⚠ (DEPRECATED) ⚠ You should probably look into OAuth.AuthorizationCode instead.
The implicit grant type is used to obtain access tokens (it does not support the issuance of refresh tokens) and is optimized for public clients known to operate a particular redirection URI. These clients are typically implemented in a browser using a scripting language such as JavaScript.
To get started, have a look at the live-demo and its corresponding source code.
+---------+ +--------+
| |---(A)- Auth Redirection ------>| |
| | | Auth |
| Browser | | Server |
| | | |
| |<--(B)- Redirection Callback ---| |
+---------+ w/ Access Token +--------+
^ |
| |
(A) (B)
| |
| v
+---------+
| |
| Elm App |
| |
| |
+---------+
After those steps, the client owns a Token
that can be used to authorize any subsequent
request.
makeAuthorizationUrl : Authorization -> Url
Redirects the resource owner (user) to the resource provider server using the specified authorization flow.
{ clientId : String
, url : Url
, redirectUri : Url
, scope : List String
, state : Maybe String
}
Request configuration for an authorization
clientId
(REQUIRED):
The client identifier issues by the authorization server via an off-band mechanism.
url
(REQUIRED):
The authorization endpoint to contact the authorization server.
redirectUri
(OPTIONAL):
After completing its interaction with the resource owner, the authorization
server directs the resource owner's user-agent back to the client via this
URL. May be already defined on the authorization server itself.
scope
(OPTIONAL):
The scope of the access request.
state
(RECOMMENDED):
An opaque value used by the client to maintain state between the request
and callback. The authorization server includes this value when redirecting
the user-agent back to the client. The parameter SHOULD be used for preventing
cross-site request forgery.
parseToken : Url -> AuthorizationResult
Parses the location looking for parameters in the fragment set by the authorization server after redirecting the resource owner (user).
Returns ParseResult Empty
when there's nothing or an invalid Url is passed
AuthorizationResultWith AuthorizationError AuthorizationSuccess
Describes errors coming from attempting to parse a url after an OAuth redirection.
A parameterized AuthorizationResult
, see parseTokenWith
.
Empty
: means there were nothing (related to OAuth 2.0) to parseError
: a successfully parsed OAuth 2.0 errorSuccess
: a successfully parsed token and response{ error : OAuth.ErrorCode
, errorDescription : Maybe String
, errorUri : Maybe String
, state : Maybe String
}
Describes an OAuth error as a result of an authorization request failure
error
(REQUIRED):
A single ASCII error code.
errorDescription
(OPTIONAL)
Human-readable ASCII text providing additional information, used to assist the client developer in
understanding the error that occurred. Values for the errorDescription
parameter MUST NOT
include characters outside the set %x20-21 / %x23-5B / %x5D-7E
.
errorUri
(OPTIONAL):
A URI identifying a human-readable web page with information about the error, used to
provide the client developer with additional information about the error. Values for the
errorUri
parameter MUST conform to the URI-reference syntax and thus MUST NOT include
characters outside the set %x21 / %x23-5B / %x5D-7E
.
state
(REQUIRED if state
was present in the authorization request):
The exact value received from the client
{ token : OAuth.Token
, refreshToken : Maybe OAuth.Token
, expiresIn : Maybe Basics.Int
, scope : List String
, state : Maybe String
}
The response obtained as a result of an authentication (implicit or not)
token
(REQUIRED):
The access token issued by the authorization server.
refreshToken
(OPTIONAL):
The refresh token, which can be used to obtain new access tokens using the same authorization
grant as described in Section 6.
expiresIn
(RECOMMENDED):
The lifetime in seconds of the access token. For example, the value "3600" denotes that the
access token will expire in one hour from the time the response was generated. If omitted, the
authorization server SHOULD provide the expiration time via other means or document the default
value.
scope
(OPTIONAL, if identical to the scope requested; otherwise, REQUIRED):
The scope of the access token as described by Section 3.3.
state
(REQUIRED if state
was present in the authorization request):
The exact value received from the client
makeAuthorizationUrlWith : OAuth.ResponseType -> Dict String String -> Authorization -> Url
Like makeAuthorizationUrl
, but gives you the ability to specify a
custom response type and extra fields to be set on the query.
makeAuthorizationUrl : Authorization -> Url
makeAuthorizationUrl =
makeAuthorizationUrlWith Token Dict.empty
For example, to interact with a service implementing OpenID+Connect
you may require a different
token type and an extra query parameter as such:
makeAuthorizationUrlWith
(CustomResponse "token+id_token")
(Dict.fromList [ ( "resource", "001" ) ])
authorization
parseTokenWith : Parsers error success -> Url -> AuthorizationResultWith error success
Like parseToken
, but gives you the ability to provide your own custom parsers.
This is especially useful when interacting with authorization servers that don't quite implement the OAuth2.0 specifications.
parseToken : Url -> AuthorizationResultWith AuthorizationError AuthorizationSuccess
parseToken =
parseTokenWith defaultParsers
{ tokenParser : Url.Parser.Query.Parser (Maybe OAuth.Token)
, errorParser : Url.Parser.Query.Parser (Maybe OAuth.ErrorCode)
, authorizationSuccessParser : OAuth.Token -> Url.Parser.Query.Parser success
, authorizationErrorParser : OAuth.ErrorCode -> Url.Parser.Query.Parser error
}
Parsers used in the parseToken
function.
tokenParser
: Looks for an access_token
and token_type
to build a Token
errorParser
: Looks for an error
to build a corresponding ErrorCode
authorizationSuccessParser
: Selected when the tokenParser
succeeded to parse the remaining partsauthorizationErrorParser
: Selected when the errorParser
succeeded to parse the remaining partsdefaultParsers : Parsers AuthorizationError AuthorizationSuccess
Default parsers according to RFC-6749.
defaultTokenParser : Url.Parser.Query.Parser (Maybe OAuth.Token)
Default access_token
parser according to RFC-6749.
defaultErrorParser : Url.Parser.Query.Parser (Maybe OAuth.ErrorCode)
Default error
parser according to RFC-6749.
defaultAuthorizationSuccessParser : OAuth.Token -> Url.Parser.Query.Parser AuthorizationSuccess
Default response success parser according to RFC-6749.
defaultAuthorizationErrorParser : OAuth.ErrorCode -> Url.Parser.Query.Parser AuthorizationError
Default response error parser according to RFC-6749.