h*KC      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~                                                       2.12.0 Safe-Inferred "%&03<hoauth2Get response body out of a Response Safe-Inferred "%&03<Yhoauth2/spec says optional but in practice it is S256 9https://datatracker.ietf.org/doc/html/rfc7636#section-4.3     Safe-Inferred "%&03< Safe-Inferred "%&03< Safe-Inferred "%&03< hoauth2%Type sysnonym of request query paramshoauth2!Type synonym of post body contenthoauth2 2https://www.rfc-editor.org/rfc/rfc6749#section-2.3 According to spec:The client MUST NOT use more than one authentication method in each request.2Which means use Authorization header or Post body.However, I found I have to include authentication in the header all the time in real world.In other words,  is always assured.  is optional.Maybe consider an alternative implementation that boolean kind of data type is good enough.hoauth2 4https://www.rfc-editor.org/rfc/rfc6749#section-4.1.4hoauth2 Exists when offline_access scope is in the Authorization Request and the provider supports Refresh Access Token.hoauth2See  2https://www.rfc-editor.org/rfc/rfc6749#section-5.1. It's required per spec. But OAuth2 provider implementation are vary. Maybe will remove  in future release.hoauth2 Exists when openid scope is in the Authorization Request and the provider supports OpenID protocol.hoauth2Authorization Code)hoauth2Query Parameter Representationhoauth2Parse JSON data into & "!#%$&(')/.-,+*012345 Safe-Inferred "%&03<6hoauth2Token Error Responses /https://tools.ietf.org/html/rfc6749#section-5.2Dhoauth2Prepare the URL and the request body query for fetching an access token.Ehoauth2Obtain a new access token by sending a Refresh Token to the Authorization server.Fhoauth2 Exchange code9 for an Access Token with authenticate in request header.Ihoauth2 Exchange code for an Access TokenOAuth2 spec allows credential ( client_id,  client_secret*) to be sent either in the header (a.k.a !). or as form/url params (a.k.a ).The OAuth provider can choose to implement only one, or both. Look for API document from the OAuth provider you're dealing with. If you`re uncertain, try F which sends credential in authorization http header, which is common case.Jhoauth2Fetch a new AccessToken using the Refresh Token with authentication in request header.Mhoauth20Fetch a new AccessToken using the Refresh Token.OAuth2 spec allows credential ("client_id", "client_secret") to be sent either in the header (a.k.a !). or as form/url params (a.k.a ).The OAuth provider can choose to implement only one, or both. Look for API document from the OAuth provider you're dealing with. If you're uncertain, try J which sends credential in authorization http header, which is common case.Nhoauth21Conduct post request and return response as JSON.Ohoauth2Conduct post request.Phoauth2Gets response body from a Response if 200 otherwise assume >Qhoauth2Try to parses response as JSON, if failed, try to parse as like query string.Rhoauth2=Parses the response that contains not JSON but a Query StringShoauth2Add Basic Authentication header using client_id and client_secret.Thoauth2Set several header values: + userAgennt : "hoauth2" + accept : "application/json"Uhoauth2Add Credential (client_id, client_secret) to the request post body. Dhoauth2(access code gained via authorization