krdlab / haskell-oidc-client Goto Github PK
View Code? Open in Web Editor NEWOpenID Connect 1.0 client (RP) library for Haskell
Home Page: https://hackage.haskell.org/package/oidc-client
License: MIT License
OpenID Connect 1.0 client (RP) library for Haskell
Home Page: https://hackage.haskell.org/package/oidc-client
License: MIT License
data OidcFlowException =
DiscoveryFailed Text
| InternalHttpError HttpException
| JwtError JwtError
| ValidationFailed Text -- TODO: details
| InvalidJsonData Text
deriving (Show, Typeable)
foo :: (MonadThrow m, MonadIO m, Throws OidcFlowException) => m ()
foo = ...
Would you be willing to add it to stackage ?
If not, probably I can volunteer to maintain this in Stackage - although it's usually much easier for the author to do necessary bound changes etc to keep it maintaining in stackage.
Hi,
currently discover
is broken because the URL that is generated for discovery includes an additional slash. Instead of
https://issuer.tld/.well-known/openid-configuration
the url
https://issuer.tld//.well-known/openid-configuration
is generated leading to a JSON decode failure.
The issue is here:
https://github.com/krdlab/haskell-oidc-client/blob/master/src/Web/OIDC/Client/Discovery.hs#L53
appendPath ".well-known/openid-configuration" req
works like a charm.
Hi,
Would it be possible to make a new release and make it available in hackage ?
Thanks in advance !
I am using Keycloak as my OIDC provider, and the well-known endpoint advertises PS384
as a supported signing algorithm. Parsing the JSON fails in this case, however this is not ideal. Would it be possible to ignore unsupported algorithms?
Is this typo?
'oidcAuthorizationSeverUrl'
Should this be fixed to
'oidcAuthorizationServerUrl' ?
https://github.com/krdlab/haskell-oidc-client/blob/5b4e4e3/src/Web/OIDC/Client/Settings.hs#L23
The compilation fails with this error:
src/Web/OIDC/Client/Discovery/Provider.hs:43:49: error:
• Variable not in scope:
(<>)
:: m0 a0
-> String
-> aeson-1.4.4.0:Data.Aeson.Types.Internal.Parser JwsAlgJson
• Perhaps you meant one of these:
‘<$>’ (imported from Prelude), ‘<*>’ (imported from Prelude),
‘*>’ (imported from Prelude)
|
43 | other -> fail $ "Non-supported alg: " <> show (unpack other)
| ^^
Failed to install oidc-client-0.4.0.0
Since it is just strings being concatenated, using ++
should fix it.
The switch from cryptonite
to crypton
does not yet appear in a release - would you mind releasing the current code to Hackage?
Thank you for this library! I'm using it for a project at work and it has, so far, worked really well for my use-case.
I am creating this issue ticket to track some usability changes I'm making to your library that I will turn into a PR when it is ready.
The usability issue is the use of asynchronous exceptions. I just discovered that multiple, important functions of this library use throwIO
. The library would be easier to use (i.e. it would compose better) if it did not throw asynchronous exceptions. The function's type signature doesn't document the fact that it may throw on the user, asynchronous exceptions are much more painful to handle than synchronous exceptions, and the functions that do throw could easily return synchronous errors instead (e.g. with Either or a custom type).
