Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/gseitz/oauth-provider

Library for the server-side part of OAuth for web applications in Haskell.
https://github.com/gseitz/oauth-provider

Last synced: 2 months ago
JSON representation

Library for the server-side part of OAuth for web applications in Haskell.

Host: GitHub
URL: https://github.com/gseitz/oauth-provider
Owner: gseitz
License: bsd-3-clause
Created: 2014-03-26T16:41:48.000Z (almost 11 years ago)
Default Branch: master
Last Pushed: 2017-12-15T23:29:21.000Z (about 7 years ago)
Last Synced: 2023-03-11T02:34:20.467Z (almost 2 years ago)
Language: Haskell
Homepage:
Size: 445 KB
Stars: 4
Watchers: 2
Forks: 1
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# oauth-provider [![Build Status](https://travis-ci.org/gseitz/oauth-provider.svg)](https://travis-ci.org/gseitz/oauth-provider)

## Introduction

*oauth-provider* is a web-framework agnostic library for building server
applications with OAuth authentication. Only the [OAuth 1.0](http://tools.ietf.org/html/rfc5849)
standard is currently supported.

## Usage

To use *oauth-provider*, pick an integration package from the list below depending
on you web-framework of choice. Typical usage involves the following steps:

* Build up an `OAuthConfiguration` value for either 1-, 2-, or 3-legged authentication.
* This entails building up various monadic actions for looking up the token secrets, generating token/secret pairs, checking timestamp and nonce for uniqueness, etc...
* Route requests for generating request tokens or access tokens to the provided functions:
* The 1-legged flow uses neither request tokens nor access tokens for authentication, but only the consumer token.
* `twoLeggedRequestTokenRequest`, `twoLeggedAccessTokenRequest` for 2-legged authentication
* `threeLeggedRequestTokenRequest`, `threeLeggedAccessTokenRequest` for 3-legged authentication
* Route all requests to "protected" resources via the `authenticated` function, which takes care of checking the request for valid authentication credentials.

## Examples

*oauth-provider* is not tied to any specifc web-framework. It rather aims to
provide the building blocks for building web-framework specific integration
packages.

There are integrations packages (including examples) for the following 2 web-frameworks:

* Snap: [oauth-provider-snap](https://github.com/gseitz/oauth-provider-snap)
* WAI (Yesod, Scotty): [oauth-provider-wai](https://github.com/gseitz/oauth-provider-wai)