h$<8      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~(c) Joseph Abrahamson 2013MIT me@jspha.com experimental non-portable Safe-Inferred% 51844(c) Joseph Abrahamson 2013MIT me@jspha.com experimental non-portable Safe-Inferred(c) Joseph Abrahamson 2013MIT me@jspha.com experimental non-portableNone 3oauthenticatedentials pair a   and either a  or  token corresponding to a particular set of user resources on the server.oauthenticated=s are public, private key pairs and come in many varieties, , , and .oauthenticated s are private keys which the " uses for cryptographic purposes.oauthenticated s are public keys which allow a server to uniquely identify a particular .oauthenticated s and entials are the primary means of accessing server resources. They must be maintained by the client for each user who authorizes that client to access resources on their behalf.oauthenticated s and entials are created during authorization protocols and are rarely meant to be kept for more than a few minutes. Typically they are authorized to access only a very select set of server resources. During "three-legged authorization" in OAuth 1.0 they are used to generate the authorization request URI the client sends and, after that, in the   request.oauthenticated  entials and s are assigned to a particular client by the server and are used for all requests sent by that client. They form the core component of resource specific credentials. oauthenticated Parses a www-form-urlencoded stream to produce a  if possible. The first result value is whether or not the token data is OAuth 1.0a compatible.:fromUrlEncoded "oauth_token=key&oauth_token_secret=secret""Just (False, Token "key" "secret")fromUrlEncoded "oauth_token=key&oauth_token_secret=secret&oauth_callback_confirmed=true"!Just (True, Token "key" "secret") oauthenticatedLens on the key component of a . oauthenticated&Lens on the key secret component of a . oauthenticatedA lens on the client  in any .oauthenticatedA lens focused on the resource ( when available. The only instances of  are  and . This can be used to upgrade  s to  s.oauthenticated>OAuth assumes that, by default, any credential has a resource  that is by default completely blank. In this way we can talk about the resource  of even  s.7getResourceTokenDef (clientCred $ Token "key" "secret") Token "" ""oauthenticated Produce a  from a set of credentials. This is a URL encoded string built from the client secret and the token secret.8If no token secret exists then the blank string is used.\secret -> signingKey (clientCred $ Token "key" secret) == (pctEncode secret <> "&" <> "")oauthenticated(Produces a JSON object using keys named  oauth_token and oauth_token_secret.oauthenticatedParses a JSON object with keys  oauth_token and oauth_token_secret%, the standard format for OAuth 1.0.   (c) Joseph Abrahamson 2013MIT me@jspha.com experimental non-portableNone 3"#oauthenticatedThe # parameters include all the OAuth information specific to a single request. They are not sufficient information by themselves to generate the entire OAuth request but instead must be augmented with 1 information.(oauthenticatedThe ( is a set of impure OAuth parameters which are generated for each request in order to ensure uniqueness and temporality.,oauthenticated&Some special OAuth requests use extra oauth_* parameters. For example, when requesting a temporary credential, it's necessary that a oauth_callback parameter be specified. WorkflowParams0 allows these extra parameters to be specified.-oauthenticated"No special OAuth parameters needed/oauthenticated Includes the oauth_verifier0oauthenticatedA 0- is produced when a user authorizes a set of   s. Using the 0 allows the client to request  s.1oauthenticatedThe 1 information contains details which parameterize how a particular server wants to interpret OAuth requests.6oauthenticatedAn Epoch time format timestamp.8oauthenticatedWhen performing the second leg of the three-leg token request workflow, the user must pass the oauth_verifier code back to the client. In order to ensure that this protocol is secure, OAuth demands that the client associates this "callback method" with the temporary credentials generated for the workflow. This 8 method may be a URL where the parameters are returned to or the string "oob" which indicates that the user is responsible for returning the oauth_verifier to the client 9.;oauthenticatedOAuth has progressed through several versions since its inception. In particular, there are two community editions "OAuth Core 1.0" (2007)  http://oauth.net/core/1.0 and "OAuth Core 1.0a" (2009)  http://oauth.net/core/1.0a7 along with the IETF Official version RFC 5849 (2010)  "http://tools.ietf.org/html/rfc5849) which is confusingly named "OAuth 1.0"./Servers which only implement the obsoleted community edition "OAuth Core 1.0" are susceptible to a session fixation attack./5If at all possible, choose the RFC 5849 version (the > value) as it is the modern standard. Some servers may only be compliant with an earlier OAuth version---this should be tested against each server, in particular the protocols defined in Network.OAuth.ThreeLegged.