нУЁh&  8┘  2·ч                   	  
                                               !  "  #  $  %  &  '  (  )  *  +  ,  -  .  /  0  1  2  3  4  5  6  7  8  9  :  ;  <  =  >  ?  @  A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z  [  \  ]  ^  _  `  a  b  c  d  e  f  g  h  i  j  k  l  m  n  o  p  q  r  s  t  u  v  w  x  y  z  {  |  }  ~    ─  │  ┌  ┐  └  ┘  ├  ┤  ┬  ┴  ┼  ▀  ▄  █  ▌  ▐  ░  ▒  ▓  ⌠  ■  ∙  √  ≈  ≤  ≥     ⌡  °  ²  ·  ÷  ═  ║  ╒  ё  є  ╔  і  ї  ╗  ╘  ╙  ╚  ╛  ґ  ў  ╞  ╟  ╠  ╡  Ё  Є  ╣  І  Ї  ╦  ╧  ╨  ╩  ╪  Ґ  Ў  ©  ю  а  б  ц  д  е  ф  г  х  и  й  к  л  м  н  о  п  я  р  с  т  у  ж  в  ь  ы  з  ш  э  щ  
         Safe-Inferred"%&1;л я з О Ж   ╗ hoauth2ц spec says optional but really it shall be s256 or can be omitted?
 9https://datatracker.ietf.org/doc/html/rfc7636#section-4.3   	
            Safe-Inferred"%&1;л я з О Ж   Н  чъЮ            Safe-Inferred "%&1;л я з О Ж   -  АБЦДЕФГХ     	       Safe-Inferred"%&1;л я з О Ж   	С	 hoauth2!type synonym of post body content hoauth22https://www.rfc-editor.org/rfc/rfc6749#section-2.3 
 According to spec:л The client MUST NOT use more than one authentication method in each request.2Which means use Authorization header or Post body.к However, in reality, I always have to include authentication in the header.In other words, ClientSecrectBasic is always assured.   is optional.ш Maybe consider an alternative implementation that boolean kind of data type is good enough. hoauth24https://www.rfc-editor.org/rfc/rfc6749#section-4.1.4  hoauth2Exists when offline_access scope is in the authorizeUrl0 and the provider supports Refresh Access Token. hoauth2See 2https://www.rfc-editor.org/rfc/rfc6749#section-5.1 .ь  It's required per spec. But OAuth2 provider implementation are vary. Maybe will remove  И in future release. hoauth2Exists when openid scope is in the authorizeUrl" and the provider supports OpenID. hoauth2Authorization Code' hoauth2Query Parameter RepresentationЙ hoauth2Parse JSON data into   & !#"$&%'-,+*)(./0123            Safe-Inferred"%&1;л я з О Ж   л4 hoauth2Token Error Responses /https://tools.ietf.org/html/rfc6749#section-5.2 B hoauth2х Prepare the URL and the request body query for fetching an access token.C hoauth2я Obtain a new access token by sending a Refresh Token to the Authorization server.D hoauth2	Exchange code9 for an Access Token with authenticate in request header.G hoauth2	Exchange code for an Access TokenOAuth2 spec allows credential (	client_id, client_secret*) to be sent
 either in the header (a.k.a  !).
 or as form/url params (a.k.a  ).°The OAuth provider can choose to implement only one, or both.
 Look for API document from the OAuth provider you're dealing with.
 If you're uncertain, try  Dл  which sends credential
 in authorization http header, which is common case.H hoauth2ж Fetch a new AccessToken using the Refresh Token with authentication in request header.K hoauth20Fetch a new AccessToken using the Refresh Token.OAuth2 spec allows credential (	client_id, client_secret*) to be sent
 either in the header (a.k.a  !).
 or as form/url params (a.k.a  ).°The OAuth provider can choose to implement only one, or both.
 Look for API document from the OAuth provider you're dealing with.
