{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE QuasiQuotes #-}
-- |
--
-- OAuth2 plugin for http://www.google.com
--
-- * Authenticates against Google
-- * Uses Google user id as credentials identifier
--
-- If you were previously relying on email as the creds identifier, you can
-- still do that (and more) by overriding it in the creds returned by the plugin
-- with any value read out of the new @userResponse@ key in @'credsExtra'@.
--
-- For example:
--
-- > data User = User { userEmail :: Text }
-- >
-- > instance FromJSON User where -- you know...
-- >
-- > authenticate creds = do
-- >     -- 'getUserResponseJSON' provided by "Yesod.Auth.OAuth" module
-- >     let Right email = userEmail <$> getUserResponseJSON creds
-- >         updatedCreds = creds { credsIdent = email }
-- >
-- >     -- continue normally with updatedCreds
--
module Yesod.Auth.OAuth2.Google
  ( oauth2Google
  , oauth2GoogleWidget
  , oauth2GoogleScoped
  , oauth2GoogleScopedWidget
  ) where

import Yesod.Auth.OAuth2.Prelude
import Yesod.Core (WidgetFor, whamlet)

newtype User = User Text

instance FromJSON User where
  parseJSON :: Value -> Parser User
parseJSON =
    String -> (Object -> Parser User) -> Value -> Parser User
forall a. String -> (Object -> Parser a) -> Value -> Parser a
withObject String
"User" ((Object -> Parser User) -> Value -> Parser User)
-> (Object -> Parser User) -> Value -> Parser User
forall a b. (a -> b) -> a -> b
$ \Object
o -> Text -> User
User
      -- Required for data backwards-compatibility
                                   (Text -> User) -> Parser Text -> Parser User
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> ((Text
"google-uid:" Text -> Text -> Text
forall a. Semigroup a => a -> a -> a
<>) (Text -> Text) -> Parser Text -> Parser Text
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> Object
o Object -> Key -> Parser Text
forall a. FromJSON a => Object -> Key -> Parser a
.: Key
"sub")

pluginName :: Text
pluginName :: Text
pluginName = Text
"google"

defaultScopes :: [Text]
defaultScopes :: [Text]
defaultScopes = [Text
"openid", Text
"email"]

oauth2Google :: YesodAuth m => Text -> Text -> AuthPlugin m
oauth2Google :: Text -> Text -> AuthPlugin m
oauth2Google = [Text] -> Text -> Text -> AuthPlugin m
forall m. YesodAuth m => [Text] -> Text -> Text -> AuthPlugin m
oauth2GoogleScoped [Text]
defaultScopes

oauth2GoogleWidget
  :: YesodAuth m => WidgetFor m () -> Text -> Text -> AuthPlugin m
oauth2GoogleWidget :: WidgetFor m () -> Text -> Text -> AuthPlugin m
oauth2GoogleWidget WidgetFor m ()
widget = WidgetFor m () -> [Text] -> Text -> Text -> AuthPlugin m
forall m.
YesodAuth m =>
WidgetFor m () -> [Text] -> Text -> Text -> AuthPlugin m
oauth2GoogleScopedWidget WidgetFor m ()
widget [Text]
defaultScopes

oauth2GoogleScoped :: YesodAuth m => [Text] -> Text -> Text -> AuthPlugin m
oauth2GoogleScoped :: [Text] -> Text -> Text -> AuthPlugin m
oauth2GoogleScoped =
  WidgetFor m () -> [Text] -> Text -> Text -> AuthPlugin m
forall m.
YesodAuth m =>
WidgetFor m () -> [Text] -> Text -> Text -> AuthPlugin m
oauth2GoogleScopedWidget [whamlet|Login via #{pluginName}|]

oauth2GoogleScopedWidget
  :: YesodAuth m => WidgetFor m () -> [Text] -> Text -> Text -> AuthPlugin m
oauth2GoogleScopedWidget :: WidgetFor m () -> [Text] -> Text -> Text -> AuthPlugin m
oauth2GoogleScopedWidget WidgetFor m ()
widget [Text]
scopes Text
clientId Text
clientSecret =
  WidgetFor m () -> Text -> OAuth2 -> FetchCreds m -> AuthPlugin m
forall m.
YesodAuth m =>
WidgetFor m () -> Text -> OAuth2 -> FetchCreds m -> AuthPlugin m
authOAuth2Widget WidgetFor m ()
widget Text
pluginName OAuth2
oauth2 (FetchCreds m -> AuthPlugin m) -> FetchCreds m -> AuthPlugin m
forall a b. (a -> b) -> a -> b
$ \Manager
manager OAuth2Token
token -> do
    (User Text
userId, ByteString
userResponse) <- Text -> Manager -> OAuth2Token -> URI -> IO (User, ByteString)
forall a.
FromJSON a =>
Text -> Manager -> OAuth2Token -> URI -> IO (a, ByteString)
authGetProfile
      Text
pluginName
      Manager
manager
      OAuth2Token
token
      URI
"https://www.googleapis.com/oauth2/v3/userinfo"

    Creds m -> IO (Creds m)
forall (f :: * -> *) a. Applicative f => a -> f a
pure Creds :: forall master. Text -> Text -> [(Text, Text)] -> Creds master
Creds { credsPlugin :: Text
credsPlugin = Text
pluginName
               , credsIdent :: Text
credsIdent  = Text
userId
               , credsExtra :: [(Text, Text)]
credsExtra  = OAuth2Token -> ByteString -> [(Text, Text)]
setExtra OAuth2Token
token ByteString
userResponse
               }
 where
  oauth2 :: OAuth2
oauth2 = OAuth2 :: Text -> Maybe Text -> URI -> URI -> Maybe URI -> OAuth2
OAuth2
    { oauth2ClientId :: Text
oauth2ClientId          = Text
clientId
    , oauth2ClientSecret :: Maybe Text
oauth2ClientSecret      = Text -> Maybe Text
forall a. a -> Maybe a
Just Text
clientSecret
    , oauth2AuthorizeEndpoint :: URI
oauth2AuthorizeEndpoint = URI
"https://accounts.google.com/o/oauth2/auth"
                                  URI -> [(ByteString, ByteString)] -> URI
forall a. URIRef a -> [(ByteString, ByteString)] -> URIRef a
`withQuery` [Text -> [Text] -> (ByteString, ByteString)
scopeParam Text
" " [Text]
scopes]
    , oauth2TokenEndpoint :: URI
oauth2TokenEndpoint     = URI
"https://www.googleapis.com/oauth2/v3/token"
    , oauth2RedirectUri :: Maybe URI
oauth2RedirectUri       = Maybe URI
forall a. Maybe a
Nothing
    }