{-| Copyright: This file is part of the package openid-connect. It is subject to the license terms in the LICENSE file found in the top-level directory of this distribution and at: https://code.devalot.com/open/openid-connect No part of this package, including this file, may be copied, modified, propagated, or distributed except according to the terms contained in the LICENSE file. License: BSD-2-Clause -} module OpenID.Connect.Discovery ( Discovery(..) , ProviderDiscoveryURI ) where -------------------------------------------------------------------------------- -- Imports: import Data.List.NonEmpty (NonEmpty) import Data.Text (Text) import GHC.Generics (Generic) import qualified Network.URI as Network import OpenID.Connect.Authentication import OpenID.Connect.JSON import OpenID.Connect.Scope -------------------------------------------------------------------------------- -- | URI pointing to an OpenID Connect provider's discovery document. -- -- If necessary, the /well-known/ discovery path will be added -- automatically. -- -- A list of certified OpenID Connect providers can be found here: -- <https://openid.net/certification/> -- -- @since 0.1.0.0 type ProviderDiscoveryURI = Network.URI -------------------------------------------------------------------------------- -- | The provider discovery document as specified in -- /OpenID Connect Discovery 1.0/ §3. -- -- @since 0.1.0.0 data Discovery = Discovery { Discovery -> URI issuer :: URI -- ^ URL using the https scheme with no query or fragment -- component that the OP asserts as its Issuer Identifier. , :: URI -- ^ URL of the OP's OAuth 2.0 Authorization Endpoint. , Discovery -> Maybe URI tokenEndpoint :: Maybe URI -- ^ URL of the OP's OAuth 2.0 Token Endpoint. Not provided when -- using the implicit flow. , Discovery -> Maybe URI userinfoEndpoint :: Maybe URI -- ^ URL of the OP's UserInfo Endpoint. , Discovery -> URI jwksUri :: URI -- ^ URL of the OP's JSON Web Key Set document. , Discovery -> Maybe URI registrationEndpoint :: Maybe URI -- ^ URL of the OP's Dynamic Client Registration Endpoint. , Discovery -> Maybe Scope scopesSupported :: Maybe Scope -- ^ List of OAuth 2.0 scope values that this server supports. , Discovery -> NonEmpty Text responseTypesSupported :: NonEmpty Text -- ^ Array containing a list of the OAuth 2.0 @response_type@ -- values that this OP supports. , Discovery -> Maybe (NonEmpty Text) responseModesSupported :: Maybe (NonEmpty Text) -- ^ JSON array containing a list of the OAuth 2.0 response_mode -- values that this OP supports. , Discovery -> Maybe (NonEmpty Text) grantTypesSupported :: Maybe (NonEmpty Text) -- ^ JSON array containing a list of the OAuth 2.0 Grant Type -- values that this OP supports. , Discovery -> Maybe (NonEmpty Text) acrValuesSupported :: Maybe (NonEmpty Text) -- ^ JSON array containing a list of the Authentication Context -- Class References that this OP supports. , Discovery -> NonEmpty Text subjectTypesSupported :: NonEmpty Text -- ^ JSON array containing a list of the Subject Identifier types -- that this OP supports. , Discovery -> NonEmpty Text idTokenSigningAlgValuesSupported :: NonEmpty Text -- ^ JSON array containing a list of the JWS signing algorithms -- (alg values) supported by the OP for the ID Token to encode the -- Claims in a JWT. , Discovery -> Maybe (NonEmpty Text) idTokenEncryptionAlgValuesSupported :: Maybe (NonEmpty Text) -- ^ JSON array containing a list of the JWE encryption algorithms -- (alg values) supported by the OP for the ID Token to encode the -- Claims in a JWT. , Discovery -> Maybe (NonEmpty Text) idTokenEncryptionEncValuesSupported :: Maybe (NonEmpty Text) -- ^ JSON array containing a list of the JWE encryption algorithms -- (enc values) supported by the OP for the ID Token to encode the -- Claims in a JWT. , Discovery -> Maybe (NonEmpty Text) userinfoSigningAlgValuesSupported :: Maybe (NonEmpty Text) -- ^ JSON array containing a list of the JWS signing algorithms -- (alg values). , Discovery -> Maybe (NonEmpty Text) userinfoEncryptionAlgValuesSupported :: Maybe (NonEmpty Text) -- ^ JSON array containing a list of the JWE encryption algorithms -- (alg values). , Discovery -> Maybe (NonEmpty Text) userinfoEncryptionEncValuesSupported :: Maybe (NonEmpty Text) -- ^ JSON array containing a list of the JWE encryption algorithms -- (enc values). , Discovery -> Maybe (NonEmpty Text) requestObjectSigningAlgValuesSupported :: Maybe (NonEmpty Text) -- ^ JSON array containing a list of the JWS signing algorithms -- (alg values) supported by the OP for Request Objects, which are -- described in Section 6.1 of OpenID Connect Core 1.0. , Discovery -> Maybe (NonEmpty Text) requestObjectEncryptionAlgValuesSupported :: Maybe (NonEmpty Text) -- ^ JSON array containing a list of the JWE encryption algorithms -- (alg values) supported by the OP for Request Objects. These -- algorithms are used both when the Request Object is passed by -- value and when it is passed by reference. , Discovery -> Maybe (NonEmpty Text) requestObjectEncryptionEncValuesSupported :: Maybe (NonEmpty Text) -- ^ JSON array containing a list of the JWE encryption algorithms -- (enc values) supported by the OP for Request Objects. These -- algorithms are used both when the Request Object is passed by -- value and when it is passed by reference. , Discovery -> Maybe (NonEmpty ClientAuthentication) tokenEndpointAuthMethodsSupported :: Maybe (NonEmpty ClientAuthentication) -- ^ JSON array containing a list of Client Authentication methods -- supported by this Token Endpoint. , Discovery -> Maybe (NonEmpty Text) tokenEndpointAuthSigningAlgValuesSupported :: Maybe (NonEmpty Text) -- ^ JSON array containing a list of the JWS signing algorithms -- (alg values) supported by the Token Endpoint for the signature -- on the JWT used to authenticate the Client at the Token -- Endpoint for the private_key_jwt and client_secret_jwt -- authentication methods. , Discovery -> Maybe (NonEmpty Text) displayValuesSupported :: Maybe (NonEmpty Text) -- ^ JSON array containing a list of the display parameter values -- that the OpenID Provider supports. These values are described -- in Section 3.1.2.1 of OpenID Connect Core 1.0. , Discovery -> Maybe (NonEmpty Text) claimTypesSupported :: Maybe (NonEmpty Text) -- ^ JSON array containing a list of the Claim Types -- that the OpenID Provider supports. These Claim Types are -- described in Section 5.6 of OpenID Connect Core 1.0. , Discovery -> Maybe (NonEmpty Text) claimsSupported :: Maybe (NonEmpty Text) -- ^ JSON array containing a list of the Claim Names of the Claims -- that the OpenID Provider MAY be able to supply values for. Note -- that for privacy or other reasons, this might not be an -- exhaustive list. , Discovery -> Maybe Text serviceDocumentation :: Maybe Text -- ^ URL of a page containing human-readable information that -- developers might want or need to know when using the OpenID -- Provider. In particular, if the OpenID Provider does not -- support Dynamic Client Registration, then information on how to -- register Clients needs to be provided in this documentation. , Discovery -> Maybe (NonEmpty Text) claimsLocalesSupported :: Maybe (NonEmpty Text) -- ^ Languages and scripts supported for values in Claims being -- returned, represented as a JSON array of language tag -- values. Not all languages and scripts are necessarily supported -- for all Claim values. , Discovery -> Maybe Bool claimsParameterSupported :: Maybe Bool -- ^ Boolean value specifying whether the OP supports use of the -- claims parameter, with true indicating support. If omitted, the -- default value is false. , Discovery -> Maybe Bool requestParameterSupported :: Maybe Bool -- ^ Boolean value specifying whether the OP supports use of the -- request parameter, with true indicating support. If omitted, -- the default value is false. , Discovery -> Maybe Bool requestUriParameterSupported :: Maybe Bool -- ^ Boolean value specifying whether the OP supports use of the -- request_uri parameter, with true indicating support. If -- omitted, the default value is true. , Discovery -> Maybe Bool requireRequestUriRegistration :: Maybe Bool -- ^ Boolean value specifying whether the OP requires any -- request_uri values used to be pre-registered using the -- request_uris registration parameter. Pre-registration is -- REQUIRED when the value is true. If omitted, the default value -- is false. , Discovery -> Maybe URI opPolicyUri :: Maybe URI -- ^ URL that the OpenID Provider provides to the person -- registering the Client to read about the OP's requirements on -- how the Relying Party can use the data provided by the OP. The -- registration process SHOULD display this URL to the person -- registering the Client if it is given. , Discovery -> Maybe URI opTosUri :: Maybe URI -- ^ URL that the OpenID Provider provides to the person -- registering the Client to read about OpenID Provider's terms of -- service. The registration process SHOULD display this URL to -- the person registering the Client if it is given. , Discovery -> Maybe URI endSessionEndpoint :: Maybe URI -- ^ URL at the OP to which an RP can perform a redirect to -- request that the End-User be logged out at the OP. This URL MUST -- use the https scheme and MAY contain port, path, and query -- parameter components. -- -- @since 0.2.0 } deriving stock (forall x. Rep Discovery x -> Discovery forall x. Discovery -> Rep Discovery x forall a. (forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a $cto :: forall x. Rep Discovery x -> Discovery $cfrom :: forall x. Discovery -> Rep Discovery x Generic, Int -> Discovery -> ShowS [Discovery] -> ShowS Discovery -> String forall a. (Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a showList :: [Discovery] -> ShowS $cshowList :: [Discovery] -> ShowS show :: Discovery -> String $cshow :: Discovery -> String showsPrec :: Int -> Discovery -> ShowS $cshowsPrec :: Int -> Discovery -> ShowS Show) deriving ([Discovery] -> Encoding [Discovery] -> Value Discovery -> Encoding Discovery -> Value forall a. (a -> Value) -> (a -> Encoding) -> ([a] -> Value) -> ([a] -> Encoding) -> ToJSON a toEncodingList :: [Discovery] -> Encoding $ctoEncodingList :: [Discovery] -> Encoding toJSONList :: [Discovery] -> Value $ctoJSONList :: [Discovery] -> Value toEncoding :: Discovery -> Encoding $ctoEncoding :: Discovery -> Encoding toJSON :: Discovery -> Value $ctoJSON :: Discovery -> Value ToJSON, Value -> Parser [Discovery] Value -> Parser Discovery forall a. (Value -> Parser a) -> (Value -> Parser [a]) -> FromJSON a parseJSONList :: Value -> Parser [Discovery] $cparseJSONList :: Value -> Parser [Discovery] parseJSON :: Value -> Parser Discovery $cparseJSON :: Value -> Parser Discovery FromJSON) via GenericJSON Discovery