Safe Haskell	None
Language	Haskell2010

Network.OAuth2.JWT.Client

Contents

Obtain an access token
Claims
Configuration

Description

This is an implementation of the jwt-bearer authorization grant flow that is specified by the OAuth2 JWT profile in rfc7523.

This module includes everything you should need to implement an integration and obtain an access token.

{-# LANGUAGE OverloadedStrings #-}

import           Crypto.JWT (JWK)
import           Network.OAuth2.JWT.Client
import           Network.HTTP.Client (Manager)

The key function here is the grant function which is what you call to get your access token.

The grant function obtains an access token, if we have already aquired one (and it is still valid) we will re-use that token, if we don't already have a token or the token has expired, we go and ask for a new one.

example :: Manager -> JWK -> IO (Either GrantError AccessToken)
example manager key =  do
  let
    endpoint = TokenEndpoint "https://www.googleapis.com/oauth2/v4/token"
    iss = Issuer "example@example.org"
    scopes = [Scope "profile"]
    aud = Audience "https://www.googleapis.com/oauth2/v4/token"
    expiry = ExpiresIn 3600
    claims = Claims iss Nothing aud scopes expiry []
  store <- newStore manager endpoint claims key
  grant store

This operation is safe to call from multiple threads. If we are using a current token reads will happen concurrently, If we have to go to the network the request will be serialised so that only one request is made for a new token.

The access token can be used as a bearer token in an Authorization header. See the specification for more details but it would be something like:

Authorization: Bearer ${ACCESS_TOKEN}

Synopsis

data GrantError
newtype AccessToken = AccessToken {
- renderAccessToken :: Text
}
grant :: Store -> IO (Either GrantError AccessToken)
newtype Issuer = Issuer {
- getIssuer :: Text
}
newtype Scope = Scope {
- getScope :: Text
}
newtype Audience = Audience {
- getAudience :: Text
}
newtype Subject = Subject {
- getSubject :: Text
}
newtype ExpiresIn = ExpiresIn {
- getExpiresIn :: NominalDiffTime
}
data Claims = Claims {
- claimsIssuer :: Issuer
- claimsSubject :: Maybe Subject
- claimsAudience :: Audience
- claimsScopes :: [Scope]
- claimsExpires :: ExpiresIn
- claimsCustom :: [(Text, Value)]
}
newtype TokenEndpoint = TokenEndpoint {
- getTokenEndpoint :: Text
}
data Store
newStore :: Manager -> TokenEndpoint -> Claims -> JWK -> IO Store

Obtain an access token

data GrantError Source #

Constructors

SerialisationGrantError Text
JWTGrantError JWTError
EndpointGrantError Text
StatusGrantError Int Text

Instances

Eq GrantError Source #
Instance details Defined in Network.OAuth2.JWT.Client.AuthorizationGrant Methods (==) :: GrantError -> GrantError -> Bool # (/=) :: GrantError -> GrantError -> Bool #
Show GrantError Source #
Instance details Defined in Network.OAuth2.JWT.Client.AuthorizationGrant Methods showsPrec :: Int -> GrantError -> ShowS # show :: GrantError -> String # showList :: [GrantError] -> ShowS #

newtype AccessToken Source #

Constructors

AccessToken
Fields renderAccessToken :: Text

Instances

Eq AccessToken Source #
Instance details Defined in Network.OAuth2.JWT.Client.Data Methods (==) :: AccessToken -> AccessToken -> Bool # (/=) :: AccessToken -> AccessToken -> Bool #
Ord AccessToken Source #
Instance details Defined in Network.OAuth2.JWT.Client.Data Methods compare :: AccessToken -> AccessToken -> Ordering # (<) :: AccessToken -> AccessToken -> Bool # (<=) :: AccessToken -> AccessToken -> Bool # (>) :: AccessToken -> AccessToken -> Bool # (>=) :: AccessToken -> AccessToken -> Bool # max :: AccessToken -> AccessToken -> AccessToken # min :: AccessToken -> AccessToken -> AccessToken #
Show AccessToken Source #
Instance details Defined in Network.OAuth2.JWT.Client.Data Methods showsPrec :: Int -> AccessToken -> ShowS # show :: AccessToken -> String # showList :: [AccessToken] -> ShowS #

grant :: Store -> IO (Either GrantError AccessToken) Source #

Obtain an access token, if we have already aquired one (and it is still valid) we will re-use that token, if we don't already have a token or the token has expired, we go and ask for a new one.