 If you're uncertain, try  Hл  which sends credential
 in authorization http header, which is common case.L hoauth21Conduct post request and return response as JSON.M hoauth2Conduct post request.N hoauth2Gets response body from a Response if 200 otherwise assume OAuth2ErrorO hoauth2м Try to parses response as JSON, if failed, try to parse as like query string.P hoauth2=Parses the response that contains not JSON but a Query StringQ hoauth20Set several header values:
   + userAgennt    : hoauth2(
   + accept        : `application/json`R hoauth2ц Add Credential (client_id, client_secret) to the request post body.B hoauth2(access code gained via authorization URL hoauth2/access token request URL plus the request body.C hoauth2*Refresh Token gained via authorization URL hoauth20Refresh Token request URL plus the request body.D  hoauth2HTTP connection manager hoauth2
OAuth Data hoauth2OAuth2 Code hoauth2Access TokenE  hoauth2HTTP connection manager hoauth2
OAuth Data hoauth2Authorization Code hoauth2Access TokenF hoauth2HTTP connection manager hoauth2
OAuth Data hoauth2Authorization Code hoauth2Access TokenG hoauth2HTTP connection manager hoauth2
OAuth Data hoauth2Authorization Code hoauth2Access TokenH  hoauth2HTTP connection manager. hoauth2OAuth context hoauth2(Refresh Token gained after authorizationI  hoauth2HTTP connection manager. hoauth2OAuth context hoauth2(Refresh Token gained after authorizationJ hoauth2HTTP connection manager. hoauth2OAuth context hoauth2(Refresh Token gained after authorizationK hoauth2HTTP connection manager. hoauth2OAuth context hoauth2(Refresh Token gained after authorizationL  hoauth2HTTP connection manager. hoauth2OAuth options hoauth2The URL hoauth2request body hoauth2Response as JSONM  hoauth2HTTP connection manager. hoauth2OAuth options hoauth2URL hoauth2Request body. hoauth2Response as ByteString4;:98765<@?>=ABCDEFGHIJKLMNOPQR<@?>=4;:98765ABCDEFGHIJKLMNOPQR           Safe-Inferred"%&1;б л я з э О Ж   $фZ hoauth20https://www.rfc-editor.org/rfc/rfc6750#section-2 [ hoauth2 Provides in Authorization header\ hoauth2Provides in request body] hoauth2#Provides in request query parameter^ hoauth2Н Conduct an authorized GET request and return response as JSON.
   Inject Access Token to Authorization Header.` hoauth2М Conduct an authorized GET request and return response as JSON.
   Allow to specify how to append AccessToken.a hoauth2р Conduct an authorized GET request.
   Inject Access Token to Authorization Header.b hoauth2Same to  a; but set access token to query parameter rather than headerd hoauth2С Conduct an authorized GET request and return response as ByteString.
   Allow to specify how to append AccessToken.e hoauth2А Conduct POST request and return response as JSON.
   Inject Access Token to Authorization Header.g hoauth2Ю Conduct POST request and return response as JSON.
   Allow to specify how to append AccessToken.h hoauth2к Conduct POST request.
   Inject Access Token to http header (Authorization)i hoauth2к Conduct POST request with access token only in the request body but header.j hoauth2и Conduct POST request with access token only in the header and not in bodyl hoauth2Ф Conduct POST request and return response as ByteString.
