Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
branch: master
Commits on May 8, 2013
  1. Merge pull request #1 from k0001/ord-uri-instances

    Derive Ord instances for URI and URIAuth if network < 2.4.0
  2. @k0001
Commits on May 7, 2013
Commits on May 6, 2013
  1. Lots of tidying up

  2. Expose client registration

Commits on May 3, 2013
  1. Remove AuthorizationRequest

  2. Replace withBackend with nestBackend

    nestBackend knows how to correctly embed the IO into a Snap Handler,
    and removes the duplicated lift/liftIO calls.
  3. Heavily rewriting auth grant/access token error handling

    The OAuth specification is very specific that there are some cases
    in the authorization grant flow that errors should be presented to
    the resource owner, and sometimes should be redirected to the client.
    As such, the ParamParser isn't really suitable for this flow -
    because there are two phases of parsing. As such, I've ripped
    authorizationRequest apart and moved most of the parsing into there.
    requestToken is yet to be implemented, and currently commented out.
Commits on Apr 25, 2013
Commits on Apr 24, 2013
  1. Expand bearer authentication to POST/query parameters

    This roughs out sections 2.2 and 2.3 of RFC 6750
Commits on Apr 23, 2013
Commits on Jul 21, 2012
  1. Correctly redirect back to clients with '?error' set

    Oliver Charles authored
  2. Revert 'DONE' status on

    Oliver Charles authored
    I finished work on, but remains to be done.
  3. Handle ?code redirection to authorization requests

    Oliver Charles authored
  4. Check for valid redirection URLs in parameter parsers

    Oliver Charles authored
  5. Use MVar for the in-memory authorization grant store

    Oliver Charles authored
    This gives us the correct behavior if an authorization code is used multiple
    times, and automatically expires tokens.
  6. Improve error handling of /token end point

    Oliver Charles authored
    Now guaranteed to return JSON error messages. Also guaranteed to return
    the correct AccessToken JSON on success (while it was previously possible
    to make a mistake and render `()`)
  7. Remove running indentation from auth/token handlers

    Oliver Charles authored
    By using `EitherT (Handler b v ()) m a`, we can easily chain a series of
    actions together, and be optimistic that they will succeed. This lets us
    move the failing cases out of the main function body for clarity, and remove
    the running indentation.
    Also changes all backend stuff to run in IO, not MonadIO, for symmetry with
    the IAuthBackend stuff in Snap.
Commits on Jul 18, 2012
  1. A few more todo entries

    Oliver Charles authored
  2. Improved documentation, renamed lookupAuthorizationGrant to inspect*

    Oliver Charles authored
    This better reflects what is happening, and I've also documented that a client
    must try to ensure that the grant is locked.
Commits on Jul 16, 2012
  1. Checking in

    Oliver Charles authored
  2. Begin working on generic backend support

    Oliver Charles authored
    Moves the existing code to the 'InMemory' store, while I rip things apart and
    decide on a suitable API.
  3. Fix minor typo in examples/Main.hs

    Oliver Charles authored
Something went wrong with that request. Please try again.