Skip to content

Commit

Permalink
adding bot framework auth
Browse files Browse the repository at this point in the history
  • Loading branch information
Marco Zocca committed Aug 10, 2023
1 parent 81fcecc commit d620c3b
Show file tree
Hide file tree
Showing 3 changed files with 52 additions and 2 deletions.
2 changes: 1 addition & 1 deletion ms-auth/ms-auth.cabal
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: ms-auth
version: 0.3.0.0
version: 0.4.0.0
synopsis: Microsoft Authentication API
description: Bindings to the Microsoft Identity API / Active Directory (AD) for building applications that use either Authorization Code (User-facing) or (App-only) authorization flows. Helper functions are provided for building OAuth2 authentication flows and keep tokens transactionally secure and up to date.
homepage: https://github.com/unfoldml/ms-graph-api
Expand Down
31 changes: 30 additions & 1 deletion ms-auth/src/Network/OAuth2/Provider/AzureAD.hs
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,18 @@
-- | Settings for using Azure Active Directory as OAuth identity provider
--
-- Both @Auth Code Grant@ (i.e. with browser client interaction) and @App-only@ (i.e. Client Credentials) authentication flows are supported. The former is useful when a user needs to login and delegate some permissions to the application (i.e. accessing personal data), whereas the second is for server processes and automation accounts.
--
-- Azure Bot Framework is supported since v 0.
module Network.OAuth2.Provider.AzureAD (
AzureAD
, AzureBotFramework
-- * Environment variables
, envClientId
, envClientSecret
, envTenantId
-- * App flow
, azureADApp
, azureBotFrameworkOAuthADApp
-- * Delegated permissions OAuth2 flow
, OAuthCfg(..)
, AzureADUser
Expand Down Expand Up @@ -163,7 +167,7 @@ defaultAzureOAuthADApp =
, idpAppAuthorizeState = "CHANGE_ME" -- https://stackoverflow.com/questions/26132066/what-is-the-purpose-of-the-state-parameter-in-oauth-authorization-request
, idpAppAuthorizeExtraParams = Map.empty
, idpAppRedirectUri = [uri|http://localhost|] --
, idpAppName = "default-azure-app" --
, idpAppName = "" --
, idpAppTokenRequestAuthenticationMethod = ClientSecretBasic
, idp = defaultAzureADIdp
}
Expand All @@ -178,6 +182,31 @@ defaultAzureADIdp =
, idpTokenEndpoint = [uri|https://login.microsoftonline.com/common/oauth2/v2.0/token|]
}

-- |
azureBotFrameworkOAuthADApp :: ClientId
-> ClientSecret
-> TL.Text -- ^ app name
-> IdpApplication 'ClientCredentials AzureBotFramework
azureBotFrameworkOAuthADApp clid sec appname = ClientCredentialsIDPAppConfig {
idpAppClientId = clid,
idpAppClientSecret = sec,
idpAppName = appname,
idpAppScope = Set.fromList ["https://api.botframework.com/.default"],
idpAppTokenRequestExtraParams = mempty,
idp = defaultAzureBotFrameworkIdp
}


data AzureBotFramework = AzureBotFramework

defaultAzureBotFrameworkIdp :: Idp AzureBotFramework
defaultAzureBotFrameworkIdp = Idp {
idpFetchUserInfo = authGetJSON @(IdpUserInfo AzureBotFramework)
, idpTokenEndpoint = [uri|https://login.microsoftonline.com/botframework.com/oauth2/v2.0/token|]
, idpUserInfoEndpoint = error $ unwords ["Azure Bot Framework Idp:", "OAuth user info endpoint is not defined"]
, idpAuthorizeEndpoint = error $ unwords ["Azure Bot Framework Idp:", "OAuth authorize endpoint is not defined"]
}

-- | https://learn.microsoft.com/en-us/azure/active-directory/develop/userinfo
data AzureADUser = AzureADUser
{ sub :: T.Text
Expand Down
21 changes: 21 additions & 0 deletions ms-auth/src/Network/OAuth2/Session.hs
Original file line number Diff line number Diff line change
Expand Up @@ -372,6 +372,27 @@ fetchUpdateTokenACG ts idpApp mgr etoken = ExceptT $ do
Left es -> pure $ Left (OASEJWTException es) -- id token validation failed
Left es -> pure $ Left (OASEOAuth2Errors es)


-- -- -- for Bot Framework auth etc
-- fetchUpdateToken' :: MonadIO m =>
-- Tokens UserSub OAuth2Token
-- -> IdpApplication 'ClientCredentials i
-- -> Manager
-- -> ExceptT OAuthSessionError m OAuth2Token
-- fetchUpdateToken' ts idpApp mgr = ExceptT $ do
-- tokenResp <- runExceptT $ conduitTokenRequest idpApp mgr -- OAuth2 token
-- case tokenResp of
-- Right oat -> case idToken oat of
-- Nothing -> pure $ Left OASENoOpenID
-- Just idt -> do
-- idtClaimsE <- decValidIdToken idt -- decode and validate ID token
-- case idtClaimsE of
-- Right uid -> do
-- _ <- refreshLoopACG ts idpApp mgr uid oat -- fork a thread and start refresh loop for this user
-- pure $ Right oat



-- | 2) fork a thread and start token refresh loop for user @uid@
refreshLoopACG :: (MonadIO m, Ord uid, HasRefreshTokenRequest a) =>
Tokens uid OAuth2Token
Expand Down

0 comments on commit d620c3b

Please sign in to comment.