URLhoauth2/access token request URL plus the request body.Ehoauth2*Refresh Token gained via authorization URLhoauth20Refresh Token request URL plus the request body.Fhoauth2HTTP connection managerhoauth2 OAuth Datahoauth2 OAuth2 Codehoauth2 Access TokenGhoauth2HTTP connection managerhoauth2 OAuth Datahoauth2Authorization Codehoauth2 Access TokenHhoauth2HTTP connection managerhoauth2 OAuth Datahoauth2Authorization Codehoauth2 Access TokenIhoauth2HTTP connection managerhoauth2 OAuth Datahoauth2Authorization Codehoauth2 Access TokenJhoauth2HTTP connection manager.hoauth2 OAuth contexthoauth2(Refresh Token gained after authorizationKhoauth2HTTP connection manager.hoauth2 OAuth contexthoauth2(Refresh Token gained after authorizationLhoauth2HTTP connection manager.hoauth2 OAuth contexthoauth2(Refresh Token gained after authorizationMhoauth2HTTP connection manager.hoauth2 OAuth contexthoauth2(Refresh Token gained after authorizationNhoauth2HTTP connection manager.hoauth2 OAuth optionshoauth2The URLhoauth2 request bodyhoauth2Response as JSONOhoauth2HTTP connection manager.hoauth2 OAuth optionshoauth2URLhoauth2 Request body.hoauth2Response as ByteString 6=<;:987>BA@?CDEFGHIJKLMNOPQRSTU >BA@?6=<;:987CDEFGHIJKLMNOPQRSTU Safe-Inferred "%&03<'\hoauth2 0https://www.rfc-editor.org/rfc/rfc6750#section-2]hoauth2 Provides in Authorization header^hoauth2Provides in request body_hoauth2#Provides in request query parameter`hoauth2Conduct an authorized GET request and return response as JSON. Inject Access Token to Authorization Header.ahoauth2Deprecated. Use b instead.bhoauth2Conduct an authorized GET request and return response as JSON. Allow to specify how to append AccessToken.choauth2Conduct an authorized GET request. Inject Access Token to Authorization Header.dhoauth2Same to c; but set access token to query parameter rather than headerfhoauth2Conduct an authorized GET request and return response as ByteString. Allow to specify how to append AccessToken.ghoauth2Conduct POST request and return response as JSON. Inject Access Token to Authorization Header.ihoauth2Conduct POST request and return response as JSON. Allow to specify how to append AccessToken.jhoauth2Conduct POST request. Inject Access Token to http header (Authorization)khoauth2Conduct POST request with access token only in the request body but header.lhoauth2Conduct POST request with access token only in the header and not in bodynhoauth2Conduct POST request and return response as ByteString. Allow to specify how to append AccessToken.hoauth2Send an HTTP request.hoauth2Set several header values: + userAgennt : "hoauth2" + accept : "application/json" + authorization : "Bearer xxxxx" if  provided.hoauth2Set the HTTP method to use.hoauth2For GET method API.hoauth2Create  with given access token value.`hoauth2HTTP connection manager.hoauth2Response as JSONahoauth2HTTP connection manager.hoauth2Response as JSONbhoauth2HTTP connection manager.hoauth2Response as JSONchoauth2HTTP connection manager.hoauth2Response as ByteStringdhoauth2HTTP connection manager.hoauth2Response as ByteStringehoauth2HTTP connection manager.hoauth2Response as ByteStringfhoauth2'Specify the way that how to append the & in the requesthoauth2HTTP connection manager.hoauth2Response as ByteStringghoauth2HTTP connection manager.hoauth2Response as JSONhhoauth2HTTP connection manager.hoauth2Response