relates to #19
Citing from http://hydra.cryp.to/build/1338617/log/raw:
src/Web/OIDC/Client.hs:186:67:
Couldn't match type ‘Either Jwt.JwtError Jwt.JwtContent’
with ‘(Either Jwt.JwtError t0, g)’
Expected type: ByteString -> (Either Jwt.JwtError t0, g)
Actual type: ByteString -> Either Jwt.JwtError Jwt.JwtContent
Relevant bindings include
g :: g (bound at src/Web/OIDC/Client.hs:186:56)
crpg :: IORef g (bound at src/Web/OIDC/Client.hs:177:13)
The function ‘Jwt.decode’ is applied to four arguments,
its type is ‘[Jwk.Jwk]
-> Maybe Jwt.JwtEncoding
-> ByteString
-> m0 (Either Jwt.JwtError Jwt.JwtContent)’,
it is specialized to ‘[Jwk.Jwk]
-> Maybe Jwt.JwtEncoding
-> ByteString
-> ByteString
-> Either Jwt.JwtError Jwt.JwtContent’
In the first argument of ‘swap’, namely
‘(Jwt.decode
g [jwk] (Just $ Jwt.JwsEncoding alg) (Jwt.unJwt jwt'))’
In the expression:
swap
(Jwt.decode g [jwk] (Just $ Jwt.JwsEncoding alg) (Jwt.unJwt jwt'))
src/Web/OIDC/Client.hs:186:80:
Couldn't match expected type ‘Maybe Jwt.JwtEncoding’
with actual type ‘[Jwk.Jwk]’
In the second argument of ‘Jwt.decode’, namely ‘[jwk]’
In the first argument of ‘swap’, namely
‘(Jwt.decode
g [jwk] (Just $ Jwt.JwsEncoding alg) (Jwt.unJwt jwt'))’
In the expression:
swap
(Jwt.decode g [jwk] (Just $ Jwt.JwsEncoding alg) (Jwt.unJwt jwt'))
src/Web/OIDC/Client.hs:186:87:
Couldn't match expected type ‘ByteString’
with actual type ‘Maybe Jwt.JwtEncoding’
In the third argument of ‘Jwt.decode’, namely
‘(Just $ Jwt.JwsEncoding alg)’
In the first argument of ‘swap’, namely
‘(Jwt.decode
g [jwk] (Just $ Jwt.JwsEncoding alg) (Jwt.unJwt jwt'))’
In the expression:
swap
(Jwt.decode g [jwk] (Just $ Jwt.JwsEncoding alg) (Jwt.unJwt jwt'))
src/Web/OIDC/Client.hs:192:67:
Couldn't match type ‘Either Jwt.JwtError Jwt.JwtContent’
with ‘(Either Jwt.JwtError t0, g)’
Expected type: ByteString -> (Either Jwt.JwtError t0, g)
Actual type: ByteString -> Either Jwt.JwtError Jwt.JwtContent
Relevant bindings include
g :: g (bound at src/Web/OIDC/Client.hs:192:56)
crpg :: IORef g (bound at src/Web/OIDC/Client.hs:177:13)
The function ‘Jwt.decode’ is applied to four arguments,
its type is ‘[Jwk.Jwk]
-> Maybe Jwt.JwtEncoding
-> ByteString
-> m0 (Either Jwt.JwtError Jwt.JwtContent)’,
it is specialized to ‘[Jwk.Jwk]
-> Maybe Jwt.JwtEncoding
-> ByteString
-> ByteString
-> Either Jwt.JwtError Jwt.JwtContent’
In the first argument of ‘swap’, namely
‘(Jwt.decode
g [jwk] (Just $ Jwt.JweEncoding alg enc) (Jwt.unJwt jwt'))’
In the expression:
swap
(Jwt.decode
g [jwk] (Just $ Jwt.JweEncoding alg enc) (Jwt.unJwt jwt'))
src/Web/OIDC/Client.hs:192:80:
Couldn't match expected type ‘Maybe Jwt.JwtEncoding’
with actual type ‘[Jwk.Jwk]’
In the second argument of ‘Jwt.decode’, namely ‘[jwk]’
In the first argument of ‘swap’, namely
‘(Jwt.decode
g [jwk] (Just $ Jwt.JweEncoding alg enc) (Jwt.unJwt jwt'))’
In the expression:
swap
(Jwt.decode
g [jwk] (Just $ Jwt.JweEncoding alg enc) (Jwt.unJwt jwt'))
src/Web/OIDC/Client.hs:192:87:
Couldn't match expected type ‘ByteString’
with actual type ‘Maybe Jwt.JwtEncoding’
In the third argument of ‘Jwt.decode’, namely
‘(Just $ Jwt.JweEncoding alg enc)’
In the first argument of ‘swap’, namely
‘(Jwt.decode
g [jwk] (Just $ Jwt.JweEncoding alg enc) (Jwt.unJwt jwt'))’
In the expression:
swap
(Jwt.decode
g [jwk] (Just $ Jwt.JweEncoding alg enc) (Jwt.unJwt jwt'))
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.