   Allow to specify how to append AccessToken.К hoauth2Send an HTTP request.Л hoauth2Get response body out of a ResponseМ hoauth20Set several header values:
   + userAgennt    : hoauth2>
   + accept        : `application/json`
   + authorization : Bearer xxxxx if  $
 provided.Н hoauth2Set the HTTP method to use.О hoauth2For GET method API.П hoauth2Create   with given access token value.^  hoauth2HTTP connection manager. hoauth2Response as JSON_ hoauth2HTTP connection manager. hoauth2Response as JSON` hoauth2HTTP connection manager. hoauth2Response as JSONa  hoauth2HTTP connection manager. hoauth2Response as ByteStringb  hoauth2HTTP connection manager. hoauth2Response as ByteStringc hoauth2HTTP connection manager. hoauth2Response as ByteStringd  hoauth2'Specify the way that how to append the  $ in the request hoauth2HTTP connection manager. hoauth2Response as ByteStringe  hoauth2HTTP connection manager. hoauth2Response as JSONf hoauth2HTTP connection manager. hoauth2Response as ByteStringg hoauth2HTTP connection manager. hoauth2Response as ByteStringh  hoauth2HTTP connection manager. hoauth2Response as ByteStringi  hoauth2HTTP connection manager. hoauth2Response as ByteStringj  hoauth2HTTP connection manager. hoauth2Response as ByteStringk hoauth2HTTP connection manager. hoauth2Response as ByteStringl hoauth2HTTP connection manager. hoauth2Response as ByteStringК  hoauth2Request to perform hoauth2Modify request before sending hoauth2HTTP connection manager.О  hoauth2Base URI hoauth2Authorized Access Token hoauth2Combined ResultZ[]\^_`abcdefghijkl^ab`_dcehijgflkZ[]\           Safe-Inferred"%&1;л я з О Ж   '⌠o hoauth2)Authorization Code Grant Error Responses 3https://tools.ietf.org/html/rfc6749#section-4.1.2.1 А 
 I found hard time to figure a way to test the authorization error flow
 When anything wrong in 
/authorizeЖ  request, it will stuck at the Provider page
 hence no way for this library to parse error response.
 In other words, 
/authorizeЫ  ends up with 4xx or 5xx.
 Revisit this whenever find a case OAuth2 provider redirects back to Relying party with errors.w hoauth2See  xx hoauth2А Prepare the authorization URL.  Redirect to this URL
 asking for user interactive authentication. 
ovustqprwx
ovustqprwx           Safe-Inferred"%&1;л я з О Ж   'ч  з  !"#$%&'-,+*()./01234;:98756<@?=>ABCDEFGHIJKLMNOPQRZ\[]^_`abcdefghijklwx(wx'-,+*)($&%!#" ./0123    
       Safe-Inferred"%&12;а б ц л я в з э Х О Ж   /u~ hoauth2-Shall IdpApplication has a field of 'Idp a'??┬ hoauth2.https://www.rfc-editor.org/rfc/rfc6749#page-47 ░ hoauth2о Each GrantTypeFlow has slightly different request parameter to /token endpoint.▒ hoauth2ъ Only 'AuthorizationCode flow (but not resource owner password nor client credentials) will use  Л in the token request
 create type family to be explicit on it.
 with 'type instance WithExchangeToken a b = b' implies no exchange token
 v.s. 'type instance WithExchangeToken a b = ExchangeToken -> b' implies needing an exchange tokenї hoauth2и Can be either "Client Secret" or JWT base on client authentication method╟ hoauth20Grant type query parameter has association with  ╦ but not completely strict.
e.g. Both  ╧ and  ╨' flow could support refresh token flow.╧ hoauth22https://www.rfc-editor.org/rfc/rfc6749#section-4.1 ╨ hoauth22https://www.rfc-editor.org/rfc/rfc6749#section-4.3 ╩ hoauth22https://www.rfc-editor.org/rfc/rfc6749#section-4.4 ╪ hoauth27https://www.rfc-editor.org/rfc/rfc7523.html#section-2.1 ю hoauth2!FIXME: rename to ClientCredentialц hoauth2л Any parameter that required by your Idp and not mentioned in the OAuth2 specл hoauth2л Any parameter that required by your Idp and not mentioned in the OAuth2 specы hoauth2в Though technically one key can have multiple value in query, but who actually does it?!щ hoauth2+In order to reuse some methods from legacy Network.OAuth.OAuth2 :.
