Safe Haskell	Safe-Inferred
Language	Haskell2010

Network.OAuth2.Provider.AzureAD

Contents

Environment variables
Client Credentials auth flow
Auth Code Grant auth flow
Exceptions

Description

Settings for using Azure Active Directory as OAuth identity provider

Both Auth Code Grant (i.e. with browser client interaction) and Client Credentials Grant authentication flows are supported. The former is useful when a user needs to login and delegate some permissions to the application (i.e. accessing personal data), whereas the second is for server processes and automation accounts.

Azure Bot Framework is supported since v 0.4

Synopsis

data AzureAD
envClientId :: MonadIO f => f ClientId
envClientSecret :: MonadIO f => f ClientSecret
envTenantId :: MonadIO f => f Text
azureADApp :: MonadIO m => Text -> [Scope] -> m (IdpApplication 'ClientCredentials AzureAD)
azureBotFrameworkADApp :: MonadIO m => Text -> m (IdpApplication 'ClientCredentials AzureAD)
data OAuthCfg = OAuthCfg {
- oacAppName :: Text
- oacScopes :: [Scope]
- oacAuthState :: AuthorizeState
- oacRedirectURI :: URI
}
data AzureADUser
azureOAuthADApp :: MonadIO m => OAuthCfg -> m (IdpApplication 'AuthorizationCode AzureAD)
data AzureADException = AADNoEnvVar String

Documentation

data AzureAD Source #

Instances

Instances details

Show AzureAD Source #
Instance details Defined in Network.OAuth2.Provider.AzureAD Methods showsPrec :: Int -> AzureAD -> ShowS # show :: AzureAD -> String # showList :: [AzureAD] -> ShowS #
Eq AzureAD Source #
Instance details Defined in Network.OAuth2.Provider.AzureAD Methods (==) :: AzureAD -> AzureAD -> Bool # (/=) :: AzureAD -> AzureAD -> Bool #
type IdpUserInfo AzureAD Source #
Instance details Defined in Network.OAuth2.Provider.AzureAD type IdpUserInfo AzureAD = AzureADUser

Environment variables

envClientId :: MonadIO f => f ClientId Source #

AZURE_CLIENT_ID

envClientSecret :: MonadIO f => f ClientSecret Source #

AZURE_CLIENT_SECRET

envTenantId :: MonadIO f => f Text Source #

AZURE_TENANT_ID

Client Credentials auth flow

azureADApp Source #

Arguments

:: MonadIO m
=> Text	application name
-> [Scope]	scopes
-> m (IdpApplication 'ClientCredentials AzureAD)

Azure OAuth application

NB : scope offline_access is ALWAYS requested

create app at https://go.microsoft.com/fwlink/?linkid=2083908

also be aware to find the right client id. see https://stackoverflow.com/a/70670961

Throws AzureADException if AZURE_CLIENT_ID and/or AZURE_CLIENT_SECRET credentials are not found in the environment

azureBotFrameworkADApp Source #

Arguments

:: MonadIO m
=> Text	app name
-> m (IdpApplication 'ClientCredentials AzureAD)

Initialize an Client Credentials token exchange application for the Bot Framework

Throws AzureADException if AZURE_CLIENT_ID and/or AZURE_CLIENT_SECRET credentials are not found in the environment

Auth Code Grant auth flow

data OAuthCfg Source #

Configuration object of the OAuth2 application

Constructors

OAuthCfg
Fields oacAppName :: Text application name oacScopes :: [Scope] OAuth2 and OIDC scopes oacAuthState :: AuthorizeState OAuth2 `state` (a random string, https://www.rfc-editor.org/rfc/rfc6749#section-10.12 ) oacRedirectURI :: URI OAuth2 redirect URI

data AzureADUser Source #

https://learn.microsoft.com/en-us/azure/active-directory/develop/userinfo

Instances

Instances details

FromJSON AzureADUser Source #
Instance details Defined in Network.OAuth2.Provider.AzureAD Methods parseJSON :: Value -> Parser AzureADUser # parseJSONList :: Value -> Parser [AzureADUser] #
Show AzureADUser Source #
Instance details Defined in Network.OAuth2.Provider.AzureAD Methods showsPrec :: Int -> AzureADUser -> ShowS # show :: AzureADUser -> String # showList :: [AzureADUser] -> ShowS #
Eq AzureADUser Source #
Instance details Defined in Network.OAuth2.Provider.AzureAD Methods (==) :: AzureADUser -> AzureADUser -> Bool # (/=) :: AzureADUser -> AzureADUser -> Bool #
Ord AzureADUser Source #
Instance details Defined in Network.OAuth2.Provider.AzureAD Methods compare :: AzureADUser -> AzureADUser -> Ordering # (<) :: AzureADUser -> AzureADUser -> Bool # (<=) :: AzureADUser -> AzureADUser -> Bool # (>) :: AzureADUser -> AzureADUser -> Bool # (>=) :: AzureADUser -> AzureADUser -> Bool # max :: AzureADUser -> AzureADUser -> AzureADUser # min :: AzureADUser -> AzureADUser -> AzureADUser #

azureOAuthADApp Source #

Arguments

:: MonadIO m
=> OAuthCfg	OAuth configuration
-> m (IdpApplication 'AuthorizationCode AzureAD)

Azure OAuth application (i.e. with user consent screen)

NB : scopes openid and offline_access are ALWAYS requested since the library assumes we have access to refresh tokens and ID tokens

Reference on Microsoft Graph permissions : https://learn.microsoft.com/en-us/graph/permissions-reference

create app at https://go.microsoft.com/fwlink/?linkid=2083908

also be aware to find the right client id. see https://stackoverflow.com/a/70670961

Throws AzureADException if AZURE_CLIENT_ID and/or AZURE_CLIENT_SECRET credentials are not found in the environment

Exceptions

data AzureADException Source #

Constructors

AADNoEnvVar String

Instances

Instances details

Exception AzureADException Source #
Instance details Defined in Network.OAuth2.Provider.AzureAD Methods toException :: AzureADException -> SomeException # fromException :: SomeException -> Maybe AzureADException # displayException :: AzureADException -> String #
Show AzureADException Source #
Instance details Defined in Network.OAuth2.Provider.AzureAD Methods showsPrec :: Int -> AzureADException -> ShowS # show :: AzureADException -> String # showList :: [AzureADException] -> ShowS #