Copyright | This file is part of the package openid-connect. It is subject to the license terms in the LICENSE file found in the top-level directory of this distribution and at: https://code.devalot.com/sthenauth/openid-connect No part of this package including this file may be copied modified propagated or distributed except according to the terms contained in the LICENSE file. |
---|---|
License | BSD-2-Clause |
Safe Haskell | None |
Language | Haskell2010 |
Provider details needed by clients.
Synopsis
- type ProviderDiscoveryURI = URI
- discovery :: Applicative f => HTTPS f -> ProviderDiscoveryURI -> f (Either DiscoveryError (Discovery, Maybe UTCTime))
- keysFromDiscovery :: Applicative f => HTTPS f -> Discovery -> f (Either DiscoveryError (JWKSet, Maybe UTCTime))
- data Provider = Provider {}
- discoveryAndKeys :: Monad m => HTTPS m -> ProviderDiscoveryURI -> m (Either DiscoveryError (Provider, Maybe UTCTime))
- data DiscoveryError
- data Discovery = Discovery {
- issuer :: URI
- authorizationEndpoint :: URI
- tokenEndpoint :: Maybe URI
- userinfoEndpoint :: Maybe URI
- jwksUri :: URI
- registrationEndpoint :: Maybe URI
- scopesSupported :: Maybe Scope
- responseTypesSupported :: NonEmpty Text
- responseModesSupported :: Maybe (NonEmpty Text)
- grantTypesSupported :: Maybe (NonEmpty Text)
- acrValuesSupported :: Maybe (NonEmpty Text)
- subjectTypesSupported :: NonEmpty Text
- idTokenSigningAlgValuesSupported :: NonEmpty Text
- idTokenEncryptionAlgValuesSupported :: Maybe (NonEmpty Text)
- idTokenEncryptionEncValuesSupported :: Maybe (NonEmpty Text)
- userinfoSigningAlgValuesSupported :: Maybe (NonEmpty Text)
- userinfoEncryptionAlgValuesSupported :: Maybe (NonEmpty Text)
- userinfoEncryptionEncValuesSupported :: Maybe (NonEmpty Text)
- requestObjectSigningAlgValuesSupported :: Maybe (NonEmpty Text)
- requestObjectEncryptionAlgValuesSupported :: Maybe (NonEmpty Text)
- requestObjectEncryptionEncValuesSupported :: Maybe (NonEmpty Text)
- tokenEndpointAuthMethodsSupported :: Maybe (NonEmpty ClientAuthentication)
- tokenEndpointAuthSigningAlgValuesSupported :: Maybe (NonEmpty Text)
- displayValuesSupported :: Maybe (NonEmpty Text)
- claimTypesSupported :: Maybe (NonEmpty Text)
- claimsSupported :: Maybe (NonEmpty Text)
- serviceDocumentation :: Maybe Text
- claimsLocalesSupported :: Maybe (NonEmpty Text)
- claimsParameterSupported :: Maybe Bool
- requestParameterSupported :: Maybe Bool
- requestUriParameterSupported :: Maybe Bool
- requireRequestUriRegistration :: Maybe Bool
- opPolicyUri :: Maybe URI
- opTosUri :: Maybe URI
- newtype URI = URI {}
- uriToText :: URI -> Text
Provider discovery
type ProviderDiscoveryURI = URI Source #
URI pointing to an OpenID Connect provider's discovery document.
If necessary, the well-known discovery path will be added automatically.
A list of certified OpenID Connect providers can be found here: https://openid.net/certification/
Since: 0.1.0.0
:: Applicative f | |
=> HTTPS f | A function that can make HTTPS requests. |
-> ProviderDiscoveryURI | The provider's discovery URI. |
-> f (Either DiscoveryError (Discovery, Maybe UTCTime)) |
Fetch the provider's discovery document.
Included with the discovery document is a UTCTime
value
indicating the time at which the content will expire and should be
expunged from your cache. Obviously Nothing
indicates that the
value cannot be cached.
If the given ProviderDiscoveryURI
is missing its path
component, or the path
component is /
it will be rewritten to
the well-known discovery path.
Since: 0.1.0.0
Provider key sets
:: Applicative f | |
=> HTTPS f | A function that can make HTTPS requests. |
-> Discovery | The provider's discovery document. |
-> f (Either DiscoveryError (JWKSet, Maybe UTCTime)) |
Fetch the provider's key set.
Included with the key set is a UTCTime
value indicating the time
at which the content will expire and should be expunged from your
cache.
Since: 0.1.0.0
Provider convenience record
A provider record is made up of their discovery document and keys.
Since: 0.1.0.0
Provider | |
|
:: Monad m | |
=> HTTPS m | A function that can make HTTPS requests. |
-> ProviderDiscoveryURI | The provider's discovery URI. |
-> m (Either DiscoveryError (Provider, Maybe UTCTime)) |
Fetch a provider's discovery document and key set.
This is a convenience function that simply calls discovery
and
keysFromDiscovery
, wrapping them in a Provider
.
If you are caching the results of these functions you probably want to call them individually since they might have very different cache expiration times.
The expiration time returned from this function is the lesser of the two constituents.
Since: 0.1.0.0
Error handling
data DiscoveryError Source #
Errors that may occur during provider discovery.
Since: 0.1.0.0
DiscoveryFailedError ErrorResponse | Failed to decode JSON from the provider. |
InvalidUriError Text | A provider's URI is invalid. The URI is provided as |
Instances
Show DiscoveryError Source # | |
Defined in OpenID.Connect.Client.Provider showsPrec :: Int -> DiscoveryError -> ShowS # show :: DiscoveryError -> String # showList :: [DiscoveryError] -> ShowS # | |
Exception DiscoveryError Source # | |
Defined in OpenID.Connect.Client.Provider |
Discovery document
The provider discovery document as specified in OpenID Connect Discovery 1.0 §3.
Since: 0.1.0.0
Discovery | |
|