 Will be removed when Experiment module becomes default.Я hoauth26An Application that supports "Authorization code" flowР hoauth26An Application that supports "Authorization code" flowС hoauth2	TODO: TBD │}лцкйпшямдзюыьвжибуг©тфЎсохаҐенр~┐┌│─└┘├┤┼┴┬┬ТУЖВЬ▀▄█▌▐⌠▓▒░░ЫЗШЭЩЧЪ─│┌┐└┘├┤┬┴┼▀■≤≈√∙∙▄█▌▐░≥ ⌡²°·═÷║ё╒єі╔ї╘╗╙╛╚ґ╞ў╟╣ЄЁ╡╠ІЇ╦╪╩╨╧эщ            Safe-Inferred"%&1;а б ц л я в з э Х О Ж   0╨  ▒ 	
}цлкйпшдямзюыьвжбиу©гтЎфсаохҐерн~┐┌│─└┘├┤┼┬┴┬УЖВТЬ▀▄█▌▐⌠▓░▒░ЗШЭЩЧЪ─┐│┌└┘┤├┬┴┼Ы▀▒■≤≈∙√∙█▌▐▄░√≥ ⌡°²·÷═║╒ёє╔ії╗╘╙╚╛ґў╞╟╣ЄЁ╠╡ІЇ╦╪╩╧╨эщО ╦╪╩╨╧ІЇэ╟╣ЄЁ╡╠ґ╞ў╙╛╚ї╘╗щєі╔║ё╒·═÷⌡²°≥ ■≤≈√∙▐⌠▓▒░█▌▀▄┤┼┴┬├└┘~┐┌│─}лцкйпшямдзюыьвжибуг©тфЎсохаҐенр
	   ▒                                    	  	  	  	  	  	  	  	  	   	   	   	    	 !  	"  	"  	 #  	$  	$  	 %  	&  	&  	 '  	(  	(  	 )  	*  	*  	 +  	 ,  	 -  	 .  	 /  	 0  	 1  	 2  	 3  	 4  	 5  6  7  8  9  :  ;  <  =  >  >   ?   @   A   B   C   D   E   F   G   H   I   J   K   L   M   N   O   P   Q   R   S   T   U   V   W   X   Y   Z  [  \  ]  ^   _   `   a   b   c   d   e   f   g   h   i   j   k   l   m   n   o  p  7  :  q  r  <  s  t   u   v   w   x   y   z  
{  
|  
|  
 }  
 ~  
   
 ─  
│  
 ┌  
┐  
└  
┘  
 ├  
 ┤  
┬  
 ┴  
┼  
 ▀  
▄  
█  
▌  
 ▐  
 ░  
▒  
▓  
⌠  
 ■  
 ∙  
√  
 ≈  
≤  
≤  
 ≥  
   
   
 ⌡  
°  
°  
 ²  
·  
·  
 ÷  
═  
═  
 ║  
╒  
╒  
 ё  
є  
є  
 ╔  
і  
ї  
╗  
╘  
╙  
╚  
╛  
 ґ  
ў  
╞  
╟  
╠  
╡  
Ё  
 Є  
 ╣  
 І  
 Ї  
 ╦  
 ╧  
 ╨  
╩  
 ╪  
 Ґ  
 Ў  
 ©  
 ю  
 а  
 б  
 ц  
д  
 е  
 ф  
 г  
х  
 и  
 й  
 к  
 л  
 м  
 н  
 о  
 п  
 я  
 р  
 с   т   у   ж   в   ь   ы   з   ш   э   щ   ч ъЮА  	 Б   Ц   Д   Е   Ф   Г   Х  
И  
Й  
 К  
Л  
 М  
 Н  
 О  
П  
Я  
 Р  
 С  
 Т  
 У  
 Ж  
 В  
 Ь  
 Ы  
 З  
 Ш  
 Э  
 Щ  
 Ч  
 Ъ  
 ─  
│  
┌  
┐  
└  
 ┘  
 ├  
 ┤  
 ┬┴$hoauth2-2.8.1-9fUM7Kvqbi1LtlThmTyPbcNetwork.OAuth2.ExperimentNetwork.OAuth.OAuth2!Network.OAuth.OAuth2.TokenRequestNetwork.OAuth.OAuth2.HttpClient)Network.OAuth.OAuth2.AuthorizationRequestNetwork.OAuth2.Experiment.PkceNetwork.OAuth2.Experiment.UtilsPaths_hoauth2Network.OAuth.OAuth2.InternalNetwork.OAuth2.Experiment.TypesPkceRequestParamcodeVerifiercodeChallengecodeChallengeMethodCodeChallengeMethodS256CodeVerifierunCodeVerifierCodeChallengeunCodeChallengemkPkceParamQueryParamsPostBodyClientAuthenticationMethodClientSecretBasicClientSecretPostClientAssertionJwtOAuth2TokenaccessTokenrefreshToken	expiresIn	tokenTypeidTokenExchangeTokenextokenIdTokenidtokenRefreshTokenrtokenAccessTokenatokenOAuth2oauth2ClientIdoauth2ClientSecretoauth2AuthorizeEndpointoauth2TokenEndpointoauth2RedirectUridefaultRequestHeadersappendQueryParamsuriToRequestrequestToUrihostLensportLensTokenRequestErrorCodeInvalidRequestInvalidClientInvalidGrantUnauthorizedClientUnsupportedGrantTypeInvalidScopeUnknownErrorCodeTokenRequestErrorerrorerrorDescriptionerrorUriparseTokeRequestErroraccessTokenUrlrefreshAccessTokenUrlfetchAccessTokenfetchAccessToken2fetchAccessTokenInternalfetchAccessTokenWithAuthMethodrefreshAccessTokenrefreshAccessToken2refreshAccessTokenInternal