| Safe Haskell | Safe-Inferred |
|---|---|
| Language | Haskell2010 |
Network.OAuth2.Provider.AzureAD
Description
Settings for using Azure Active Directory as OAuth identity provider
Both Auth Code Grant (i.e. with browser client interaction) and App-only (i.e. Client Credentials) authentication flows are supported. The former is useful when a user needs to login and delegate some permissions to the application (i.e. accessing personal data), whereas the second is for server processes and automation accounts.
Synopsis
- data AzureAD
- envClientId :: MonadIO f => f ClientId
- envClientSecret :: MonadIO f => f ClientSecret
- envTenantId :: MonadIO f => f Text
- azureADApp :: MonadIO m => Text -> [Scope] -> m (IdpApplication 'ClientCredentials AzureAD)
- data OAuthCfg = OAuthCfg {
- oacAppName :: Text
- oacScopes :: [Scope]
- oacAuthState :: AuthorizeState
- oacRedirectURI :: URI
- data AzureADUser
- azureOAuthADApp :: MonadIO m => OAuthCfg -> m (IdpApplication 'AuthorizationCode AzureAD)
- data AzureADException = AADNoEnvVar String
Documentation
Environment variables
envClientId :: MonadIO f => f ClientId Source #
AZURE_CLIENT_ID
envClientSecret :: MonadIO f => f ClientSecret Source #
AZURE_CLIENT_SECRET
envTenantId :: MonadIO f => f Text Source #
AZURE_TENANT_ID
App flow
Arguments
| :: MonadIO m | |
| => Text | application name |
| -> [Scope] | scopes |
| -> m (IdpApplication 'ClientCredentials AzureAD) |
Azure OAuth application (i.e. with user consent screen)
NB : scope offline_access is ALWAYS requested
create app at https://go.microsoft.com/fwlink/?linkid=2083908
also be aware to find the right client id. see https://stackoverflow.com/a/70670961
Throws AzureADException if AZURE_CLIENT_ID and/or AZURE_CLIENT_SECRET credentials are not found in the environment
Delegated permissions OAuth2 flow
Configuration object of the OAuth2 application
Constructors
| OAuthCfg | |
Fields
| |
data AzureADUser Source #
Instances
| FromJSON AzureADUser Source # | |
Defined in Network.OAuth2.Provider.AzureAD | |
| Show AzureADUser Source # | |
Defined in Network.OAuth2.Provider.AzureAD Methods showsPrec :: Int -> AzureADUser -> ShowS # show :: AzureADUser -> String # showList :: [AzureADUser] -> ShowS # | |
| Eq AzureADUser Source # | |
Defined in Network.OAuth2.Provider.AzureAD | |
| Ord AzureADUser Source # | |
Defined in Network.OAuth2.Provider.AzureAD Methods compare :: AzureADUser -> AzureADUser -> Ordering # (<) :: AzureADUser -> AzureADUser -> Bool # (<=) :: AzureADUser -> AzureADUser -> Bool # (>) :: AzureADUser -> AzureADUser -> Bool # (>=) :: AzureADUser -> AzureADUser -> Bool # max :: AzureADUser -> AzureADUser -> AzureADUser # min :: AzureADUser -> AzureADUser -> AzureADUser # | |
Arguments
| :: MonadIO m | |
| => OAuthCfg | OAuth configuration |
| -> m (IdpApplication 'AuthorizationCode AzureAD) |
Azure OAuth application (i.e. with user consent screen)
NB : scopes openid and offline_access are ALWAYS requested since the library assumes we have access to refresh tokens and ID tokens
Reference on Microsoft Graph permissions : https://learn.microsoft.com/en-us/graph/permissions-reference
create app at https://go.microsoft.com/fwlink/?linkid=2083908
also be aware to find the right client id. see https://stackoverflow.com/a/70670961
Throws AzureADException if AZURE_CLIENT_ID and/or AZURE_CLIENT_SECRET credentials are not found in the environment
Exceptions
data AzureADException Source #
Constructors
| AADNoEnvVar String |
Instances
| Exception AzureADException Source # | |
Defined in Network.OAuth2.Provider.AzureAD Methods toException :: AzureADException -> SomeException # | |
| Show AzureADException Source # | |
Defined in Network.OAuth2.Provider.AzureAD Methods showsPrec :: Int -> AzureADException -> ShowS # show :: AzureADException -> String # showList :: [AzureADException] -> ShowS # | |