Oz is a web authorization protocol based on industry best practices. Oz combines the Network.Hawk authentication protocol with the Network.Iron encryption protocol to provide a simple to use and secure solution for granting and authenticating third-party access to an API on behalf of a user or an application.

For making Oz-authenticated requests, import the Network.Oz.Client module, which provides wrappers around Network.Wreq.

When implementing an Oz-authenticated application, import Network.Oz.Application and use ozApp to provide a WAI Application and plug it into your application. The endpoints will handle issuing tickets.

authenticate checks tickets provided with Requests.

How it works

1. The application uses its previously issued Hawk credentials to authenticate with the server and request an application ticket. If valid, the server issues an application ticket. (see app endpoint)
2. The application directs the user to grant it authorization by providing the user with its application identifier. The user authenticates with the server, reviews the authorization grant and its scope, and if approved the server returns an rsvp. (see rsvp function)
3. The user returns to the application with the rsvp which the application uses to request a new user-specific ticket. If valid, the server returns a new ticket. (see rsvp endpoint)
4. The application uses the user-ticket to access the user's protected resources. (see authenticate function)