<oauthenticated"OAuth Core 1.0 Community Edition http://oauth.net/core/1.0=oauthenticated.OAuth Core 1.0 Community Edition, Revision A http://oauth.net/core/1.0a>oauthenticated RFC 5849 "http://tools.ietf.org/html/rfc5849?oauthenticated(OAuth culminates in the creation of the oauth_signature which signs and authenticates the request using the secret components of a particular OAuth .Several methods exist for generating these signatures, the most popular being @.BoauthenticatedThe OAuth spec suggest that the OAuth parameter be passed via the  Authorization header, but allows for other methods of transmission (see section "3.5. Parameter Transmission") so we select the 1#'s preferred method with this type.Coauthenticated Place the # parameters in the  Authorization HTTP header.Doauthenticated Augment the www-form-urlencoded request body with # parameters.Eoauthenticated Augment the www-form-urlencoded query string with # parameters.Foauthenticated Create a 6+ deterministically from a POSIX Epoch Time.Goauthenticated The default 14 parameterization uses OAuth recommended parameters.Hoauthenticated(An "empty" pin useful for testing. This ( is referentially transparent and thus has none of the necessary security features---it should never" be used in an actual transaction!Ioauthenticated%Creates a new, unique, unpredictable (. This should be used quickly as dependent on the OAuth server settings it may expire.JoauthenticatedUses H" to create an empty set of params #.KoauthenticatedUses I* to create a fresh, default set of params #.MoauthenticatedAll three OAuth 1.0 versions confusingly report the same version number.Noauthenticated2Prints out in Epoch time format, a printed integerPoauthenticated2Prints out in Epoch time format, a printed integer)#$'&%()+*,/.-0125436789:;>==<89:67F12543G0,/.-()+*HIJK#$'&%(c) Joseph Abrahamson 2013MIT me@jspha.com experimental non-portableNone #$&koauthenticated.Sign a request with a fresh set of parameters.loauthenticated)Sign a request given generated parametersnoauthenticated#Augments whatever component of the  is specified by B with one built from the apropriate OAuth parameters (passed as a ).Currently this actually replaces the  Authorization6 header if one exists. This may be a bad idea if the realm parameter is pre-set, perhaps. TODO: Parse  Authorization header and augment it.Currently this actually replaces the entity body if one exists. This is definitely just me being lazy..TODO: Try to parse entity body and augment it.soauthenticated Queries a  body and tries to interpret it as a set of OAuth valid parameters. It makes the assumption that if the body type is a streaming variety or impure then it is not a set of OAuth parameters--- dropping this assumption would prevent this from being pure. klmnopqrst klmnopqrst(c) Joseph Abrahamson 2013MIT me@jspha.com experimental non-portableNone(;uoauthenticated4Sign a request with a fresh set of parameters. Uses MonadRandom IO, getting new entropy for each signing and thus is potentially  dangerous/ if used too frequently. In almost all cases, k5 should be used instead with a suitably seeded PRNG." 12345;<=>?@ABCDEGHIJKklu"uklJKHI 12345GBCDE?@A;<=>(c) Joseph Abrahamson 2013MIT me@jspha.com experimental non-portableNone #$34A voauthenticatedData parameterizing the "Three-legged OAuth" redirection-based authorization protocol. These parameters cover the protocol as described in the community editions OAuth Core 1.0 and OAuth Core 1.0a as well as RFC 5849.xoauthenticatedBase Request: for the "endpoint used by the client to obtain a set of  Temporary Credentials" in the form of a  Temporary Token. This request is automatically instantiated and performed during the first leg of the v authorization protocol.yoauthenticatedBase Request for the "endpoint to which the resource owner is redirected to grant authorization". This request must be performed by the user granting token authorization to the client. Transmitting the parameters of this request to the user is out of scope of oauthenticated0, but functions are provided to make it easier.zoauthenticatedBase Request for the "endpoint used by the client to request a set of token credentials using the set of  Temporary Cred>entials". This request is also instantiated and performed by oauthenticated in order to produce a  Permanent Token.{oauthenticatedThe Callback parameter configures how the user is intended to communicate the Verifier back to the client.