Safe Haskell | None |
---|
Functions for OAuth 2.0 authentication for Google APIs.
If you are new to Google web API's, bear in mind that there are three different methods for accessing APIs (installed applications, web apps, service-to-service), and this library is most useful for "installed applications".
Installed applications need the user to grant permission in a browser at least
once (see formUrl
). However, while the resulting accessToken
expires quickly,
the refreshToken
can be used indefinitely for retrieving new access tokens.
Thus this approach can be suitable for long running or periodic programs that
access Google data.
Below is a quick-start program which will list any Google Fusion tables the user possesses. It requires the client ID and secret retrieved from https://code.google.com/apis/console.
import Control.Monad (unless) import System.Info (os) import System.Process (system, rawSystem) import System.Exit (ExitCode(..)) import System.Directory (doesFileExist) import Network.Google.OAuth2 (formUrl, exchangeCode, refreshTokens, OAuth2Client(..), OAuth2Tokens(..)) import Network.Google (makeRequest, doRequest) import Network.HTTP.Conduit (simpleHttp) -- cid = "INSTALLED_APP_CLIENT_ID" secret = "INSTALLED_APP_SECRET_HERE" file = "./tokens.txt" -- main = do -- Ask for permission to read/write your fusion tables: let client = OAuth2Client { clientId = cid, clientSecret = secret } permissionUrl = formUrl client ["https:www.googleapis.comauthfusiontables"] b <- doesFileExist file unless b $ do putStrLn$ "Load this URL: "++show permissionUrl case os of "linux" -> rawSystem "gnome-open" [permissionUrl] "darwin" -> rawSystem "open" [permissionUrl] _ -> return ExitSuccess putStrLn "Please paste the verification code: " authcode <- getLine tokens <- exchangeCode client authcode putStrLn$ "Received access token: "++show (accessToken tokens) tokens2 <- refreshTokens client tokens putStrLn$ "As a test, refreshed token: "++show (accessToken tokens2) writeFile file (show tokens2) accessTok <- fmap (accessToken . read) (readFile file) putStrLn "As a test, list the users tables:" response <- simpleHttp ("https:www.googleapis.comfusiontablesv1/tables?access_token="++accessTok) putStrLn$ BL.unpack response
- data OAuth2Client = OAuth2Client {
- clientId :: String
- clientSecret :: String
- type OAuth2Scope = String
- data OAuth2Tokens = OAuth2Tokens {}
- googleScopes :: [(String, OAuth2Scope)]
- formUrl :: OAuth2Client -> [OAuth2Scope] -> String
- exchangeCode :: OAuth2Client -> OAuth2Code -> IO OAuth2Tokens
- refreshTokens :: OAuth2Client -> OAuth2Tokens -> IO OAuth2Tokens
- validateTokens :: OAuth2Tokens -> IO Rational
- getCachedTokens :: OAuth2Client -> IO OAuth2Tokens
Types
data OAuth2Client Source
OAuth2Client | |
|
type OAuth2Scope = StringSource
An OAuth 2.0 scope.
data OAuth2Tokens Source
OAuth 2.0 tokens.
OAuth2Tokens | |
|
Functions
:: [(String, OAuth2Scope)] | List of names and the corresponding scopes. |
The OAuth 2.0 scopes for Google APIs, see https://developers.google.com/oauthplayground/.
:: OAuth2Client | The OAuth 2.0 client. |
-> [OAuth2Scope] | The OAuth 2.0 scopes to be authorized. |
-> String | The URL for authorization. |
Form a URL for authorizing an installed application, see https://developers.google.com/accounts/docs/OAuth2InstalledApp#formingtheurl.
:: OAuth2Client | The OAuth 2.0 client. |
-> OAuth2Code | The authorization code. |
-> IO OAuth2Tokens | The action for obtaining the tokens. |
Exchange an authorization code for tokens, see https://developers.google.com/accounts/docs/OAuth2InstalledApp#handlingtheresponse.
:: OAuth2Client | The client. |
-> OAuth2Tokens | The tokens. |
-> IO OAuth2Tokens | The action to refresh the tokens. |
Refresh OAuth 2.0 tokens, see https://developers.google.com/accounts/docs/OAuth2InstalledApp#refresh.
:: OAuth2Tokens | The tokens. |
-> IO Rational | The number of seconds until the access token expires. |
Validate OAuth 2.0 tokens, see https://developers.google.com/accounts/docs/OAuth2Login#validatingtoken.
:: OAuth2Client | The client is the "key" for token lookup. |
-> IO OAuth2Tokens |
Provide a hassle-free way to retrieve and refresh tokens from a users home directory, OR ask the user for permission.
The first time it is called, this may open a web-browser, and/or request the user enter data on the command line. Subsequently, invocations on the same machine should not communicate with the user.
If the tokens do not expire until more than 15 minutes in the future, this
procedure will skip the refresh step. Whether or not it refreshes should be
immaterial to the clients subsequent actions, because all clients should handle
authentication errors (and all 5xx errors) and call refreshToken
as necessary.