krdlab / haskell-oidc-client Goto Github PK
View Code? Open in Web Editor NEWOpenID Connect 1.0 client (RP) library for Haskell
Home Page: https://hackage.haskell.org/package/oidc-client
License: MIT License
haskell-oidc-client's People
Contributors
Stargazers
Watchers
Forkers
rvion khibino nmdanny iijlab carstenkoenig tinymce decat-simona akshaymankar 4z3 freckle akii fpco ixmatus awakesecurity pitometsu nathantalewis peterbecich kevinle563 ludat codedownio morucci lf- kokobd chris-martinhaskell-oidc-client's Issues
Redesign Exception
data OidcFlowException =
DiscoveryFailed Text
| InternalHttpError HttpException
| JwtError JwtError
| ValidationFailed Text -- TODO: details
| InvalidJsonData Text
deriving (Show, Typeable)
foo :: (MonadThrow m, MonadIO m, Throws OidcFlowException) => m ()
foo = ...Add tests
Add oidc-client to stackage
Would you be willing to add it to stackage ?
If not, probably I can volunteer to maintain this in Stackage - although it's usually much easier for the author to do necessary bound changes etc to keep it maintaining in stackage.
ID Token Validation
Discovery broken because of malformed url
Hi,
currently discover is broken because the URL that is generated for discovery includes an additional slash. Instead of
https://issuer.tld/.well-known/openid-configuration
the url
https://issuer.tld//.well-known/openid-configuration
is generated leading to a JSON decode failure.
The issue is here:
https://github.com/krdlab/haskell-oidc-client/blob/master/src/Web/OIDC/Client/Discovery.hs#L53
appendPath ".well-known/openid-configuration" req
works like a charm.
state parameter
Release 0.4.0.1
New release 0.6.1.0 ?
Hi,
Would it be possible to make a new release and make it available in hackage ?
Thanks in advance !
Update haddock
Migrate to CircleCI 2.0
Ignore unsupported algorithms
I am using Keycloak as my OIDC provider, and the well-known endpoint advertises PS384 as a supported signing algorithm. Parsing the JSON fails in this case, however this is not ideal. Would it be possible to ignore unsupported algorithms?
May be found typo
Is this typo?
'oidcAuthorizationSeverUrl'
Should this be fixed to
'oidcAuthorizationServerUrl' ?
https://github.com/krdlab/haskell-oidc-client/blob/5b4e4e3/src/Web/OIDC/Client/Settings.hs#L23
Support GHC < 8.4
The compilation fails with this error:
src/Web/OIDC/Client/Discovery/Provider.hs:43:49: error:
• Variable not in scope:
(<>)
:: m0 a0
-> String
-> aeson-1.4.4.0:Data.Aeson.Types.Internal.Parser JwsAlgJson
• Perhaps you meant one of these:
‘<$>’ (imported from Prelude), ‘<*>’ (imported from Prelude),
‘*>’ (imported from Prelude)
|
43 | other -> fail $ "Non-supported alg: " <> show (unpack other)
| ^^
Failed to install oidc-client-0.4.0.0
Since it is just strings being concatenated, using ++ should fix it.
Release
The switch from cryptonite to crypton does not yet appear in a release - would you mind releasing the current code to Hackage?
Add FromJSON ScopeValue
Remove use of `throwIO`
Thank you for this library! I'm using it for a project at work and it has, so far, worked really well for my use-case.
I am creating this issue ticket to track some usability changes I'm making to your library that I will turn into a PR when it is ready.
The usability issue is the use of asynchronous exceptions. I just discovered that multiple, important functions of this library use throwIO. The library would be easier to use (i.e. it would compose better) if it did not throw asynchronous exceptions. The function's type signature doesn't document the fact that it may throw on the user, asynchronous exceptions are much more painful to handle than synchronous exceptions, and the functions that do throw could easily return synchronous errors instead (e.g. with Either or a custom type).
