A Haskell library that implements oauth authentication protocol as defined in http://tools.ietf.org/html/draft-hammer-oauth-10.
According to the RFC [1]: OAuth provides a method for clients to access server resources on behalf of a resource owner (such as a different client or an end- user). It also provides a process for end-users to authorize third- party access to their server resources without sharing their credentials (typically, a username and password pair), using user- agent redirections.
The following code should perform a request using 3 legged oauth, provided the parameters are defined correctly:
reqUrl = fromJust . parseURL $ "https://service.provider/request_token" accUrl = fromJust . parseURL $ "https://service.provider/access_token" srvUrl = fromJust . parseURL $ "http://service/path/to/resource/" authUrl = ("http://service.provider/authorize?oauth_token="++) . findWithDefault ("oauth_token","") . oauthParams app = Application "consumerKey" "consumerSec" OOB response = runOAuth $ do ignite app oauthRequest PLAINTEXT Nothing reqUrl cliAskAuthorization authUrl oauthRequest PLAINTEXT Nothing accUrl serviceRequest HMACSHA1 (Just "realm") srvUrl
- data Token
- = TwoLegg { }
- | ReqToken { }
- | AccessToken { }
- data Application = Application {}
- data OAuthCallback
- data SigMethod
- type Realm = String
- type Nonce = String
- type Timestamp = String
- type OAuthMonad m a = StateT Token m a
- runOAuth :: (MonadIO m, HttpClient m) => OAuthMonad m a -> m a
- oauthRequest :: (MonadIO m, HttpClient m) => SigMethod -> Maybe Realm -> Request -> OAuthMonad m Token
- completeRequest :: MonadIO m => SigMethod -> Token -> Maybe Realm -> Request -> m Request
- serviceRequest :: (MonadIO m, HttpClient m) => SigMethod -> Maybe Realm -> Request -> OAuthMonad m Response
- cliAskAuthorization :: MonadIO m => (Token -> String) -> OAuthMonad m ()
- ignite :: MonadIO m => Application -> OAuthMonad m ()
- getToken :: Monad m => OAuthMonad m Token
- putToken :: Monad m => Token -> OAuthMonad m ()
- twoLegged :: Token -> Bool
- threeLegged :: Token -> Bool
- signature :: SigMethod -> Token -> Request -> String
- injectOAuthVerifier :: String -> Token -> Token
- fromApplication :: Application -> Token
- fromResponse :: Response -> Token -> Either String Token
- authorization :: SigMethod -> Maybe Realm -> Nonce -> Timestamp -> Token -> Request -> String
Types
The OAuth Token.
TwoLegg | There is no valid token present, all requests go unauthenticated. |
ReqToken | The service provider has granted you the request token but the user has not yet authorized your application. If you use this token it will goes as 2 legged OAuth. |
AccessToken | This is a proper 3 legged OAuth. The difference between this and ReqToken is that user has authorized your application and you can perform requests on behalf of that user. |
data OAuthCallback Source
Callback used in oauth authorization
Available signature methods.
PLAINTEXT | The |
HMACSHA1 | The |
The optional authentication realm. Refer to http://oauth.net/core/1.0/#auth_header_authorization for more information.
Random string that is unique amongst requests. Refer to http://oauth.net/core/1.0/#nonce for more information.
Unix timestamp (seconds since epoch). Refer to http://oauth.net/core/1.0/#nonce for more information.
type OAuthMonad m a = StateT Token m aSource
The OAuth monad.
OAuthMonad related functions
runOAuth :: (MonadIO m, HttpClient m) => OAuthMonad m a -> m aSource
Execute the oauth monad and returns the value it produced.
oauthRequest :: (MonadIO m, HttpClient m) => SigMethod -> Maybe Realm -> Request -> OAuthMonad m TokenSource
Executes an oauth request which is intended to upgrade/refresh the current token. Use this combinator to get either a request token or an access token.
completeRequest :: MonadIO m => SigMethod -> Token -> Maybe Realm -> Request -> m RequestSource
Simply complete the request with the required information to perform the oauth request.
serviceRequest :: (MonadIO m, HttpClient m) => SigMethod -> Maybe Realm -> Request -> OAuthMonad m ResponseSource
Performs a signed request with the available token.
cliAskAuthorization :: MonadIO m => (Token -> String) -> OAuthMonad m ()Source
Probably this is just useful for testing. It asks the user (stdout/stdin) to authorize the application and provide the oauth_verifier.
ignite :: MonadIO m => Application -> OAuthMonad m ()Source
Transforms an application into a token.
getToken :: Monad m => OAuthMonad m TokenSource
Extracts the token from the OAuthMonad.
Token related functions
twoLegged :: Token -> BoolSource
Returns true if the token is able to perform 2-legged oauth requests.
threeLegged :: Token -> BoolSource
Tests whether or not the current token is able to perform 3-legged requests.
signature :: SigMethod -> Token -> Request -> StringSource
Signs a request using a given signature method. This expects the request to be a valid request already (for instance, none and timestamp are not set).
injectOAuthVerifier :: String -> Token -> TokenSource
Injects the oauth_verifier into the token. Usually this means the user has authorized the app to access his data.
fromApplication :: Application -> TokenSource
Transforms an application into a token
fromResponse :: Response -> Token -> Either String TokenSource
Receives a response possibly from a service provider and updates the token. As a matter effect, assumes the content-type is application/x-www-form-urlencoded (because some service providers send it as text/plain) and if the status is [200..300) updates the token accordingly.