haskell/yesod-auth-oauth2
1
0
Fork 0
mirror of https://github.com/freckle/yesod-auth-oauth2.git synced 2026-01-11 19:58:28 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
OAuth2 authentication for yesod
294 Commits 5 Branches 66 Tags 1.1 MiB
Haskell 98.2%
Makefile 1.8%
236d0f4b10
Go to file
patrick brisbin 236d0f4b10 Tighten upper bound on hauth2 
We need to avoid 1.9, where authGetBS changes type. This was the case
until 0036d5f, where it was changed unintentionally.

Fixes #135.
2020-08-23 13:47:10 -04:00
.circleci Disable nightly builds for now 2020-08-19 10:56:37 -04:00
example Add WordPress.com as an auth provider 2020-08-19 10:57:14 -04:00
src Strengthen random state token generation 2020-08-20 11:38:20 -04:00
test Project setup files 2018-01-23 10:16:22 -05:00
.env.example Add WordPress.com to .env.example 2020-08-19 10:57:14 -04:00
.gitignore Bring back example application 2018-02-13 08:59:01 -05:00
.hlint.yaml Address HLint issues 2018-01-23 10:16:22 -05:00
.stylish-haskell.yaml Project setup files 2018-01-23 10:16:22 -05:00
CHANGELOG.md Version bump 2020-08-20 12:12:30 -04:00
LICENSE Correct license information 2018-01-26 13:58:16 -05:00
Makefile Add example Makefile target 2020-08-20 12:11:23 -04:00
package.yaml Tighten upper bound on hauth2 2020-08-23 13:47:10 -04:00
README.md Typos and grammar in README 2018-10-24 08:54:34 -04:00
Setup.lhs Initial import 2013-07-14 11:11:44 +02:00
stack-lts-12.2.yaml Fix for weeder and stack-2 2019-08-29 17:21:28 -04:00
stack-lts-13.2.yaml Fix for weeder and stack-2 2019-08-29 17:21:28 -04:00
stack-nightly.yaml Fix nightly build 2020-08-19 10:56:37 -04:00
stack-nightly.yaml.lock Compile on nightly/ghc-8.8 2019-12-03 20:27:15 -05:00
stack.yaml Fix for weeder and stack-2 2019-08-29 17:21:28 -04:00
stack.yaml.lock Commit stack.yaml.lock 2019-08-29 17:21:28 -04:00

README.md

Yesod.Auth.OAuth2

OAuth2 AuthPlugins for Yesod.

Usage

import Yesod.Auth
import Yesod.Auth.OAuth2.GitHub

instance YesodAuth App where
    -- ...

    authPlugins _ = [oauth2GitHub clientId clientSecret]

clientId :: Text
clientId = "..."

clientSecret :: Text
clientSecret = "..."

Some plugins, such as GitHub and Slack, have scoped functions for requesting additional information:

oauth2SlackScoped [SlackBasicScope, SlackEmailScope] clientId clientSecret

Working with Extra Data

We put the minimal amount of user data possible in credsExtra -- just enough to support you parsing or fetching additional data yourself.

For example, if you work with GitHub and GitHub user profiles, you likely already have a model and a way to parse the /user response. Rather than duplicate all that in our library, we try to make it easy for you to re-use that code yourself:

authenticate creds = do
    let
        -- You can run your own FromJSON parser on the response we already have
        eGitHubUser :: Either String GitHubUser
        eGitHubUser = getUserResponseJSON creds

        -- Avert your eyes, simplified example
        Just accessToken = getAccessToken creds
        Right githubUser = eGitHubUser

    -- Or make followup requests using our access token
    runGitHub accessToken $ userRepositories githubUser

    -- Or store it for later
    insert User
        { userIdent = credsIdent creds
        , userAccessToken = accessToken
        }

NOTE: Avoid looking up values in credsExtra yourself; prefer the provided get functions. The data representation itself is no longer considered public API.

Local Providers

If we don't supply a "Provider" (e.g. GitHub, Google, etc) you need, you can write your own using our provided Prelude:

import Yesod.Auth.OAuth2.Prelude

pluginName :: Text
pluginName = "mysite"

oauth2MySite :: YesodAuth m => Text -> Text -> AuthPlugin m
oauth2MySite clientId clientSecret =
    authOAuth2 pluginName oauth2 $ \manager token -> do
        -- Fetch a profile using the manager and token, leave it a ByteString
        userResponse <- -- ...

        -- Parse it to your preferred identifier, e.g. with Data.Aeson
        userId <- -- ...

        -- See authGetProfile for the typical case

        pure Creds
            { credsPlugin = pluginName
            , credsIdent = userId
            , credsExtra = setExtra token userResponse
            }
  where
    oauth2 = OAuth2
        { oauthClientId = clientId
        , oauthClientSecret = clientSecret
        , oauthOAuthorizeEndpoint = "https://mysite.com/oauth/authorize"
        , oauthAccessTokenEndpoint = "https://mysite.com/oauth/token"
        , oauthCallback = Nothing
        }

The Prelude module is considered public API, though we may build something higher-level that is more convenient for this use-case in the future.

Development & Tests

stack setup
stack build --dependencies-only
stack build --pedantic --test

Please also run HLint and Weeder before submitting PRs.

CHANGELOG | LICENSE