Are you happy with your logging solution? Would you help us out by taking a 30-second survey? Click here

yesod-auth-oauth2

OAuth2 authentication for yesod

Subscribe to updates I use yesod-auth-oauth2


Statistics on yesod-auth-oauth2

Number of watchers on Github 46
Number of open issues 2
Average time to close an issue 2 months
Main language Haskell
Average time to merge a PR 5 days
Open pull requests 8+
Closed pull requests 18+
Last commit over 1 year ago
Repo Created about 6 years ago
Repo Last Updated over 1 year ago
Size 253 KB
Organization / Authorthoughtbot
Contributors15
Page Updated
Do you use yesod-auth-oauth2? Leave a review!
View open issues (2)
View yesod-auth-oauth2 activity
View on github
Fresh, new opensource launches 🚀🚀🚀
Trendy new open source projects in your inbox! View examples

Subscribe to our mailing list

Evaluating yesod-auth-oauth2 for your project? Score Explanation
Commits Score (?)
Issues & PR Score (?)

Yesod.Auth.OAuth2

OAuth2 AuthPlugins for Yesod.

Usage

import Yesod.Auth
import Yesod.Auth.OAuth2.Github

instance YesodAuth App where
    -- ...

    authPlugins _ = [oauth2Github clientId clientSecret]

clientId :: Text
clientId = "..."

clientSecret :: Text
clientSecret = "..."

Some plugins, such as GitHub and Slack, have scoped functions for requesting additional information:

oauth2SlackScoped [SlackBasicScope, SlackEmailScope] clientId clientSecret

Working with Extra Data

We put the minimal amount of user data possible in credsExtra -- just enough to support you parsing or fetching additional data yourself.

For example, if you work with GitHub and GitHub user profiles, you likely already have a model and a way to parse the /user response. Rather than duplicate all that in our own library, we try to make it easy for you to re-use that code yourself:

authenticate creds = do
    let
        -- You can run your own FromJSON parser on the respose we already have
        eGitHubUser :: Either String GitHubUser
        eGitHubUser = getUserResponseJSON creds

        -- Avert your eyes, simplified example
        Just accessToken = getAccessToken creds
        Right githubUser = eGitHubUser

    -- Or make followup requests using our access token
    runGitHub accessToken $ userRepositories githubUser

    -- Or store it for later
    insert User
        { userIdent = credsIdent creds
        , userAccessToken = accessToken
        }

NOTE: Avoid looking up values in credsExtra yourself; prefer the provided get functions. The data representation itself is no longer considered public API.

Local Providers

If we don't supply a Provider (e.g. GitHub, Google, etc) you need. You can write your own within your codebase:

import Yesod.Auth.OAuth2.Prelude

pluginName :: Text
pluginName = "mysite"

oauth2MySite :: YesodAuth m => Text -> Text -> AuthPlugin m
oauth2MySite clientId clientSecret =
    authOAuth2 pluginName oauth2 $ \manager token -> do
        -- Fetch a profile using the manager and token, leave it a ByteString
        userResponse <- -- ...

        -- Parse it to your preferred identifier, e.g. with Data.Aeson
        userId <- -- ...

        -- See authGetProfile for the typical case

        pure Creds
            { credsPlugin = pluginName
            , credsIdent = userId
            , credsExtra = setExtra token userResponse
            }
  where
    oauth2 = OAuth2
        { oauthClientId = clientId
        , oauthClientSecret = clientSecret
        , oauthOAuthorizeEndpoint = "https://mysite.com/oauth/authorize"
        , oauthAccessTokenEndpoint = "https://mysite.com/oauth/token"
        , oauthCallback = Nothing
        }

The Prelude module is considered public API, though we may build something higher-level that is more convenient for this use-case in the future.

Development & Tests

stack setup
stack build --dependencies-only
stack build --pedantic --test

Please also run HLint and Weeder before submitting PRs.


CHANGELOG | LICENSE

yesod-auth-oauth2 open issues Ask a question     (View All Issues)
  • about 3 years PermissionDenied "Invalid OAuth2 state token"
  • about 3 years Encoding/Decoding Extras is a Pain
  • over 3 years Google switched from OAuth2 to OpenID Connect
yesod-auth-oauth2 open pull requests (View All Pulls)
  • Properly handle empty "location" fields.
  • Add Bitbucket plugin
  • Relax upper bounds on aeson and http-client
  • Just some version bumps for stack 8.5 / ghc 8.x
  • Add Battle.Net plugin
  • Stop returning extra information in GitHub result
  • Provider interface
  • Look for and handle OAuth error responses
yesod-auth-oauth2 list of languages used
Other projects in Haskell