Permalink
Switch branches/tags
Nothing to show
Commits on May 8, 2013
  1. Merge pull request #1 from k0001/ord-uri-instances

    ocharles committed May 8, 2013
    Derive Ord instances for URI and URIAuth if network < 2.4.0
Commits on May 7, 2013
Commits on May 6, 2013
  1. Lots of tidying up

    ocharles committed May 6, 2013
  2. Expose client registration

    ocharles committed May 6, 2013
Commits on May 3, 2013
  1. Remove AuthorizationRequest

    ocharles committed May 3, 2013
  2. Replace withBackend with nestBackend

    ocharles committed May 3, 2013
    nestBackend knows how to correctly embed the IO into a Snap Handler,
    and removes the duplicated lift/liftIO calls.
  3. Heavily rewriting auth grant/access token error handling

    ocharles committed May 3, 2013
    The OAuth specification is very specific that there are some cases
    in the authorization grant flow that errors should be presented to
    the resource owner, and sometimes should be redirected to the client.
    
    As such, the ParamParser isn't really suitable for this flow -
    because there are two phases of parsing. As such, I've ripped
    authorizationRequest apart and moved most of the parsing into there.
    
    requestToken is yet to be implemented, and currently commented out.
Commits on Apr 25, 2013
Commits on Apr 24, 2013
  1. Expand bearer authentication to POST/query parameters

    ocharles committed Apr 24, 2013
    This roughs out sections 2.2 and 2.3 of RFC 6750
Commits on Apr 23, 2013
Commits on Jul 21, 2012
  1. Correctly redirect back to clients with '?error' set

    Oliver Charles committed Jul 21, 2012
  2. Expand the example application to show a authorize/deny form

    Oliver Charles committed Jul 21, 2012
  3. Revert 'DONE' status on 4.1.2.1

    Oliver Charles committed Jul 21, 2012
    I finished work on 4.2.2.1, but 4.1.2.1 remains to be done.
  4. Handle ?code redirection to authorization requests

    Oliver Charles committed Jul 21, 2012
  5. Check for valid redirection URLs in parameter parsers

    Oliver Charles committed Jul 21, 2012
  6. Use MVar for the in-memory authorization grant store

    Oliver Charles committed Jul 21, 2012
    This gives us the correct behavior if an authorization code is used multiple
    times, and automatically expires tokens.
  7. Improve error handling of /token end point

    Oliver Charles committed Jul 21, 2012
    Now guaranteed to return JSON error messages. Also guaranteed to return
    the correct AccessToken JSON on success (while it was previously possible
    to make a mistake and render `()`)
  8. Remove running indentation from auth/token handlers

    Oliver Charles committed Jul 21, 2012
    By using `EitherT (Handler b v ()) m a`, we can easily chain a series of
    actions together, and be optimistic that they will succeed. This lets us
    move the failing cases out of the main function body for clarity, and remove
    the running indentation.
    
    Also changes all backend stuff to run in IO, not MonadIO, for symmetry with
    the IAuthBackend stuff in Snap.
Commits on Jul 18, 2012
  1. A few more todo entries

    Oliver Charles committed Jul 18, 2012
  2. Improved documentation, renamed lookupAuthorizationGrant to inspect*

    Oliver Charles committed Jul 18, 2012
    This better reflects what is happening, and I've also documented that a client
    must try to ensure that the grant is locked.
Commits on Jul 16, 2012
  1. Checking in todo.org

    Oliver Charles committed Jul 16, 2012
  2. Begin working on generic backend support

    Oliver Charles committed Jul 16, 2012
    Moves the existing code to the 'InMemory' store, while I rip things apart and
    decide on a suitable API.
  3. Fix minor typo in examples/Main.hs

    Oliver Charles committed Jul 16, 2012