|oauthenticated"Convenience method for creating a v* configuration from a trio of URLs and a Callback . Returns < if one of the callback URLs could not be parsed correctly.}oauthenticated Request a  Temporary Token based on the parameters of a v protocol. This returns the raw response which should be encoded as www-form-urlencoded.Throws s.~oauthenticatedReturns the raw result if the ! could not be parsed as a valid . Importantly, in RFC 5849 compliant modes this requires that the token response includes callback_confirmed=true . See also }.Throws s.oauthenticated Produce a  which the user should be directed to in order to authorize a set of  Temporary Creds.oauthenticatedRequest a 'Permanent Token based on the parameters of a v protocol. This returns the raw response which should be encoded as www-form-urlencoded.Throws s.oauthenticatedReturns + if the response could not be decoded as a Token . See also .Throws s.oauthenticatedLike & but allows for specification of the .oauthenticatedPerforms an interactive token request provided credentials, configuration, and a way to convert a user authorization  into a 0 out of band. Does not use any kind of TLS protection---it will throw a  exception if TLS is required.Throws s.08:9vw{xyz|}~vw{xyz|8:90~}(c) Joseph Abrahamson 2013MIT me@jspha.com experimental non-portableNone8Toauthenticated wrapped over .oauthenticated.Perform authenticated requests using a shared  and a particular set of s.oauthenticated Run's an  using a fresh   .oauthenticatedThe simplest way to execute a set of authenticated requests. Produces invalid  ThreeLegged requests---use  to provide 1 and v configuration information.oauthenticatedGiven a  of some kind, run an inner : session with the same configuration but new credentials.oauthenticated'Sign a request using fresh credentials.oauthenticatedRun a full Three-legged authorization protocol using the simple interface of this module. This is similar to the  in Network.OAuth.ThreeLegged, but offers better error handling due in part to the easier management of configuration state.9 0123458:9;<=>?@ABCDEGvw{xyz|9 12345GBCDE?@A;<=>vw{xyz|8:90     !"#$%&'()*+,--./011234567899:;<==>?>@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{{|}~p-oauthenticated-0.3.0.0-5Mo1CwmEdz1D4WBkGNVMsQNetwork.OAuth.Types.CredentialsNetwork.OAuth.Types.ParamsNetwork.OAuth.Signing Network.OAuthNetwork.OAuth.ThreeLeggedNetwork.OAuth.SimpleNetwork.OAuth.MuLensNetwork.OAuth.UtilR EntropyPoolCred ResourceTokenTokenSecretKey Permanent TemporaryClient upgradeCredfromUrlEncodedkeysecret clientToken resourceTokengetResourceTokenDef clientCred temporaryCred permanentCred signingKey $fToJSONToken$fFromJSONToken$fResourceTokenPermanent$fResourceTokenTemporary $fShowCred$fEqCred $fOrdCred $fDataCred $fShowToken $fEqToken $fOrdToken $fDataToken$fDataPermanent$fDataTemporary $fDataClientOa credentialsworkflowpinOaPin timestampnonceWorkflowStandardTemporaryTokenRequestPermanentTokenRequestVerifierServerparameterMethodsignatureMethod oAuthVersion TimestampCallback OutOfBandVersionOAuthCommunity1OAuthCommunity1aOAuth1SignatureMethodHmacSha1 PlaintextParameterMethodAuthorizationHeaderRequestEntityBody QueryStringtimestampFromSeconds defaultServeremptyPinfreshPinemptyOafreshOa$fQueryValueLikeSignatureMethod$fQueryValueLikeVersion$fQueryValueLikeCallback$fShowCallback$fQueryValueLikeTimestamp$fShowOa $fShowOaPin $fEqOaPin $fOrdOaPin $fDataOaPin$fShowWorkflow $fShowServer $fEqServer $fOrdServer $fDataServer$fShowTimestamp $fEqTimestamp$fOrdTimestamp$fDataTimestamp $fShowVersion $fEqVersion $fOrdVersion $fDataVersion$fShowSignatureMethod$fEqSignatureMethod$fOrdSignatureMethod$fDataSignatureMethod$fShowParameterMethod$fEqParameterMethod$fOrdParameterMethod$fDataParameterMethodoauthsign makeSignatureaugmentRequestcanonicalBaseStringcanonicalParams oauthParams canonicalUri bodyParams queryParams oauthSimple ThreeLeggedtemporaryTokenRequestresourceOwnerAuthorizationpermanentTokenRequestcallbackparseThreeLeggedrequestTemporaryTokenRawrequestTemporaryTokenbuildAuthorizationUrlrequestPermanentTokenRawrequestPermanentTokenrequestTokenProtocol'requestTokenProtocol$fShowThreeLeggedTokenRequestFailureOnTemporaryRequestBadTemporaryTokenOnPermanentRequestBadPermanentTokenOAuthOAuthTunOAuthT runOAuthTrunOAuthrunOAuthSimpleupgrade$fMonadTransOAuthT$fShowTokenRequestFailure$fFunctorOAuthT$fApplicativeOAuthT $fMonadOAuthT$fMonadReaderOaConfigOAuthT$fMonadCatchOAuthT$fMonadThrowOAuthT$fMonadIOOAuthTviewoverset foldMapOf<&>&^..~%~ pctEncode)http-client-0.7.11-1dBMrFU8pSaAfjmquUCg7HNetwork.HTTP.Client.TypesRequest'http-types-0.12.3-XEQjpts9GnAkrn83W7LXBNetwork.HTTP.Types.URIQuerybase GHC.MaybeNothing HttpExceptionResponse*network-uri-2.6.4.1-EI9fbHPgPg3FkBWeXXqPMn Network.URIURIManagerSettingsTlsNotSupportedghc-prim GHC.TypesIOManager