This operation is safe to call from multiple threads. If we are using a current token reads will happen concurrently, If we have to go to the network the request will be serialised so that only one request is made for a new token.

Claims

newtype Issuer Source #

Constructors

Issuer
Fields getIssuer :: Text

Instances

Eq Issuer Source #
Instance details Defined in Network.OAuth2.JWT.Client.Data Methods (==) :: Issuer -> Issuer -> Bool # (/=) :: Issuer -> Issuer -> Bool #
Ord Issuer Source #
Instance details Defined in Network.OAuth2.JWT.Client.Data Methods compare :: Issuer -> Issuer -> Ordering # (<) :: Issuer -> Issuer -> Bool # (<=) :: Issuer -> Issuer -> Bool # (>) :: Issuer -> Issuer -> Bool # (>=) :: Issuer -> Issuer -> Bool # max :: Issuer -> Issuer -> Issuer # min :: Issuer -> Issuer -> Issuer #
Show Issuer Source #
Instance details Defined in Network.OAuth2.JWT.Client.Data Methods showsPrec :: Int -> Issuer -> ShowS # show :: Issuer -> String # showList :: [Issuer] -> ShowS #

newtype Scope Source #

Constructors

Scope
Fields getScope :: Text

Instances

Eq Scope Source #
Instance details Defined in Network.OAuth2.JWT.Client.Data Methods (==) :: Scope -> Scope -> Bool # (/=) :: Scope -> Scope -> Bool #
Ord Scope Source #
Instance details Defined in Network.OAuth2.JWT.Client.Data Methods compare :: Scope -> Scope -> Ordering # (<) :: Scope -> Scope -> Bool # (<=) :: Scope -> Scope -> Bool # (>) :: Scope -> Scope -> Bool # (>=) :: Scope -> Scope -> Bool # max :: Scope -> Scope -> Scope # min :: Scope -> Scope -> Scope #
Show Scope Source #
Instance details Defined in Network.OAuth2.JWT.Client.Data Methods showsPrec :: Int -> Scope -> ShowS # show :: Scope -> String # showList :: [Scope] -> ShowS #

newtype Audience Source #

Constructors

Audience
Fields getAudience :: Text

Instances

Eq Audience Source #
Instance details Defined in Network.OAuth2.JWT.Client.Data Methods (==) :: Audience -> Audience -> Bool # (/=) :: Audience -> Audience -> Bool #
Ord Audience Source #
Instance details Defined in Network.OAuth2.JWT.Client.Data Methods compare :: Audience -> Audience -> Ordering # (<) :: Audience -> Audience -> Bool # (<=) :: Audience -> Audience -> Bool # (>) :: Audience -> Audience -> Bool # (>=) :: Audience -> Audience -> Bool # max :: Audience -> Audience -> Audience # min :: Audience -> Audience -> Audience #
Show Audience Source #
Instance details Defined in Network.OAuth2.JWT.Client.Data Methods showsPrec :: Int -> Audience -> ShowS # show :: Audience -> String # showList :: [Audience] -> ShowS #

