openid-connect-0.1.0.0: An OpenID Connect library that does all the heavy lifting for you

CopyrightThis file is part of the package openid-connect. It is subject to
the license terms in the LICENSE file found in the top-level
directory of this distribution and at:

https://code.devalot.com/sthenauth/openid-connect

No part of this package including this file may be copied
modified propagated or distributed except according to the terms
contained in the LICENSE file.
LicenseBSD-2-Clause
Safe HaskellNone
LanguageHaskell2010

OpenID.Connect.Authentication

Description

 
Synopsis

Documentation

data ClientAuthentication Source #

Methods that a client can use to authenticate with a provider.

Defined in OpenID Connect Core 1.0 §9.

Since: 0.1.0.0

Constructors

ClientSecretBasic

Send credentials using HTTP Basic Authentication.

ClientSecretPost

Send the credentials in the body of an HTTP POST.

ClientSecretJwt

Create a JWT and calculate a message authentication code using a shared secret. The JWT confirms that the client is in possession of the shared secret.

PrivateKeyJwt

Create and sign a JWT using a private key. The provider must already have access to the public key corresponding to the private key.

None

The Client does not authenticate itself at the Token Endpoint, either because it uses only the Implicit Flow (and so does not use the Token Endpoint) or because it is a Public Client with no Client Secret or other authentication mechanism.

Instances
Eq ClientAuthentication Source # 
Instance details

Defined in OpenID.Connect.Authentication

Show ClientAuthentication Source # 
Instance details

Defined in OpenID.Connect.Authentication

Generic ClientAuthentication Source # 
Instance details

Defined in OpenID.Connect.Authentication

Associated Types

type Rep ClientAuthentication :: Type -> Type #

ToJSON ClientAuthentication Source # 
Instance details

Defined in OpenID.Connect.Authentication

FromJSON ClientAuthentication Source # 
Instance details

Defined in OpenID.Connect.Authentication

type Rep ClientAuthentication Source # 
Instance details

Defined in OpenID.Connect.Authentication

type Rep ClientAuthentication = D1 (MetaData "ClientAuthentication" "OpenID.Connect.Authentication" "openid-connect-0.1.0.0-HIrgHH8NHCEDSSsyi1W2Yn" False) ((C1 (MetaCons "ClientSecretBasic" PrefixI False) (U1 :: Type -> Type) :+: C1 (MetaCons "ClientSecretPost" PrefixI False) (U1 :: Type -> Type)) :+: (C1 (MetaCons "ClientSecretJwt" PrefixI False) (U1 :: Type -> Type) :+: (C1 (MetaCons "PrivateKeyJwt" PrefixI False) (U1 :: Type -> Type) :+: C1 (MetaCons "None" PrefixI False) (U1 :: Type -> Type))))

data ClientSecret Source #

Private values needed by the client in order to authenticate with the provider.

The method of authentication is established when the client registers with the provider.

Since: 0.1.0.0

Constructors

AssignedSecretText Text

A client_secret created by the provider and given to the client to use during authentication.

This is the most common way to authenticate with a provider.

AssignedAssertionText Text

A client_secret created by the provider and given to the client. The client must create a JWT and use the client_secret to calculate a message authentication code for the JWT.

AssertionPrivateKey JWK

A private key that is solely in the client's possession. The provider holds the public key portion of the given key.

The client creates and signs a JWT in order to authenticate.

data Credentials Source #

A complete set of credentials used by the client to authenticate with the provider.

Since: 0.1.0.0

Constructors

Credentials 

Fields

type ClientID = Text Source #

A client_id assigned by the provider.

Since: 0.1.0.0

type ClientRedirectURI = URI Source #

The client (relying party) redirection URL previously registered with the OpenID Provider (i.e. a URL to an endpoint on your web site that receives authentication details from the provider via the end-user's browser).

After the provider has authenticated the end-user, they will be redirected to this URL to continue the flow.

NOTE: This URL must match exactly with the one registered with the provider. If they don't match the provider will not redirect the end-user back to your site.

Since: 0.1.0.0

data AuthenticationRequest Source #

§3.1.2.1. Authentication Request.

The fields of this record are send to the provider by way of a URI given to the end-user.

Clients can use the defaultAuthenticationRequest function to easily create a value of this type.

Since: 0.1.0.0

Constructors

AuthenticationRequest 

Fields