truqu / elm-oauth2 / OAuth.Password

The resource owner password credentials grant type is suitable in cases where the resource owner has a trust relationship with the client, such as the device operating system or a highly privileged application. The authorization server should take special care when enabling this grant type and only allow it when other flows are not viable.

There's only one step in this process:

After this step, the client owns a Token that can be used to authorize any subsequent request.

Authenticate

makeTokenRequest : (Result Http.Error AuthenticationSuccess -> msg) -> Authentication -> RequestParts msg

Builds the request components required to get a token in exchange of the resource owner (user) credentials

let req : Http.Request TokenResponse
    req = makeTokenRequest toMsg authentication |> Http.request


type alias Authentication =
{ credentials : Maybe Credentials
, url : Url
, scope : List String
, username : String
, password : String 
}

Request configuration for a Password authentication


type alias Credentials =
{ clientId : String
, secret : String 
}

Describes at least a clientId and if defined, a complete set of credentials with the secret. Optional but may be required by the authorization server you interact with to perform a 'Basic' authentication on top of the authentication request.

  { clientId = "<my-client-id>"
  , secret = "<my-client-secret>"
  }


type alias AuthenticationSuccess =
{ token : OAuth.Token
, refreshToken : Maybe OAuth.Token
, expiresIn : Maybe Basics.Int
, scope : List String 
}

The response obtained as a result of an authentication:


type alias AuthenticationError =
{ error : OAuth.ErrorCode
, errorDescription : Maybe String
, errorUri : Maybe String 
}

Describes an OAuth error as a result of a request failure


type alias RequestParts a =
{ method : String
, headers : List Http.Header
, url : String
, body : Http.Body
, expect : Http.Expect a
, timeout : Maybe Basics.Float
, tracker : Maybe String 
}

Parts required to build a request. This record is given to Http.request in order to create a new request and may be adjusted at will.

JSON Decoders

defaultAuthenticationSuccessDecoder : Json.Decode.Decoder AuthenticationSuccess

Json decoder for a positive response. You may provide a custom response decoder using other decoders from this module, or some of your own craft.

defaultAuthenticationSuccessDecoder : Decoder AuthenticationSuccess
defaultAuthenticationSuccessDecoder =
    D.map4 AuthenticationSuccess
        tokenDecoder
        refreshTokenDecoder
        expiresInDecoder
        scopeDecoder

defaultAuthenticationErrorDecoder : Json.Decode.Decoder AuthenticationError

Json decoder for an errored response.

case res of
    Err (Http.BadStatus { body }) ->
        case Json.decodeString OAuth.Password.defaultAuthenticationErrorDecoder body of
            Ok { error, errorDescription } ->
                doSomething

            _ ->
                parserFailed

    _ ->
        someOtherError

Custom Decoders & Parsers (advanced)

makeTokenRequestWith : OAuth.GrantType -> Json.Decode.Decoder success -> Dict String String -> (Result Http.Error success -> msg) -> Authentication -> RequestParts msg

Like makeTokenRequest, but gives you the ability to specify custom grant type and extra fields to be set on the query.

makeTokenRequest : (Result Http.Error AuthenticationSuccess -> msg) -> Authentication -> RequestParts msg
makeTokenRequest =
    makeTokenRequestWith Password defaultAuthenticationSuccessDecoder Dict.empty

defaultExpiresInDecoder : Json.Decode.Decoder (Maybe Basics.Int)

Json decoder for the expiresIn field.

defaultScopeDecoder : Json.Decode.Decoder (List String)

Json decoder for the scope field (space-separated).

lenientScopeDecoder : Json.Decode.Decoder (List String)

Json decoder for the scope field (comma- or space-separated).

defaultTokenDecoder : Json.Decode.Decoder OAuth.Token

Json decoder for the access_token field.

defaultRefreshTokenDecoder : Json.Decode.Decoder (Maybe OAuth.Token)

Json decoder for the refresh_token field.

defaultErrorDecoder : Json.Decode.Decoder OAuth.ErrorCode

Json decoder for the error field.

defaultErrorDescriptionDecoder : Json.Decode.Decoder (Maybe String)

Json decoder for the error_description field.

defaultErrorUriDecoder : Json.Decode.Decoder (Maybe String)

Json decoder for the error_uri field.