solcates / solcates-elm-oauth2 / OAuth.Password

The resource owner password credentials grant type is suitable in cases where the resource owner has a trust relationship with the client, such as the device operating system or a highly privileged application. The authorization server should take special care when enabling this grant type and only allow it when other flows are not viable.

There's only one step in this process:

After this step, the client owns a Token that can be used to authorize any subsequent request.

Authenticate

makeTokenRequest : (Result Http.Error AuthenticationSuccess -> msg) -> Authentication -> RequestParts msg

Builds the request components required to get a token in exchange of the resource owner (user) credentials

let req : Http.Request TokenResponse
    req = makeTokenRequest toMsg authentication |> Http.request


type alias Authentication =
{ credentials : Maybe Credentials
, url : Url
, scope : List String
, username : String
, password : String 
}

Request configuration for a Password authentication


type alias Credentials =
{ clientId : String
, secret : String 
}

Describes at least a clientId and if defined, a complete set of credentials with the secret. Optional but may be required by the authorization server you interact with to perform a 'Basic' authentication on top of the authentication request.

  { clientId = "<my-client-id>"
  , secret = "<my-client-secret>"
  }


type alias AuthenticationSuccess =
{ token : OAuth.Token
, refreshToken : Maybe OAuth.Token
, expiresIn : Maybe Basics.Int
, scope : List String 
}

The response obtained as a result of an authentication:


type alias AuthenticationError =
{ error : OAuth.ErrorCode
, errorDescription : Maybe String
, errorUri : Maybe String 
}

Describes an OAuth error as a result of a request failure


type alias RequestParts a =
{ method : String
, headers : List Http.Header
, url : String
, body : Http.Body
, expect : Http.Expect a
, timeout : Maybe Basics.Float
, tracker : Maybe String 
}

Parts required to build a request. This record is given to Http.request in order to create a new request and may be adjusted at will.

JSON Decoders

defaultAuthenticationSuccessDecoder : Json.Decode.Decoder AuthenticationSuccess

Json decoder for a positive response. You may provide a custom response decoder using other decoders from this module, or some of your own craft.

defaultAuthenticationSuccessDecoder : Decoder AuthenticationSuccess
defaultAuthenticationSuccessDecoder =
    D.map4 AuthenticationSuccess
        tokenDecoder
        refreshTokenDecoder
        expiresInDecoder
        scopeDecoder

defaultAuthenticationErrorDecoder : Json.Decode.Decoder AuthenticationError

Json decoder for an errored response.

case res of
    Err (Http.BadStatus { body }) ->
        case Json.decodeString OAuth.Password.defaultAuthenticationErrorDecoder body of
            Ok { error, errorDescription } ->
                doSomething

            _ ->
                parserFailed

    _ ->
        someOtherError

JSON Decoders (advanced)

defaultExpiresInDecoder : Json.Decode.Decoder (Maybe Basics.Int)

Json decoder for an 'expire' timestamp

defaultScopeDecoder : Json.Decode.Decoder (List String)

Json decoder for a 'scope'

lenientScopeDecoder : Json.Decode.Decoder (List String)

Json decoder for a 'scope', allowing comma- or space-separated scopes

defaultTokenDecoder : Json.Decode.Decoder OAuth.Token

Json decoder for an 'access_token'

defaultRefreshTokenDecoder : Json.Decode.Decoder (Maybe OAuth.Token)

Json decoder for a 'refresh_token'

defaultErrorDecoder : Json.Decode.Decoder OAuth.ErrorCode

Json decoder for 'error' field

defaultErrorDescriptionDecoder : Json.Decode.Decoder (Maybe String)

Json decoder for 'error_description' field

defaultErrorUriDecoder : Json.Decode.Decoder (Maybe String)

Json decoder for 'error_uri' field