as ByteStringihoauth2HTTP connection manager.hoauth2Response as ByteStringjhoauth2HTTP connection manager.hoauth2Response as ByteStringkhoauth2HTTP connection manager.hoauth2Response as ByteStringlhoauth2HTTP connection manager.hoauth2Response as ByteStringmhoauth2HTTP connection manager.hoauth2Response as ByteStringnhoauth2HTTP connection manager.hoauth2Response as ByteStringhoauth2Request to performhoauth2Modify request before sendinghoauth2HTTP connection manager.hoauth2Base URIhoauth2Authorized Access Tokenhoauth2Combined Result`cdbafegjklihnm\]_^`cdbafegjklihnm\]_^ Safe-Inferred "%&03<*zhoauth2)Authorization Code Grant Error Responses 3https://tools.ietf.org/html/rfc6749#section-4.1.2.1I found hard time to figure a way to test the authorization error flow When anything wrong in  /authorize request, it will stuck at the Provider page hence no way for this library to parse error response. In other words,  /authorize ends up with 4xx or 5xx. Revisit this whenever find a case OAuth2 provider redirects back to Relying party with errors.hoauth2See hoauth2Prepare the authorization URL. Redirect to this URL asking for user interactive authentication.qxwuyvsrtz~}|{z~}|{qxwuyvsrt Safe-Inferred "%&03<+)*+,-./#$%&'( !"501243>?@AB6789:;<=CDEFIGHUNJMKLOQPSTR\]_^`cdbafegjklihnm()/.-,+*&('#%$ "!012345 Safe-Inferred"%&03</ hoauth2Can be either "Client Secret" or JWT base on client authentication methodhoauth2Grant type query parameter has association with different GrantType flows but not completely strict.e.g. Both AuthorizationCode and ResourceOwnerPassword flow could support refresh token flow.hoauth2An OAuth2 Application "a" of IdP "i". "a" can be one of following type:hoauth2Idp i& consists various endpoints endpoints.The i is actually phantom type for information only (Idp name) at this moment. And it is PolyKinds.Hence whenever Idp i or IdpApplication i a> is used as function parameter, PolyKinds need to be enabled.hoauth2Userinfo Endpointhoauth2Authorization Endpointhoauth2Token Endpointhoauth2/Apparently not all IdP support device code flowhoauth2+In order to reuse some methods from legacy Network.OAuth.OAuth2:. Will be removed when Experiment module becomes default.-- Safe-Inferred "%&03<1hoauth2'Standard approach of fetching /userinfohoauth2Usually  is good enough. But some IdP has different approach to fetch user information rather than GET. This method gives the flexiblity.  Safe-Inferred "%&03<4hoauth2Only 'AuthorizationCode flow (but not resource owner password nor client credentials) will use  in the token request create type family to be explicit on it. with 'type instance WithExchangeToken a b = b' implies no exchange token v.s. 'type instance WithExchangeToken a b = ExchangeToken -> b' implies needing an exchange token type WithExchangeToken a bhoauth2Only Authorization Code Grant involves a Exchange Token (Authorization Code). ResourceOwnerPassword and Client Credentials make token request directly.hoauth2Make Token Request 4https://www.rfc-editor.org/rfc/rfc6749#section-4.1.3hoauth2Make Token Request (PKCE) 9https://datatracker.ietf.org/doc/html/rfc7636#section-4.5    Safe-Inferred"%&03<5hoauth2.An Application that supports "JWT Bearer" flow -https://datatracker.ietf.org/doc/html/rfc7523  Safe-Inferred"%&03<6hoauth26An Application that supports "Client Credentials" flow 