Remove getJwks from validateIdToken
Release 0.4.0.0
- Add ChangeLog.md
- Update version in oidc-client.cabal
Check "nonce" parameter
relates to #19
oidc-client-0.1.0.0 does not compile
Citing from http://hydra.cryp.to/build/1338617/log/raw:
src/Web/OIDC/Client.hs:186:67:
Couldn't match type ‘Either Jwt.JwtError Jwt.JwtContent’
with ‘(Either Jwt.JwtError t0, g)’
Expected type: ByteString -> (Either Jwt.JwtError t0, g)
Actual type: ByteString -> Either Jwt.JwtError Jwt.JwtContent
Relevant bindings include
g :: g (bound at src/Web/OIDC/Client.hs:186:56)
crpg :: IORef g (bound at src/Web/OIDC/Client.hs:177:13)
The function ‘Jwt.decode’ is applied to four arguments,
its type is ‘[Jwk.Jwk]
-> Maybe Jwt.JwtEncoding
-> ByteString
-> m0 (Either Jwt.JwtError Jwt.JwtContent)’,
it is specialized to ‘[Jwk.Jwk]
-> Maybe Jwt.JwtEncoding
-> ByteString
-> ByteString
-> Either Jwt.JwtError Jwt.JwtContent’
In the first argument of ‘swap’, namely
‘(Jwt.decode
g [jwk] (Just $ Jwt.JwsEncoding alg) (Jwt.unJwt jwt'))’
In the expression:
swap
(Jwt.decode g [jwk] (Just $ Jwt.JwsEncoding alg) (Jwt.unJwt jwt'))
src/Web/OIDC/Client.hs:186:80:
Couldn't match expected type ‘Maybe Jwt.JwtEncoding’
with actual type ‘[Jwk.Jwk]’
In the second argument of ‘Jwt.decode’, namely ‘[jwk]’
In the first argument of ‘swap’, namely
‘(Jwt.decode
g [jwk] (Just $ Jwt.JwsEncoding alg) (Jwt.unJwt jwt'))’
In the expression:
swap
(Jwt.decode g [jwk] (Just $ Jwt.JwsEncoding alg) (Jwt.unJwt jwt'))
src/Web/OIDC/Client.hs:186:87:
Couldn't match expected type ‘ByteString’
with actual type ‘Maybe Jwt.JwtEncoding’
In the third argument of ‘Jwt.decode’, namely
‘(Just $ Jwt.JwsEncoding alg)’
In the first argument of ‘swap’, namely
‘(Jwt.decode
g [jwk] (Just $ Jwt.JwsEncoding alg) (Jwt.unJwt jwt'))’
In the expression:
swap
(Jwt.decode g [jwk] (Just $ Jwt.JwsEncoding alg) (Jwt.unJwt jwt'))
src/Web/OIDC/Client.hs:192:67:
Couldn't match type ‘Either Jwt.JwtError Jwt.JwtContent’
with ‘(Either Jwt.JwtError t0, g)’
Expected type: ByteString -> (Either Jwt.JwtError t0, g)
Actual type: ByteString -> Either Jwt.JwtError Jwt.JwtContent
Relevant bindings include
g :: g (bound at src/Web/OIDC/Client.hs:192:56)
crpg :: IORef g (bound at src/Web/OIDC/Client.hs:177:13)
The function ‘Jwt.decode’ is applied to four arguments,
its type is ‘[Jwk.Jwk]
-> Maybe Jwt.JwtEncoding
-> ByteString
-> m0 (Either Jwt.JwtError Jwt.JwtContent)’,
it is specialized to ‘[Jwk.Jwk]
-> Maybe Jwt.JwtEncoding
-> ByteString
-> ByteString
-> Either Jwt.JwtError Jwt.JwtContent’
In the first argument of ‘swap’, namely
‘(Jwt.decode
g [jwk] (Just $ Jwt.JweEncoding alg enc) (Jwt.unJwt jwt'))’
In the expression:
swap
(Jwt.decode
g [jwk] (Just $ Jwt.JweEncoding alg enc) (Jwt.unJwt jwt'))
src/Web/OIDC/Client.hs:192:80:
Couldn't match expected type ‘Maybe Jwt.JwtEncoding’
with actual type ‘[Jwk.Jwk]’
In the second argument of ‘Jwt.decode’, namely ‘[jwk]’
In the first argument of ‘swap’, namely
‘(Jwt.decode
g [jwk] (Just $ Jwt.JweEncoding alg enc) (Jwt.unJwt jwt'))’
In the expression:
swap
(Jwt.decode
g [jwk] (Just $ Jwt.JweEncoding alg enc) (Jwt.unJwt jwt'))
src/Web/OIDC/Client.hs:192:87:
Couldn't match expected type ‘ByteString’
with actual type ‘Maybe Jwt.JwtEncoding’
In the third argument of ‘Jwt.decode’, namely
‘(Just $ Jwt.JweEncoding alg enc)’
In the first argument of ‘swap’, namely
‘(Jwt.decode
g [jwk] (Just $ Jwt.JweEncoding alg enc) (Jwt.unJwt jwt'))’
In the expression:
swap
(Jwt.decode
g [jwk] (Just $ Jwt.JweEncoding alg enc) (Jwt.unJwt jwt'))
Discovery
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.