vendor in hoauth

unfoldml · Oct 4, 2023 · 71e8f49 · 71e8f49
1 parent 6811525
commit 71e8f49
Show file tree

Hide file tree

Showing 13 changed files with 1,919 additions and 11 deletions.
diff --git a/ms-auth/ms-auth.cabal b/ms-auth/ms-auth.cabal
@@ -1,5 +1,5 @@
 name:                ms-auth
-version:             0.4.0.0
+version:             0.5.0.0
 synopsis:            Microsoft Authentication API
 description:         Bindings to the Microsoft Identity API / Active Directory (AD) for building applications that use either Authorization Code (User-facing) or (App-only) authorization flows. Helper functions are provided for building OAuth2 authentication flows and keep tokens transactionally secure and up to date.
 homepage:            https://github.com/unfoldml/ms-graph-api
@@ -20,25 +20,42 @@ library
   hs-source-dirs:      src
   exposed-modules:     MSAuth
                        Network.OAuth2.Provider.AzureAD
-  other-modules:       Network.OAuth2.JWT
+  other-modules:       Network.OAuth2.Provider.AzureAD.SharedKey
+                       Network.OAuth.OAuth2
+                       Network.OAuth.OAuth2.AuthorizationRequest
+                       Network.OAuth.OAuth2.HttpClient
+                       Network.OAuth.OAuth2.Internal
+                       Network.OAuth.OAuth2.TokenRequest
+                       Network.OAuth2.Internal.Pkce
+                       Network.OAuth2.Internal.Types
+                       Network.OAuth2.Internal.Utils
+                       Network.OAuth2.JWT
                        Network.OAuth2.Session
   build-depends:       aeson
                      , base >= 4.7 && < 5
+                     , binary >= 0.8
+                     , base64
                      , bytestring
+                     , conduit >= 1.3
                      , containers
+                     , cryptohash-sha256
                      , directory
                      , directory >= 1.3.6.2
-                     , hoauth2 == 2.6.0
+                     , entropy
+                     , exceptions >= 0.10
                      , http-client
+                     , http-conduit >= 2.3
                      , http-types
                      , jwt
+                     , microlens >= 0.4
                      , scientific
                      , scotty
                      , text
                      , time
                      , transformers
                      , unliftio
                      , uri-bytestring
+                     , uri-bytestring-aeson >= 0.1
                      , validation-micro
   ghc-options:         -Wall
                        -Wcompat

diff --git a/ms-auth/src/Network/OAuth/OAuth2.hs b/ms-auth/src/Network/OAuth/OAuth2.hs
@@ -0,0 +1,19 @@
+-- | A lightweight oauth2 Haskell binding.
+-- See Readme for more details
+--
+module Network.OAuth.OAuth2
+  ( module Network.OAuth.OAuth2.HttpClient,
+    module Network.OAuth.OAuth2.AuthorizationRequest,
+    module Network.OAuth.OAuth2.TokenRequest,
+    module Network.OAuth.OAuth2.Internal,
+  )
+where
+
+{-
+  Hiding Errors data type from default.
+  Shall qualified import given the naming collision.
+-}
+import Network.OAuth.OAuth2.AuthorizationRequest hiding (Errors(..))
+import Network.OAuth.OAuth2.HttpClient
+import Network.OAuth.OAuth2.Internal
+import Network.OAuth.OAuth2.TokenRequest hiding (Errors(..))
diff --git a/ms-auth/src/Network/OAuth/OAuth2/AuthorizationRequest.hs b/ms-auth/src/Network/OAuth/OAuth2/AuthorizationRequest.hs
@@ -0,0 +1,68 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE OverloadedStrings #-}
+
+-- | Bindings Authorization part of The OAuth 2.0 Authorization Framework
+-- RFC6749 <https://www.rfc-editor.org/rfc/rfc6749>
+module Network.OAuth.OAuth2.AuthorizationRequest where
+
+import Data.Aeson
+import Data.Function (on)
+import qualified Data.List as List
+import qualified Data.Text.Encoding as T
+import GHC.Generics (Generic)
+import Lens.Micro (over)
+import Network.OAuth.OAuth2.Internal
+import URI.ByteString
+
+--------------------------------------------------
+
+-- * Errors
+
+--------------------------------------------------
+
+instance FromJSON Errors where
+  parseJSON = genericParseJSON defaultOptions {constructorTagModifier = camelTo2 '_', allNullaryToStringTag = True}
+
+instance ToJSON Errors where
+  toEncoding = genericToEncoding defaultOptions {constructorTagModifier = camelTo2 '_', allNullaryToStringTag = True}
+
+-- | Authorization Code Grant Error Responses https://tools.ietf.org/html/rfc6749#section-4.1.2.1
+-- I found hard time to figure a way to test the authorization error flow
+-- When anything wrong in @/authorize@ request (redirect to OAuth2 provider),
+-- it will end-up at the Provider page hence no way for this library to parse error response.
+-- In other words, @/authorize@ ends up with 4xx or 5xx.
+-- Revisit this whenever find a case OAuth2 provider redirects back to Relying party with errors.
+data Errors
+  = InvalidRequest
+  | UnauthorizedClient
+  | AccessDenied
+  | UnsupportedResponseType
+  | InvalidScope
+  | ServerError
+  | TemporarilyUnavailable
+  deriving (Show, Eq, Generic)
+
+--------------------------------------------------
+
+-- * URLs
+
+--------------------------------------------------
+
+-- | See 'authorizationUrlWithParams'
+authorizationUrl :: OAuth2 -> URI
+authorizationUrl = authorizationUrlWithParams []
+
+-- | Prepare the authorization URL.  Redirect to this URL
+-- asking for user interactive authentication.
+--
+-- @since 2.6.0
+authorizationUrlWithParams :: QueryParams -> OAuth2 -> URI
+authorizationUrlWithParams qs oa = over (queryL . queryPairsL) (++ queryParts) (oauth2AuthorizeEndpoint oa)
+  where
+    queryParts =
+      List.nubBy ((==) `on` fst) $
+        qs
+          ++ [ ("client_id", T.encodeUtf8 $ oauth2ClientId oa),
+               ("response_type", "code"),
+               ("redirect_uri", serializeURIRef' $ oauth2RedirectUri oa)
+             ]