2https://www.rfc-editor.org/rfc/rfc6749#section-4.4hoauth2 4https://www.rfc-editor.org/rfc/rfc6749#section-4.4.2  Safe-Inferred "%&03<7hoauth2)Make Refresh Token Request parameters | 0https://www.rfc-editor.org/rfc/rfc6749#section-6hoauth2Make Refresh Token Request 0https://www.rfc-editor.org/rfc/rfc6749#section-6  Safe-Inferred"%&03<8hoauth2;An Application that supports "Resource Owner Password" flow 2https://www.rfc-editor.org/rfc/rfc6749#section-4.3hoauth2 4https://www.rfc-editor.org/rfc/rfc6749#section-4.3.2  Safe-Inferred "%&03<:{hoauth20Create Device Authorization Request parameters 2https://www.rfc-editor.org/rfc/rfc8628#section-3.1hoauth2 2https://www.rfc-editor.org/rfc/rfc8628#section-3.2hoauth2$Makes Device Authorization Request 2https://www.rfc-editor.org/rfc/rfc8628#section-3.1 Safe-Inferred"%&03<=#hoauth29An Application that supports "Device Authorization Grant" 2https://www.rfc-editor.org/rfc/rfc8628#section-3.1hoauth2Additional parameters to the device authorization request. Most of identity providers follow the spec strictly but AzureAD requires "tenant" parameter.hoauth2The spec requires similar authentication method as /token request. Most of identity providers doesn't required it but some does like Okta.hoauth2 2https://www.rfc-editor.org/rfc/rfc8628#section-3.4hoauth2Polling Interval   Safe-Inferred "%&03<?hoauth2 -https://datatracker.ietf.org/doc/html/rfc7636hoauth24Constructs Authorization Code request parameters | 4https://www.rfc-editor.org/rfc/rfc6749#section-4.1.1hoauth2It could be optional there is only one redirect_uri registered. See: 6https://www.rfc-editor.org/rfc/rfc6749#section-3.1.2.3hoauth2+Constructs Authorization Code request URI 4https://www.rfc-editor.org/rfc/rfc6749#section-4.1.1hoauth2Constructs Authorization Code (PKCE) request URI and the Code Verifier. -https://datatracker.ietf.org/doc/html/rfc7636 Safe-Inferred"%&03<@hoauth26An Application that supports "Authorization code" flow 2https://www.rfc-editor.org/rfc/rfc6749#section-4.1hoauth2 4https://www.rfc-editor.org/rfc/rfc6749#section-4.1.3  Safe-Inferred "%&03<A[( Safe-Inferred "%&03<A   !"#$$%&&'()*+,-./0112345677899:;;<=>>?@ABCDEFGHIJKLMNOPQRRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~KNPQ                                                       4                %hoauth2-2.12.0-5GCoMMrm3UmIiLmRb8LhoeNetwork.OAuth2.Experiment.PkceNetwork.OAuth2.ExperimentNetwork.OAuth.OAuth2!Network.OAuth.OAuth2.TokenRequestNetwork.OAuth.OAuth2.HttpClient)Network.OAuth.OAuth2.AuthorizationRequestNetwork.OAuth2.Experiment.Types/Network.OAuth2.Experiment.Flows.UserInfoRequest,Network.OAuth2.Experiment.Flows.TokenRequest*Network.OAuth2.Experiment.Grants.JwtBearer2Network.OAuth2.Experiment.Grants.ClientCredentials3Network.OAuth2.Experiment.Flows.RefreshTokenRequest6Network.OAuth2.Experiment.Grants.ResourceOwnerPassword:Network.OAuth2.Experiment.Flows.DeviceAuthorizationRequest4Network.OAuth2.Experiment.Grants.DeviceAuthorization4Network.OAuth2.Experiment.Flows.AuthorizationRequest2Network.OAuth2.Experiment.Grants.AuthorizationCodehoauth2Network.HTTP.Client.ContribNetwork.OAuth2.Experiment.Utils Paths_hoauth2Network.OAuth.OAuth2.Internal AccessTokenAuthorizationCodeApplicationDeviceAuthorizationApplicationClientCredentialsApplication ResourceOwnerPasswordApplicationJwtBearerApplication Network.OAuth2.Experiment.GrantsPkceRequestParam