Copyright	(c) Joseph Abrahamson 2013
License	MIT
Maintainer	me@jspha.com
Stability	experimental
Portability	non-portable
Safe Haskell	None
Language	Haskell2010

Network.OAuth.Types.Params

Description

OAuth Parameters

OAuth 1.0 operates by creating a set of "oauth parameters" here called Oa which augment a request with OAuth specific metadata. They may be used to augment the request by one of several ParameterMethods.

Synopsis

Documentation

data ParameterMethod Source

The OAuth spec suggest that the OAuth parameter be passed via the Authorization header, but allows for other methods of transmission (see section "3.5. Parameter Transmission") so we select the 'Server'\'s preferred method with this type.

Constructors

AuthorizationHeader	Place the `Oa` parameters in the `Authorization` HTTP header.
RequestEntityBody	Augment the `www-form-urlencoded` request body with `Oa` parameters.
QueryString	Augment the `www-form-urlencoded` query string with `Oa` parameters.

Instances

Eq ParameterMethod
Data ParameterMethod
Ord ParameterMethod
Show ParameterMethod
Typeable * ParameterMethod

data SignatureMethod Source

OAuth culminates in the creation of the oauth_signature which signs and authenticates the request using the secret components of a particular OAuth Cred.

Several methods exist for generating these signatures, the most popular being HmacSha1.

Constructors

HmacSha1
Plaintext

Instances

Eq SignatureMethod
Data SignatureMethod
Ord SignatureMethod
Show SignatureMethod
QueryValueLike SignatureMethod
Typeable * SignatureMethod

data Version Source

OAuth has progressed through several versions since its inception. In particular, there are two community editions "OAuth Core 1.0" (2007) and "OAuth Core 1.0a" (2009) along with the IETF Official version RFC 5849 (2010) which is confusingly named "OAuth 1.0".

/Servers which only implement the obsoleted community edition "OAuth Core 1.0" are susceptible to a session fixation attack./

If at all possible, choose the RFC 5849 version (the OAuth1 value) as it is the modern standard. Some servers may only be compliant with an earlier OAuth version---this should be tested against each server, in particular the protocols defined in Network.OAuth.ThreeLegged.

Constructors

OAuthCommunity1	OAuth Core 1.0 Community Edition
OAuthCommunity1a	OAuth Core 1.0 Community Edition, Revision A
OAuth1	RFC 5849

Instances

Eq Version
Data Version
Ord Version
Show Version
QueryValueLike Version	All three OAuth 1.0 versions confusingly report the same version number.
Typeable * Version

data Callback Source

When performing the second leg of the three-leg token request workflow, the user must pass the oauth_verifier code back to the client. In order to ensure that this protocol is secure, OAuth demands that the client associates this "callback method" with the temporary credentials generated for the workflow. This Callback method may be a URL where the parameters are returned to or the string "oob" which indicates that the user is responsible for returning the oauth_verifier to the client OutOfBand.

Constructors

OutOfBand
Callback Request

Instances

Show Callback
QueryValueLike Callback	Prints out in Epoch time format, a printed integer
Typeable * Callback

newtype Timestamp Source

An Epoch time format timestamp.

Constructors

Timestamp UTCTime

Instances

Eq Timestamp
Data Timestamp
Ord Timestamp
Show Timestamp
QueryValueLike Timestamp	Prints out in Epoch time format, a printed integer
Typeable * Timestamp

timestampFromSeconds :: Integer -> Timestamp Source

Create a Timestamp deterministically from a POSIX Epoch Time.

data Server Source

The Server information contains details which parameterize how a particular server wants to interpret OAuth requests.

Constructors

Server
Fields parameterMethod :: ParameterMethod signatureMethod :: SignatureMethod oAuthVersion :: Version

Instances

Eq Server
Data Server
Ord Server
Show Server
Typeable * Server

defaultServer :: Server Source

The default Server parameterization uses OAuth recommended parameters.

type Verifier = ByteString Source

A Verifier is produced when a user authorizes a set of Temporary Creds. Using the Verifier allows the client to request Permanent Creds.

data Workflow Source

Some special OAuth requests use extra oauth_* parameters. For example, when requesting a temporary credential, it's necessary that a oauth_callback parameter be specified. WorkflowParams allows these extra parameters to be specified.

Constructors

Standard	No special OAuth parameters needed
TemporaryTokenRequest Callback
PermanentTokenRequest ByteString	Includes the `oauth_verifier`

Instances

Show Workflow
Typeable * Workflow

data OaPin Source

The OaPin is a set of impure OAuth parameters which are generated for each request in order to ensure uniqueness and temporality.

Constructors

OaPin
Fields timestamp :: Timestamp nonce :: ByteString

Instances

Eq OaPin
Data OaPin
Ord OaPin
Show OaPin
Typeable * OaPin

emptyPin :: OaPin Source

An "empty" pin useful for testing. This OaPin is referentially transparent and thus has none of the necessary security features---it should never be used in an actual transaction!

freshPin :: CPRG gen => gen -> IO (OaPin, gen) Source

Creates a new, unique, unpredictable OaPin. This should be used quickly as dependent on the OAuth server settings it may expire.

emptyOa :: Cred ty -> Oa ty Source

Uses emptyPin to create an empty set of params Oa.

freshOa :: CPRG gen => Cred ty -> gen -> IO (Oa ty, gen) Source

Uses freshPin to create a fresh, default set of params Oa.

data Oa ty Source

The Oa parameters include all the OAuth information specific to a single request. They are not sufficient information by themselves to generate the entire OAuth request but instead must be augmented with Server information.

Constructors

Oa
Fields credentials :: Cred ty workflow :: Workflow pin :: OaPin

Instances

Show (Oa ty)
Typeable (* -> *) Oa