handa-gdata-0.6.4: Library and command-line utility for accessing Google services and APIs.

Safe HaskellNone

Network.Google.OAuth2

Contents

Description

Functions for OAuth 2.0 authentication for Google APIs.

If you are new to Google web API's, bear in mind that there are three different methods for accessing APIs (installed applications, web apps, service-to-service), and this library is most useful for "installed applications".

Installed applications need the user to grant permission in a browser at least once (see formUrl). However, while the resulting accessToken expires quickly, the refreshToken can be used indefinitely for retrieving new access tokens. Thus this approach can be suitable for long running or periodic programs that access Google data.

Below is a quick-start program which will list any Google Fusion tables the user possesses. It requires the client ID and secret retrieved from https://code.google.com/apis/console. 

 import Control.Monad (unless)
 import System.Info (os)
 import System.Process (system, rawSystem)
 import System.Exit    (ExitCode(..))
 import System.Directory (doesFileExist)
 import Network.Google.OAuth2 (formUrl, exchangeCode, refreshTokens,
                               OAuth2Client(..), OAuth2Tokens(..))
 import Network.Google (makeRequest, doRequest)
 import Network.HTTP.Conduit (simpleHttp)
 --
 cid    = "INSTALLED_APP_CLIENT_ID"
 secret = "INSTALLED_APP_SECRET_HERE"
 file   = "./tokens.txt"
 --  
 main = do
   -- Ask for permission to read/write your fusion tables:
   let client = OAuth2Client { clientId = cid, clientSecret = secret }
       permissionUrl = formUrl client ["https:www.googleapis.comauthfusiontables"]
   b <- doesFileExist file
   unless b $ do 
       putStrLn$ "Load this URL: "++show permissionUrl
       case os of
         "linux"  -> rawSystem "gnome-open" [permissionUrl]
         "darwin" -> rawSystem "open"       [permissionUrl]
         _        -> return ExitSuccess
       putStrLn "Please paste the verification code: "
       authcode <- getLine
       tokens   <- exchangeCode client authcode
       putStrLn$ "Received access token: "++show (accessToken tokens)
       tokens2  <- refreshTokens client tokens
       putStrLn$ "As a test, refreshed token: "++show (accessToken tokens2)
       writeFile file (show tokens2)
   accessTok <- fmap (accessToken . read) (readFile file)
   putStrLn "As a test, list the users tables:"
   response <- simpleHttp ("https:www.googleapis.comfusiontablesv1/tables?access_token="++accessTok)
   putStrLn$ BL.unpack response

Synopsis

Types

data OAuth2Client Source

Constructors

OAuth2Client 

Fields

clientId :: String

The client ID.

clientSecret :: String

The client secret.

Instances

type OAuth2Scope = StringSource

An OAuth 2.0 scope.

data OAuth2Tokens Source

OAuth 2.0 tokens.

Constructors

OAuth2Tokens 

Fields

accessToken :: String

The access token.

refreshToken :: String

The refresh token.

expiresIn :: Rational

The number of seconds until the access token expires.

tokenType :: String

The token type.

Instances

Functions

googleScopesSource

Arguments

:: [(String, OAuth2Scope)]

List of names and the corresponding scopes.

The OAuth 2.0 scopes for Google APIs, see https://developers.google.com/oauthplayground/.

formUrlSource

Arguments

:: OAuth2Client

The OAuth 2.0 client.

-> [OAuth2Scope]

The OAuth 2.0 scopes to be authorized.

-> String

The URL for authorization.

Form a URL for authorizing an installed application, see https://developers.google.com/accounts/docs/OAuth2InstalledApp#formingtheurl.

exchangeCodeSource

Arguments

:: OAuth2Client

The OAuth 2.0 client.

-> OAuth2Code

The authorization code.

-> IO OAuth2Tokens

The action for obtaining the tokens.

Exchange an authorization code for tokens, see https://developers.google.com/accounts/docs/OAuth2InstalledApp#handlingtheresponse.

refreshTokensSource

Arguments

:: OAuth2Client

The client.

-> OAuth2Tokens

The tokens.

-> IO OAuth2Tokens

The action to refresh the tokens.

Refresh OAuth 2.0 tokens, see https://developers.google.com/accounts/docs/OAuth2InstalledApp#refresh.

validateTokensSource

Arguments

:: OAuth2Tokens

The tokens.

-> IO Rational

The number of seconds until the access token expires.

Validate OAuth 2.0 tokens, see https://developers.google.com/accounts/docs/OAuth2Login#validatingtoken.

getCachedTokensSource

Arguments

:: OAuth2Client

The client is the "key" for token lookup.

-> IO OAuth2Tokens 

Provide a hassle-free way to retrieve and refresh tokens from a users home directory, OR ask the user for permission.

The first time it is called, this may open a web-browser, and/or request the user enter data on the command line. Subsequently, invocations on the same machine should not communicate with the user.

If the tokens do not expire until more than 15 minutes in the future, this procedure will skip the refresh step. Whether or not it refreshes should be immaterial to the clients subsequent actions, because all clients should handle authentication errors (and all 5xx errors) and call refreshToken as necessary.