refreshAccessTokenWithAuthMethoddoJSONPostRequestdoSimplePostRequesthandleOAuth2TokenResponseparseResponseFlexibleparseResponseStringaddDefaultRequestHeadersclientSecretPost$fFromJSONTokenRequestErrorCode$fFromJSONTokenRequestError$fShowTokenRequestError$fEqTokenRequestError$fGenericTokenRequestError$fShowTokenRequestErrorCode$fEqTokenRequestErrorCodeAPIAuthenticationMethodAuthInRequestHeaderAuthInRequestBodyAuthInRequestQueryauthGetJSONauthGetJSONInternalauthGetJSONWithAuthMethod	authGetBS
authGetBS2authGetBSInternalauthGetBSWithAuthMethodauthPostJSONauthPostJSONInternalauthPostJSONWithAuthMethod
authPostBSauthPostBS2authPostBS3authPostBSInternalauthPostBSWithAuthMethod$fEqAPIAuthenticationMethod$fOrdAPIAuthenticationMethodErrorsAccessDeniedUnsupportedResponseTypeServerErrorTemporarilyUnavailableauthorizationUrlauthorizationUrlWithParams$fFromJSONErrors$fShowErrors
$fEqErrors$fGenericErrorsIdpApplicationIdp$sel:idpUserInfoEndpoint:Idp$sel:idpAuthorizeEndpoint:Idp$sel:idpTokenEndpoint:Idp$sel:idpFetchUserInfo:IdpHasUserInfoRequestconduitUserInfoRequestIdpUserInfoHasRefreshTokenRequestRefreshTokenRequestmkRefreshTokenRequestconduitRefreshTokenRequestHasPkceTokenRequestconduitPkceTokenRequestHasPkceAuthorizeRequestmkPkceAuthorizeRequestHasTokenRequestTokenRequestWithExchangeTokenmkTokenRequestconduitTokenRequestHasAuthorizeRequestAuthorizationRequestMkAuthorizationRequestResponsemkAuthorizeRequestParametermkAuthorizeRequestToQueryParamtoQueryParamPassword$sel:unPassword:PasswordUsername$sel:unUsername:UsernameAuthorizeState$$sel:unAuthorizeState:AuthorizeStateRedirectUri$sel:unRedirectUri:RedirectUriClientSecret $sel:unClientSecret:ClientSecretClientId$sel:unClientId:ClientIdScope$sel:unScope:ScopeGrantTypeValueGTAuthorizationCode
GTPasswordGTClientCredentialsGTRefreshTokenGTJwtBearerToResponseTypeValuetoResponseTypeValueGrantTypeFlowAuthorizationCodeResourceOwnerPasswordClientCredentials	JwtBearerClientCredentialsIDPApplication3$sel:idpAppClientId:ClientCredentialsIDPApplication7$sel:idpAppClientSecret:ClientCredentialsIDPApplicationк $sel:idpAppTokenRequestAuthenticationMethod:ClientCredentialsIDPApplication/$sel:idpAppName:ClientCredentialsIDPApplication0$sel:idpAppScope:ClientCredentialsIDPApplicationб $sel:idpAppTokenRequestExtraParams:ClientCredentialsIDPApplication($sel:idp:ClientCredentialsIDPApplication#ResourceOwnerPasswordIDPApplication7$sel:idpAppClientId:ResourceOwnerPasswordIDPApplication;$sel:idpAppClientSecret:ResourceOwnerPasswordIDPApplication3$sel:idpAppName:ResourceOwnerPasswordIDPApplication4$sel:idpAppScope:ResourceOwnerPasswordIDPApplication7$sel:idpAppUserName:ResourceOwnerPasswordIDPApplication7$sel:idpAppPassword:ResourceOwnerPasswordIDPApplicationф $sel:idpAppTokenRequestExtraParams:ResourceOwnerPasswordIDPApplication,$sel:idp:ResourceOwnerPasswordIDPApplicationJwtBearerIdpApplication'$sel:idpAppName:JwtBearerIdpApplication&$sel:idpAppJwt:JwtBearerIdpApplication $sel:idp:JwtBearerIdpApplicationAuthorizationCodeIdpApplication/$sel:idpAppName:AuthorizationCodeIdpApplication3$sel:idpAppClientId:AuthorizationCodeIdpApplication7$sel:idpAppClientSecret:AuthorizationCodeIdpApplication0$sel:idpAppScope:AuthorizationCodeIdpApplication6$sel:idpAppRedirectUri:AuthorizationCodeIdpApplication9$sel:idpAppAuthorizeState:AuthorizationCodeIdpApplication?$sel:idpAppAuthorizeExtraParams:AuthorizationCodeIdpApplicationк $sel:idpAppTokenRequestAuthenticationMethod:AuthorizationCodeIdpApplication($sel:idp:AuthorizationCodeIdpApplicationtoResponseTypeParamtoOAuth2KeytlToBSbs8ToLazyTextmapsToParamsversiongetDataFileName	getBinDir	getLibDirgetDynLibDir
getDataDirgetLibexecDirgetSysconfDirbase	GHC.MaybeMaybe$fFromJSONOAuth2TokenauthRequesthandleResponseupdateRequestHeaders	setMethodappendAccessTokenaccessTokenToParamD:R:IdpApplicationJwtBeareri0%D:R:IdpApplicationAuthorizationCodei0-$fHasRefreshTokenRequestResourceOwnerPassword$AuthorizationCodeTokenRefreshRequest3$sel:grantType:AuthorizationCodeTokenRefreshRequest/$sel:scope:AuthorizationCodeTokenRefreshRequest6$sel:refreshToken:AuthorizationCodeTokenRefreshRequestPasswordRefreshTokenRequestAuthorizationCodeTokenRequest=$sel:clientAuthenticationMethod:ClientCredentialsTokenRequest2$sel:clientAssertion:ClientCredentialsTokenRequest6$sel:clientAssertionType:ClientCredentialsTokenRequest"$sel:password:PasswordTokenRequest"$sel:username:PasswordTokenRequest$$sel:assertion:JwtBearerTokenRequest,$sel:grantType:AuthorizationCodeTokenRequest$$sel:grantType:JwtBearerTokenRequest#$sel:grantType:PasswordTokenRequest,$sel:grantType:ClientCredentialsTokenRequest.$sel:redirectUri:AuthorizationCodeTokenRequest+$sel:clientId:AuthorizationCodeTokenRequest$sel:scope:PasswordTokenRequest($sel:scope:ClientCredentialsTokenRequest'$sel:code:AuthorizationCodeTokenRequestClientCredentialsTokenRequestPasswordTokenRequestJwtBearerTokenRequest%AuthorizationCodeAuthorizationRequest6$sel:redirectUri:AuthorizationCodeAuthorizationRequest3$sel:clientId:AuthorizationCodeAuthorizationRequest0$sel:scope:AuthorizationCodeAuthorizationRequest0$sel:state:AuthorizationCodeAuthorizationRequest