codeVerifier codeChallengecodeChallengeMethodCodeChallengeMethodS256 CodeVerifierunCodeVerifier CodeChallengeunCodeChallenge mkPkceParam$fShowCodeChallengeMethod uriToText QueryParamsPostBodyClientAuthenticationMethodClientSecretBasicClientSecretPostClientAssertionJwt OAuth2Token accessToken refreshToken expiresIn tokenTypeidToken ExchangeTokenextokenIdTokenidtoken RefreshTokenrtokenatokenOAuth2oauth2ClientIdoauth2ClientSecretoauth2AuthorizeEndpointoauth2TokenEndpointoauth2RedirectUridefaultRequestHeadersappendQueryParams uriToRequest requestToUrihostLensportLensTokenResponseErrorCodeInvalidRequest InvalidClient InvalidGrantUnauthorizedClientUnsupportedGrantType InvalidScopeUnknownErrorCodeTokenResponseErrortokenResponseErrortokenResponseErrorDescriptiontokenResponseErrorUriparseTokeResponseErroraccessTokenUrlrefreshAccessTokenUrlfetchAccessTokenfetchAccessToken2fetchAccessTokenInternalfetchAccessTokenWithAuthMethodrefreshAccessTokenrefreshAccessToken2refreshAccessTokenInternal refreshAccessTokenWithAuthMethoddoJSONPostRequestdoSimplePostRequesthandleOAuth2TokenResponseparseResponseFlexibleparseResponseString addBasicAuthaddDefaultRequestHeadersclientSecretPost $fFromJSONTokenResponseErrorCode$fFromJSONTokenResponseError$fShowTokenResponseError$fEqTokenResponseError$fShowTokenResponseErrorCode$fEqTokenResponseErrorCodeAPIAuthenticationMethodAuthInRequestHeaderAuthInRequestBodyAuthInRequestQuery authGetJSONauthGetJSONInternalauthGetJSONWithAuthMethod authGetBS authGetBS2authGetBSInternalauthGetBSWithAuthMethod authPostJSONauthPostJSONInternalauthPostJSONWithAuthMethod authPostBS authPostBS2 authPostBS3authPostBSInternalauthPostBSWithAuthMethod$fEqAPIAuthenticationMethod$fOrdAPIAuthenticationMethodAuthorizationResponseErrorCode AccessDeniedUnsupportedResponseType ServerErrorTemporarilyUnavailableAuthorizationResponseErrorauthorizationResponseError%authorizationResponseErrorDescriptionauthorizationResponseErrorUriauthorizationUrlauthorizationUrlWithParams($fFromJSONAuthorizationResponseErrorCode$$fFromJSONAuthorizationResponseError $fShowAuthorizationResponseError$fEqAuthorizationResponseError$$fShowAuthorizationResponseErrorCode"$fEqAuthorizationResponseErrorCode HasOAuth2Key mkOAuth2Key ToQueryParam toQueryParamPassword unPasswordUsername unUsernameAuthorizeStateunAuthorizeState RedirectUri unRedirectUri ClientSecretunClientSecretClientId unClientId ResponseTypeCodeGrantTypeValueGTAuthorizationCode GTPasswordGTClientCredentialsGTRefreshToken GTJwtBearer GTDeviceCodeScopeunScopeIdpApplicationidp applicationIdpidpUserInfoEndpointidpAuthorizeEndpointidpTokenEndpointidpDeviceAuthorizationEndpoint toOAuth2Key$fIsStringScope$fIsStringAuthorizeState$fIsStringUsername$fIsStringPassword$fToQueryParamResponseType$fToQueryParamRefreshToken$fToQueryParamExchangeToken!$fToQueryParamCodeChallengeMethod$fToQueryParamCodeChallenge$fToQueryParamCodeVerifier$fToQueryParamSet$fToQueryParamRedirectUri$fToQueryParamAuthorizeState$fToQueryParamPassword$fToQueryParamUsername$fToQueryParamClientSecret$fToQueryParamClientId$fToQueryParamGrantTypeValue$fToQueryParamMaybe $fEqPassword $fEqUsername$fEqAuthorizeState$fEqRedirectUri$fEqClientSecret$fIsStringClientSecret$fShowClientId $fEqClientId$fIsStringClientId$fEqGrantTypeValue$fShowGrantTypeValue $fEqScope $fOrdScopeHasUserInfoRequestconduitUserInfoRequest&conduitUserInfoRequestWithCustomMethodHasTokenRequest TokenRequestExchangeTokenInfomkTokenRequestParamNoNeedExchangeToken)HasTokenRequestClientAuthenticationMethodgetClientAuthenticationMethodconduitTokenRequestconduitPkceTokenRequestjbNamejbJwtAssertion,$fHasUserInfoRequestTYPEJwtBearerApplication$fToQueryParamTokenRequest%$fHasTokenRequestJwtBearerApplication?