newtype Subject Source #

Constructors

Subject
Fields getSubject :: Text

Instances

Eq Subject Source #
Instance details Defined in Network.OAuth2.JWT.Client.Data Methods (==) :: Subject -> Subject -> Bool # (/=) :: Subject -> Subject -> Bool #
Ord Subject Source #
Instance details Defined in Network.OAuth2.JWT.Client.Data Methods compare :: Subject -> Subject -> Ordering # (<) :: Subject -> Subject -> Bool # (<=) :: Subject -> Subject -> Bool # (>) :: Subject -> Subject -> Bool # (>=) :: Subject -> Subject -> Bool # max :: Subject -> Subject -> Subject # min :: Subject -> Subject -> Subject #
Show Subject Source #
Instance details Defined in Network.OAuth2.JWT.Client.Data Methods showsPrec :: Int -> Subject -> ShowS # show :: Subject -> String # showList :: [Subject] -> ShowS #

newtype ExpiresIn Source #

Constructors

ExpiresIn
Fields getExpiresIn :: NominalDiffTime

Instances

Eq ExpiresIn Source #
Instance details Defined in Network.OAuth2.JWT.Client.Data Methods (==) :: ExpiresIn -> ExpiresIn -> Bool # (/=) :: ExpiresIn -> ExpiresIn -> Bool #
Ord ExpiresIn Source #
Instance details Defined in Network.OAuth2.JWT.Client.Data Methods compare :: ExpiresIn -> ExpiresIn -> Ordering # (<) :: ExpiresIn -> ExpiresIn -> Bool # (<=) :: ExpiresIn -> ExpiresIn -> Bool # (>) :: ExpiresIn -> ExpiresIn -> Bool # (>=) :: ExpiresIn -> ExpiresIn -> Bool # max :: ExpiresIn -> ExpiresIn -> ExpiresIn # min :: ExpiresIn -> ExpiresIn -> ExpiresIn #
Show ExpiresIn Source #
Instance details Defined in Network.OAuth2.JWT.Client.Data Methods showsPrec :: Int -> ExpiresIn -> ShowS # show :: ExpiresIn -> String # showList :: [ExpiresIn] -> ShowS #

data Claims Source #

Constructors

Claims
Fields claimsIssuer :: Issuer claimsSubject :: Maybe Subject claimsAudience :: Audience claimsScopes :: [Scope] claimsExpires :: ExpiresIn claimsCustom :: [(Text, Value)]

Instances

Eq Claims Source #
Instance details Defined in Network.OAuth2.JWT.Client.Data Methods (==) :: Claims -> Claims -> Bool # (/=) :: Claims -> Claims -> Bool #
Show Claims Source #
Instance details Defined in Network.OAuth2.JWT.Client.Data Methods showsPrec :: Int -> Claims -> ShowS # show :: Claims -> String # showList :: [Claims] -> ShowS #

Configuration

newtype TokenEndpoint Source #

Constructors

TokenEndpoint
Fields getTokenEndpoint :: Text

Instances

Eq TokenEndpoint Source #
Instance details Defined in Network.OAuth2.JWT.Client.Data Methods (==) :: TokenEndpoint -> TokenEndpoint -> Bool # (/=) :: TokenEndpoint -> TokenEndpoint -> Bool #
Ord TokenEndpoint Source #
Instance details Defined in Network.OAuth2.JWT.Client.Data Methods compare :: TokenEndpoint -> TokenEndpoint -> Ordering # (<) :: TokenEndpoint -> TokenEndpoint -> Bool # (<=) :: TokenEndpoint -> TokenEndpoint -> Bool # (>) :: TokenEndpoint -> TokenEndpoint -> Bool # (>=) :: TokenEndpoint -> TokenEndpoint -> Bool # max :: TokenEndpoint -> TokenEndpoint -> TokenEndpoint # min :: TokenEndpoint -> TokenEndpoint -> TokenEndpoint #
Show TokenEndpoint Source #
Instance details Defined in Network.OAuth2.JWT.Client.Data Methods showsPrec :: Int -> TokenEndpoint -> ShowS # show :: TokenEndpoint -> String # showList :: [TokenEndpoint] -> ShowS #

data Store Source #

newStore :: Manager -> TokenEndpoint -> Claims -> JWK -> IO Store Source #