0.1.0.0

Constructors

ClientSecretBasic	Send credentials using HTTP Basic Authentication.
ClientSecretPost	Send the credentials in the body of an HTTP POST.
ClientSecretJwt	Create a JWT and calculate a message authentication code using a shared secret. The JWT confirms that the client is in possession of the shared secret.
PrivateKeyJwt	Create and sign a JWT using a private key. The provider must already have access to the public key corresponding to the private key.
None	The Client does not authenticate itself at the Token Endpoint, either because it uses only the Implicit Flow (and so does not use the Token Endpoint) or because it is a Public Client with no Client Secret or other authentication mechanism.
UnsupportedAuthentication Text	Other unsupported possible ways to autenticate the client. Since: 0.2.0

Instances

Instances details

FromJSON ClientAuthentication Source #
Instance details Defined in OpenID.Connect.Authentication Methods parseJSON :: Value -> Parser ClientAuthentication # parseJSONList :: Value -> Parser [ClientAuthentication] #
ToJSON ClientAuthentication Source #
Instance details Defined in OpenID.Connect.Authentication Methods toJSON :: ClientAuthentication -> Value # toEncoding :: ClientAuthentication -> Encoding # toJSONList :: [ClientAuthentication] -> Value # toEncodingList :: [ClientAuthentication] -> Encoding #
Generic ClientAuthentication Source #
Instance details Defined in OpenID.Connect.Authentication Associated Types type Rep ClientAuthentication :: Type -> Type # Methods from :: ClientAuthentication -> Rep ClientAuthentication x # to :: Rep ClientAuthentication x -> ClientAuthentication #
Show ClientAuthentication Source #
Instance details Defined in OpenID.Connect.Authentication Methods showsPrec :: Int -> ClientAuthentication -> ShowS # show :: ClientAuthentication -> String # showList :: [ClientAuthentication] -> ShowS #
Eq ClientAuthentication Source #
Instance details Defined in OpenID.Connect.Authentication Methods (==) :: ClientAuthentication -> ClientAuthentication -> Bool # (/=) :: ClientAuthentication -> ClientAuthentication -> Bool #
type Rep ClientAuthentication Source #
Instance details Defined in OpenID.Connect.Authentication type Rep ClientAuthentication = D1 ('MetaData "ClientAuthentication" "OpenID.Connect.Authentication" "openid-connect-0.2.0-9NUCQOfqK7L3ZMFQIg1Sgd" 'False) ((C1 ('MetaCons "ClientSecretBasic" 'PrefixI 'False) (U1 :: Type -> Type) :+: (C1 ('MetaCons "ClientSecretPost" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "ClientSecretJwt" 'PrefixI 'False) (U1 :: Type -> Type))) :+: (C1 ('MetaCons "PrivateKeyJwt" 'PrefixI 'False) (U1 :: Type -> Type) :+: (C1 ('MetaCons "None" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "UnsupportedAuthentication" 'PrefixI 'False) (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedLazy) (Rec0 Text)))))

data ClientSecret Source #

Private values needed by the client in order to authenticate with the provider.

The method of authentication is established when the client registers with the provider.

Since: 0.1.0.0

Constructors

AssignedSecretText Text

A client_secret created by the provider and given to the client to use during authentication.

This is the most common way to authenticate with a provider.

AssignedAssertionText Text

A client_secret created by the provider and given to the client. The client must create a JWT and use the client_secret to calculate a message authentication code for the JWT.

AssertionPrivateKey JWK

A private key that is solely in the client's possession. The provider holds the public key portion of the given key.

The client creates and signs a JWT in order to authenticate.

data Credentials Source #

A complete set of credentials used by the client to authenticate with the provider.

Since: 0.1.0.0

Constructors

Credentials
Fields assignedClientId :: ClientID The provider-assigned `client_id`. clientSecret :: ClientSecret The `client_secret` or other means of authenticating. clientRedirectUri :: ClientRedirectURI The `redirect_uri` shared between the client and provider. This URI must be registered with the provider.

type ClientID = Text Source #

A client_id assigned by the provider.

Since: 0.1.0.0

type ClientRedirectURI = URI Source #

The client (relying party) redirection URL previously registered with the OpenID Provider (i.e. a URL to an endpoint on your web site that receives authentication details from the provider via the end-user's browser).

After the provider has authenticated the end-user, they will be redirected to this URL to continue the flow.

NOTE: This URL must match exactly with the one registered with the provider. If they don't match the provider will not redirect the end-user back to your site.

Since: 0.1.0.0

data AuthenticationRequest Source #

§3.1.2.1. Authentication Request.

The fields of this record are send to the provider by way of a URI given to the end-user.

Clients can use the defaultAuthenticationRequest function to easily create a value of this type.

Since: 0.1.0.0

Constructors

AuthenticationRequest

Fields

authRequestRedirectURI :: ClientRedirectURI
Where to redirect the end-user to after authentication.
authRequestClientId :: Text
The client_id assigned by the provider.
authRequestScope :: Scope
The scope to request. The openid scope is always part of this list.
authRequestResponseType :: ByteString
The response_type parameter.
authRequestDisplay :: Maybe ByteString
The display parameter.
authRequestPrompt :: Maybe ByteString
The prompt parameter.
authRequestMaxAge :: Maybe Int
The max_age parameter.
authRequestUiLocales :: Maybe Words
The ui_locales parameter.
authRequestIdTokenHint :: Maybe ByteString
The id_token_hint parameter.
authRequestLoginHint :: Maybe Text
The login_hint parameter.
authRequestAcrValues :: Maybe Words
The acr_values parameter.
authRequestOtherParams :: [QueryItem]
Any additional query parameters you wish to send to the provider.