$fHasTokenRequestClientAuthenticationMethodJwtBearerApplication"$fHasOAuth2KeyJwtBearerApplication ccClientIdccClientSecretccNameccScopeccTokenRequestExtraParams"ccTokenRequestAuthenticationMethod-$fHasTokenRequestClientCredentialsApplication$fHasTokenRequestClientAuthenticationMethodClientCredentialsApplication*$fHasOAuth2KeyClientCredentialsApplicationHasRefreshTokenRequestmkRefreshTokenRequestParamRefreshTokenRequestrrRefreshToken rrGrantTyperrScopeconduitRefreshTokenRequest!$fToQueryParamRefreshTokenRequest ropClientIdropClientSecretropNameropScope ropUserName ropPasswordropTokenRequestExtraParams8$fHasRefreshTokenRequestResourceOwnerPasswordApplication8$fHasUserInfoRequestTYPEResourceOwnerPasswordApplication1$fHasTokenRequestResourceOwnerPasswordApplication$fHasTokenRequestClientAuthenticationMethodResourceOwnerPasswordApplication.$fHasOAuth2KeyResourceOwnerPasswordApplicationHasDeviceAuthorizationRequest!mkDeviceAuthorizationRequestParamDeviceAuthorizationRequestParamarScope arClientId arExtraParamsDeviceAuthorizationResponse deviceCodeuserCodeverificationUriverificationUriCompleteinterval DeviceCode!conduitDeviceAuthorizationRequest$fToQueryParamDeviceCode%$fFromJSONDeviceAuthorizationResponse-$fToQueryParamDeviceAuthorizationRequestParam$fFromJSONDeviceCodedaName daClientIddaClientSecretdaScope daAuthorizationRequestExtraParam*daAuthorizationRequestAuthenticationMethodpollDeviceTokenRequest6$fHasUserInfoRequestTYPEDeviceAuthorizationApplication/$fHasTokenRequestDeviceAuthorizationApplication=$fHasDeviceAuthorizationRequestDeviceAuthorizationApplication$fHasTokenRequestClientAuthenticationMethodDeviceAuthorizationApplication,$fHasOAuth2KeyDeviceAuthorizationApplicationHasPkceAuthorizeRequestmkPkceAuthorizeRequestParamHasAuthorizeRequestmkAuthorizationRequestParamAuthorizationRequestParamarState arRedirectUriarResponseTypemkAuthorizationRequestmkPkceAuthorizeRequest'$fToQueryParamAuthorizationRequestParamacName acClientIdacClientSecretacScope acRedirectUriacAuthorizeStateacAuthorizeRequestExtraParams"acTokenRequestAuthenticationMethod4$fHasRefreshTokenRequestAuthorizationCodeApplication4$fHasUserInfoRequestTYPEAuthorizationCodeApplication-$fHasTokenRequestAuthorizationCodeApplication5$fHasPkceAuthorizeRequestAuthorizationCodeApplication1$fHasAuthorizeRequestAuthorizationCodeApplication$fHasTokenRequestClientAuthenticationMethodAuthorizationCodeApplication*$fHasOAuth2KeyAuthorizationCodeApplicationhandleResponsehandleResponseJSONtlToBS bs8ToLazyTextunionMapsToQueryParamsversion getBinDir getLibDir getDynLibDir getDataDir getLibexecDirgetDataFileName getSysconfDirbase GHC.MaybeMaybe$fFromJSONOAuth2Token authRequestupdateRequestHeaders setMethodappendAccessTokenaccessTokenToParamJwtBearerTokenRequest trAssertion trGrantTypeClientCredentialsTokenRequesttrClientAuthenticationMethod trExtraParams trClientIdtrClientSecrettrScopePasswordTokenRequest trPassword trUsernamepollDeviceTokenRequestInternalAuthorizationCodeTokenRequest trRedirectUritrCode