Copyright | This file is part of the package openid-connect. It is subject to the license terms in the LICENSE file found in the top-level directory of this distribution and at: https://code.devalot.com/open/openid-connect No part of this package including this file may be copied modified propagated or distributed except according to the terms contained in the LICENSE file. |
---|---|
License | BSD-2-Clause |
Safe Haskell | Safe-Inferred |
Language | Haskell2010 |
Synopsis
- data ClientAuthentication
- data ClientSecret
- data Credentials = Credentials {}
- type ClientID = Text
- type ClientRedirectURI = URI
- data AuthenticationRequest = AuthenticationRequest {
- authRequestRedirectURI :: ClientRedirectURI
- authRequestClientId :: Text
- authRequestScope :: Scope
- authRequestResponseType :: ByteString
- authRequestDisplay :: Maybe ByteString
- authRequestPrompt :: Maybe ByteString
- authRequestMaxAge :: Maybe Int
- authRequestUiLocales :: Maybe Words
- authRequestIdTokenHint :: Maybe ByteString
- authRequestLoginHint :: Maybe Text
- authRequestAcrValues :: Maybe Words
- authRequestOtherParams :: [QueryItem]
Documentation
data ClientAuthentication Source #
Methods that a client can use to authenticate with a provider.
Defined in OpenID Connect Core 1.0 §9.
Since: 0.1.0.0
ClientSecretBasic | Send credentials using HTTP Basic Authentication. |
ClientSecretPost | Send the credentials in the body of an HTTP POST. |
ClientSecretJwt | Create a JWT and calculate a message authentication code using a shared secret. The JWT confirms that the client is in possession of the shared secret. |
PrivateKeyJwt | Create and sign a JWT using a private key. The provider must already have access to the public key corresponding to the private key. |
None | The Client does not authenticate itself at the Token Endpoint, either because it uses only the Implicit Flow (and so does not use the Token Endpoint) or because it is a Public Client with no Client Secret or other authentication mechanism. |
UnsupportedAuthentication Text | Other unsupported possible ways to autenticate the client. Since: 0.2.0 |
Instances
data ClientSecret Source #
Private values needed by the client in order to authenticate with the provider.
The method of authentication is established when the client registers with the provider.
Since: 0.1.0.0
AssignedSecretText Text | A This is the most common way to authenticate with a provider. |
AssignedAssertionText Text | A |
AssertionPrivateKey JWK | A private key that is solely in the client's possession. The provider holds the public key portion of the given key. The client creates and signs a JWT in order to authenticate. |
data Credentials Source #
A complete set of credentials used by the client to authenticate with the provider.
Since: 0.1.0.0
Credentials | |
|
type ClientRedirectURI = URI Source #
The client (relying party) redirection URL previously registered with the OpenID Provider (i.e. a URL to an endpoint on your web site that receives authentication details from the provider via the end-user's browser).
After the provider has authenticated the end-user, they will be redirected to this URL to continue the flow.
NOTE: This URL must match exactly with the one registered with the provider. If they don't match the provider will not redirect the end-user back to your site.
Since: 0.1.0.0
data AuthenticationRequest Source #
§3.1.2.1. Authentication Request.
The fields of this record are send to the provider by way of a URI given to the end-user.
Clients can use the
defaultAuthenticationRequest
function to easily create a value of this type.
Since: 0.1.0.0
AuthenticationRequest | |
|