mirror of
https://github.com/freckle/yesod-auth-oauth2.git
synced 2026-01-11 19:58:28 +01:00
a8de561848
This adds support for `ghc-9.12` / `hoauth2-2.15` and drops support for
`ghc < 9.4` / `hoauth2 < 2.8`.
Since this would be a major version bump no matter what, I've changed
the interface we present to align with `hoauth2-2.15`. This means using
the newer `fetch` functions, and `TokenResponse{,Error}` type names.
I've maintained our own `OAuth2` type so that the redirect-uri can
remain a `Maybe` field. The way plugins are constructed, we need to
build an `OAuth2` value in a pure context without one, which is then
supplied later, when we have `MonadHandler` and so can render URLs.
62 lines
1.8 KiB
Haskell
62 lines
1.8 KiB
Haskell
{-# LANGUAGE OverloadedStrings #-}
|
|
|
|
module Yesod.Auth.OAuth2.GitLab
|
|
( oauth2GitLab
|
|
, oauth2GitLabHostScopes
|
|
, defaultHost
|
|
, defaultScopes
|
|
) where
|
|
|
|
import Yesod.Auth.OAuth2.Prelude
|
|
|
|
import qualified Data.Text as T
|
|
|
|
newtype User = User Int
|
|
|
|
instance FromJSON User where
|
|
parseJSON = withObject "User" $ \o -> User <$> o .: "id"
|
|
|
|
pluginName :: Text
|
|
pluginName = "gitlab"
|
|
|
|
defaultHost :: URI
|
|
defaultHost = "https://gitlab.com"
|
|
|
|
defaultScopes :: [Text]
|
|
defaultScopes = ["read_user"]
|
|
|
|
-- | Authorize with @gitlab.com@ and @[\"read_user\"]@
|
|
--
|
|
-- To customize either of these values, use @'oauth2GitLabHostScopes'@ and pass
|
|
-- the default for the argument not being customized. Note that we require at
|
|
-- least @read_user@, so we can request the credentials identifier.
|
|
--
|
|
-- > oauth2GitLabHostScopes defaultHost ["api", "read_user"]
|
|
-- > oauth2GitLabHostScopes "https://gitlab.example.com" defaultScopes
|
|
oauth2GitLab :: YesodAuth m => Text -> Text -> AuthPlugin m
|
|
oauth2GitLab = oauth2GitLabHostScopes defaultHost defaultScopes
|
|
|
|
oauth2GitLabHostScopes
|
|
:: YesodAuth m => URI -> [Text] -> Text -> Text -> AuthPlugin m
|
|
oauth2GitLabHostScopes host scopes clientId clientSecret =
|
|
authOAuth2 pluginName oauth2 $ \manager token -> do
|
|
(User userId, userResponse) <-
|
|
authGetProfile pluginName manager token $ host `withPath` "/api/v4/user"
|
|
|
|
pure
|
|
Creds
|
|
{ credsPlugin = pluginName
|
|
, credsIdent = T.pack $ show userId
|
|
, credsExtra = setExtra token userResponse
|
|
}
|
|
where
|
|
oauth2 =
|
|
OAuth2
|
|
{ oauth2ClientId = clientId
|
|
, oauth2ClientSecret = clientSecret
|
|
, oauth2AuthorizeEndpoint =
|
|
host `withPath` "/oauth/authorize" `withQuery` [scopeParam " " scopes]
|
|
, oauth2TokenEndpoint = host `withPath` "/oauth/token"
|
|
, oauth2RedirectUri = Nothing
|
|
}
|