yesod-auth-oauth2: OAuth 2.0 authentication plugins

[ library, mit, web ] [ Propose Tags ] [ Report a vulnerability ]

Library to authenticate with OAuth 2.0 for Yesod web applications.


[Skip to Readme]

Flags

Automatic Flags
NameDescriptionDefault
example

Build the example application

Disabled

Use -f <flag> to enable a flag, or -f -<flag> to disable that flag. More info

Downloads

Note: This package has metadata revisions in the cabal description newer than included in the tarball. To unpack the package including the revisions, use 'cabal get'.

Maintainer's Corner

Package maintainers

For package maintainers and hackage trustees

Candidates

  • No Candidates
Versions [RSS] 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.5.1, 0.0.6, 0.0.7, 0.0.8, 0.0.9, 0.0.10, 0.0.11, 0.0.12, 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.1.7, 0.1.8, 0.1.9, 0.1.10, 0.2.0, 0.2.1, 0.2.2, 0.2.4, 0.3.0, 0.3.1, 0.4.0.0, 0.4.0.1, 0.4.1.0, 0.5.0.0, 0.5.1.0, 0.5.2.0, 0.5.3.0, 0.6.0.0, 0.6.1.0, 0.6.1.1, 0.6.1.2, 0.6.1.3, 0.6.1.4, 0.6.1.5, 0.6.1.6, 0.6.1.7, 0.6.2.0, 0.6.2.1, 0.6.2.2, 0.6.2.3, 0.6.3.0, 0.6.3.1, 0.6.3.3, 0.6.3.4, 0.7.0.0, 0.7.0.1, 0.7.0.2, 0.7.0.3, 0.7.1.0, 0.7.1.1, 0.7.1.2, 0.7.1.3, 0.7.2.0, 0.7.3.0, 0.7.4.0
Change log CHANGELOG.md
Dependencies aeson (>=0.6), aeson-pretty, base (>=4.9.0.0 && <5), bytestring (>=0.9.1.4), containers (>=0.6.0.1), cryptonite (>=0.25), errors (>=2.3.0), hoauth2 (>=1.11.0), http-client (>=0.4.0), http-conduit (>=2.0), http-types (>=0.8), load-env, memory (>=0.14.18), microlens (>=0.4.10), mtl (>=2.2.2), safe-exceptions (>=0.1.7.0), text (>=0.7), transformers (>=0.5.5.0), unliftio (>=0.2.10), uri-bytestring (>=0.3.2.1), warp, yesod, yesod-auth (>=1.6.0), yesod-auth-oauth2, yesod-core (>=1.6.0) [details]
License MIT
Author Tom Streller, Patrick Brisbin, Freckle Engineering
Maintainer engineering@freckle.com
Revised Revision 1 made by PatrickBrisbin at 2023-10-05T14:48:00Z
Category Web
Home page http://github.com/freckle/yesod-auth-oauth2
Bug tracker https://github.com/freckle/yesod-auth-oauth2/issues
Source repo head: git clone https://github.com/freckle/yesod-auth-oauth2
Uploaded by PatrickBrisbin at 2023-02-01T19:21:58Z
Distributions Debian:0.6.1.2, LTSHaskell:0.7.2.0, NixOS:0.7.2.0, Stackage:0.7.4.0
Reverse Dependencies 1 direct, 0 indirect [details]
Executables yesod-auth-oauth2-example
Downloads 32570 total (255 in the last 30 days)
Rating (no votes yet) [estimated by Bayesian average]
Your Rating
  • λ
  • λ
  • λ
Status Docs available [build log]
Last success reported on 2023-02-01 [all 1 reports]

Readme for yesod-auth-oauth2-0.7.0.3

[back to package description]

Yesod.Auth.OAuth2

Hackage Stackage Nightly Stackage LTS CI

OAuth2 AuthPlugins for Yesod.

Usage

import Yesod.Auth
import Yesod.Auth.OAuth2.GitHub

instance YesodAuth App where
    -- ...

    authPlugins _ = [oauth2GitHub clientId clientSecret]

clientId :: Text
clientId = "..."

clientSecret :: Text
clientSecret = "..."

Some plugins, such as GitHub and Slack, have scoped functions for requesting additional information:

oauth2SlackScoped [SlackBasicScope, SlackEmailScope] clientId clientSecret

Working with Extra Data

We put the minimal amount of user data possible in credsExtra -- just enough to support you parsing or fetching additional data yourself.

For example, if you work with GitHub and GitHub user profiles, you likely already have a model and a way to parse the /user response. Rather than duplicate all that in our library, we try to make it easy for you to re-use that code yourself:

authenticate creds = do
    let
        -- You can run your own FromJSON parser on the response we already have
        eGitHubUser :: Either String GitHubUser
        eGitHubUser = getUserResponseJSON creds

        -- Avert your eyes, simplified example
        Just accessToken = getAccessToken creds
        Right githubUser = eGitHubUser

    -- Or make followup requests using our access token
    runGitHub accessToken $ userRepositories githubUser

    -- Or store it for later
    insert User
        { userIdent = credsIdent creds
        , userAccessToken = accessToken
        }

NOTE: Avoid looking up values in credsExtra yourself; prefer the provided get functions. The data representation itself is no longer considered public API.

Local Providers

If we don't supply a "Provider" (e.g. GitHub, Google, etc) you need, you can write your own using our provided Prelude:

import Yesod.Auth.OAuth2.Prelude

pluginName :: Text
pluginName = "mysite"

oauth2MySite :: YesodAuth m => Text -> Text -> AuthPlugin m
oauth2MySite clientId clientSecret =
    authOAuth2 pluginName oauth2 $ \manager token -> do
        -- Fetch a profile using the manager and token, leave it a ByteString
        userResponse <- -- ...

        -- Parse it to your preferred identifier, e.g. with Data.Aeson
        userId <- -- ...

        -- See authGetProfile for the typical case

        pure Creds
            { credsPlugin = pluginName
            , credsIdent = userId
            , credsExtra = setExtra token userResponse
            }
  where
    oauth2 = OAuth2
        { oauth2ClientId = clientId
        , oauth2ClientSecret = Just clientSecret
        , oauth2AuthorizeEndpoint = "https://mysite.com/oauth/authorize"
        , oauth2TokenEndpoint = "https://mysite.com/oauth/token"
        , oauth2RedirectUri = Nothing
        }

The Prelude module is considered public API, though we may build something higher-level that is more convenient for this use-case in the future.

Development & Tests

stack setup
stack build --dependencies-only
stack build --pedantic --test

Please also run HLint and Weeder before submitting PRs.


CHANGELOG | LICENSE