Safe Haskell	Safe-Inferred
Language	Haskell2010

Network.OAuth2.Session

Contents

Azure App Service
App-only flow
Delegated permissions flow
- OAuth endpoints
- In-memory user session
Scotty misc

Description

MS Identity user session based on OAuth tokens

provides both Delegated permission flow (user-based) and App-only (e.g. server-server and automation accounts)

Synopsis

withAADUser :: MonadIO m => Tokens UserSub t -> Text -> (t -> Action m ()) -> Action m ()
type Token t = TVar (Maybe t)
newNoToken :: MonadIO m => m (Token t)
expireToken :: MonadIO m => TVar (Maybe a) -> m ()
readToken :: MonadIO m => Token t -> m (Maybe t)
fetchUpdateToken :: MonadIO m => IdpApplication 'ClientCredentials AzureAD -> Token OAuth2Token -> Manager -> m ()
loginEndpoint :: MonadIO m => IdpApplication 'AuthorizationCode AzureAD -> RoutePattern -> Scotty m ()
replyEndpoint :: MonadIO m => IdpApplication 'AuthorizationCode AzureAD -> Tokens UserSub OAuth2Token -> Manager -> RoutePattern -> Scotty m ()
type Tokens uid t = TVar (TokensData uid t)
newTokens :: (MonadIO m, Ord uid) => m (Tokens uid t)
data UserSub
lookupUser :: (MonadIO m, Ord uid) => Tokens uid t -> uid -> m (Maybe t)
expireUser :: (MonadIO m, Ord uid) => Tokens uid t -> uid -> m ()
tokensToList :: MonadIO m => Tokens k a -> m [(k, a)]
type Scotty = ScottyT Text
type Action = ActionT Text

Azure App Service

withAADUser Source #

Arguments

:: MonadIO m
=> Tokens UserSub t
-> Text	login URI
-> (t -> Action m ())	call MSGraph APIs with token `t`, etc.
-> Action m ()

Decode the App Service ID token header X-MS-TOKEN-AAD-ID-TOKEN, look its user up in the local token store, supply token t to continuation. If the user sub cannot be found in the token store the browser is redirected to the login URI.

Special case of aadHeaderIdToken

App-only flow

type Token t = TVar (Maybe t) Source #

newNoToken :: MonadIO m => m (Token t) Source #

expireToken :: MonadIO m => TVar (Maybe a) -> m () Source #

readToken :: MonadIO m => Token t -> m (Maybe t) Source #

fetchUpdateToken :: MonadIO m => IdpApplication 'ClientCredentials AzureAD -> Token OAuth2Token -> Manager -> m () Source #

Fetch an OAuth token and keep it updated. Should be called as a first thing in the app

NB : forks a thread in the background

https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow

Delegated permissions flow

OAuth endpoints

loginEndpoint Source #

Arguments

:: MonadIO m
=> IdpApplication 'AuthorizationCode AzureAD
-> RoutePattern	e.g. `"/login"`
-> Scotty m ()

Login endpoint

see azureADApp

replyEndpoint Source #

Arguments

:: MonadIO m
=> IdpApplication 'AuthorizationCode AzureAD
-> Tokens UserSub OAuth2Token
-> Manager
-> RoutePattern	e.g. `"/oauth/reply"`
-> Scotty m ()

The identity provider redirects the client to the reply endpoint as part of the OAuth flow : https://learn.microsoft.com/en-us/graph/auth-v2-user?view=graph-rest-1.0&tabs=http#authorization-response

NB : forks a thread per logged in user to keep their tokens up to date

In-memory user session

type Tokens uid t = TVar (TokensData uid t) Source #

transactional token store

newTokens :: (MonadIO m, Ord uid) => m (Tokens uid t) Source #

Create an empty Tokens object

data UserSub Source #

sub field

Instances

Instances details

FromJSON UserSub Source #
Instance details Defined in Network.OAuth2.JWT Methods parseJSON :: Value -> Parser UserSub # parseJSONList :: Value -> Parser [UserSub] #
FromJSONKey UserSub Source #
Instance details Defined in Network.OAuth2.JWT Methods fromJSONKey :: FromJSONKeyFunction UserSub # fromJSONKeyList :: FromJSONKeyFunction [UserSub] #
ToJSON UserSub Source #
Instance details Defined in Network.OAuth2.JWT Methods toJSON :: UserSub -> Value # toEncoding :: UserSub -> Encoding # toJSONList :: [UserSub] -> Value # toEncodingList :: [UserSub] -> Encoding #
ToJSONKey UserSub Source #
Instance details Defined in Network.OAuth2.JWT Methods toJSONKey :: ToJSONKeyFunction UserSub # toJSONKeyList :: ToJSONKeyFunction [UserSub] #
IsString UserSub Source #
Instance details Defined in Network.OAuth2.JWT Methods fromString :: String -> UserSub #
Generic UserSub Source #
Instance details Defined in Network.OAuth2.JWT Associated Types type Rep UserSub :: Type -> Type # Methods from :: UserSub -> Rep UserSub x # to :: Rep UserSub x -> UserSub #
Show UserSub Source #
Instance details Defined in Network.OAuth2.JWT Methods showsPrec :: Int -> UserSub -> ShowS # show :: UserSub -> String # showList :: [UserSub] -> ShowS #
Eq UserSub Source #
Instance details Defined in Network.OAuth2.JWT Methods (==) :: UserSub -> UserSub -> Bool # (/=) :: UserSub -> UserSub -> Bool #
Ord UserSub Source #
Instance details Defined in Network.OAuth2.JWT Methods compare :: UserSub -> UserSub -> Ordering # (<) :: UserSub -> UserSub -> Bool # (<=) :: UserSub -> UserSub -> Bool # (>) :: UserSub -> UserSub -> Bool # (>=) :: UserSub -> UserSub -> Bool # max :: UserSub -> UserSub -> UserSub # min :: UserSub -> UserSub -> UserSub #
type Rep UserSub Source #
Instance details Defined in Network.OAuth2.JWT type Rep UserSub = D1 ('MetaData "UserSub" "Network.OAuth2.JWT" "ms-auth-0.1.0.0-EuTDDsRmOO22dXIsHerdJH" 'True) (C1 ('MetaCons "UserSub" 'PrefixI 'True) (S1 ('MetaSel ('Just "userSub") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedLazy) (Rec0 Text)))

lookupUser Source #

Arguments

:: (MonadIO m, Ord uid)
=> Tokens uid t
-> uid	user identifier e.g. `sub`
-> m (Maybe t)

Look up a user identifier and return their current token, if any

expireUser Source #

Arguments

:: (MonadIO m, Ord uid)
=> Tokens uid t
-> uid	user identifier e.g. `sub`
-> m ()

Remove a user, i.e. they will have to authenticate once more

tokensToList :: MonadIO m => Tokens k a -> m [(k, a)] Source #

return a list representation of the Tokens object

Scotty misc

type Scotty = ScottyT Text Source #

type Action = ActionT Text Source #