Releases: truqu/elm-oauth2
Releases · truqu/elm-oauth2
Documentation Tweaks
-
Softly deprecate Implicit and put AuthorizationCode and AuthorizationCode w/ PKCE more in the spotlights, as per security recommendations.
-
Documentation tweaks and improvements (better cross-link references, better code highlights, links to examples).
Additional advanced options for parsers, encoders and url builders
-
Allow more advanced control for tweaking parsers, decoders and url builders. This is particularly useful for applications integrating with systems which are either not strictly following the OAuth2.0 specifications, or, systems who introduce custom fields of some importance for the underlying application. (see #29, #23, #21)
-
Update dependencies for base64 encoding
Diff
OAuth - MINOR
-
Added:
type GrantType = AuthorizationCode | Password | ClientCredentials | RefreshToken | CustomGrant String grantTypeToString : GrantType -> String
type ResponseType = Code | Token | CustomResponse String responseTypeToString : ResponseType -> String
OAuth.Implicit - MAJOR
-
Added:
makeAuthorizationUrlWith : ResponseType -> Dict String String -> Authorization -> Url
-
Changed:
-- type alias Parsers = -- { tokenParser : -- Query.Parser (Maybe Token) -- , errorParser : -- Query.Parser (Maybe ErrorCode) -- , authorizationSuccessParser : -- String -> Query.Parser AuthorizationSuccess -- , authorizationErrorParser : -- ErrorCode -> Query.Parser AuthorizationError -- } type alias Parsers error success = { tokenParser : Query.Parser (Maybe Token) , errorParser : Query.Parser (Maybe ErrorCode) , authorizationSuccessParser : String -> Query.Parser success , authorizationErrorParser : ErrorCode -> Query.Parser error }
-- defaultParsers : Parsers defaultParsers : Parsers AuthorizationError AuthorizationSuccess
-- parseTokenWith : Parsers -> Url -> AuthorizationResult parseTokenWith : Parsers error success -> Url -> AuthorizationResultWith error success
OAuth.AuthorizationCode - MAJOR
-
Added:
makeAuthorizationUrlWith : ResponseType -> Dict String String -> Authorization -> Url
makeTokenRequestWith : OAuth.GrantType -> Json.Decoder success -> Dict String String -> (Result Http.Error success -> msg) -> Authentication -> RequestParts msg
-
Changed:
-- type AuthorizationResult -- = Empty -- | Error AuthorizationError -- | Success AuthorizationSuccess type alias AuthorizationResult = AuthorizationResultWith AuthorizationError AuthorizationSuccess type AuthorizationResultWith error success = Empty | Error error | Success success
-- type alias Parsers = -- { codeParser : -- Query.Parser (Maybe String) -- , errorParser : -- Query.Parser (Maybe ErrorCode) -- , authorizationSuccessParser : -- String -> Query.Parser AuthorizationSuccess -- , authorizationErrorParser : -- ErrorCode -> Query.Parser AuthorizationError -- } type alias Parsers error success = { codeParser : Query.Parser (Maybe String) , errorParser : Query.Parser (Maybe ErrorCode) , authorizationSuccessParser : String -> Query.Parser success , authorizationErrorParser : ErrorCode -> Query.Parser error }
-- defaultParsers : Parsers defaultParsers : Parsers AuthorizationError AuthorizationSuccess
-- parseCodeWith : Parsers -> Url -> AuthorizationResult parseCodeWith : Parsers error success -> Url -> AuthorizationResultWith error success
OAuth.AuthorizationCode.PKCE - MAJOR
-
Added:
makeAuthorizationUrlWith : ResponseType -> Dict String String -> Authorization -> Url
makeTokenRequestWith : OAuth.GrantType -> Json.Decoder success -> Dict String String -> (Result Http.Error success -> msg) -> Authentication -> RequestParts msg
-
Changed:
-- type AuthorizationResult -- = Empty -- | Error AuthorizationError -- | Success AuthorizationSuccess type alias AuthorizationResult = AuthorizationResultWith AuthorizationError AuthorizationSuccess type AuthorizationResultWith error success = Empty | Error error | Success success
-- type alias Parsers = -- { codeParser : -- Query.Parser (Maybe String) -- , errorParser : -- Query.Parser (Maybe ErrorCode) -- , authorizationSuccessParser : -- String -> Query.Parser AuthorizationSuccess -- , authorizationErrorParser : -- ErrorCode -> Query.Parser AuthorizationError -- } type alias Parsers error success = { codeParser : Query.Parser (Maybe String) , errorParser : Query.Parser (Maybe ErrorCode) , authorizationSuccessParser : String -> Query.Parser success , authorizationErrorParser : ErrorCode -> Query.Parser error }
-- defaultParsers : Parsers defaultParsers : Parsers AuthorizationError AuthorizationSuccess
-- parseCodeWith : Parsers -> Url -> AuthorizationResult parseCodeWith : Parsers error success -> Url -> AuthorizationResultWith error success
OAuth.ClientCredentials - MINOR
-
Added:
makeTokenRequestWith : GrantType -> Json.Decoder success -> Dict String String -> (Result Http.Error success -> msg) -> Authentication -> RequestParts msg
OAuth.Password - MINOR
-
Added:
makeTokenRequestWith : GrantType -> Json.Decoder success -> Dict String String -> (Result Http.Error success -> msg) -> Authentication -> RequestParts msg
OAuth.Refresh - MINOR
-
Added:
makeTokenRequestWith : GrantType -> Json.Decoder success -> Dict String String -> (Result Http.Error success -> msg) -> Authentication -> RequestParts msg
`ivadzy/bbase64` dependency update
- Updated dependency
ivadzy/bbase64@1.1.1renamed aschelovek0v/bbase64@1.0.1
PKCE
Diff
---- ADDED MODULES - MINOR ----
OAuth.AuthorizationCode.PKCE
---- OAuth.AuthorizationCode - MAJOR ----
Added:
type alias AuthorizationCode = String.String
Changed:
- type alias AuthorizationSuccess =
{ code : String, state : Maybe String }
+ type alias AuthorizationSuccess =
{ code : OAuth.AuthorizationCode.AuthorizationCode
, state : Maybe.Maybe String.String
}Commits
-
f1f648a add support for RFC7636 - Proof Key for Code Exchange
Auth 2.0 public clients utilizing the Authorization Code Grant are
susceptible to the authorization code interception attack. This
specification describes the attack as well as a technique to mitigate against
the threat through the use of Proof Key for Code Exchange (PKCE, pronounced
"pixy"). -
3dc3c9d remove double dependency on base64 and favor only one
-
6199c78 several doc revision on all grants (diagrams, type description etc ...)
-
0d969a0 put PKCE as recommended in README and start reviewing demos / guides
-
b712fcd rework examples
- Add auth0 example with authorization code and PKCE support
- Add facebook example
- Make them more readable and avoid unrelated code in examples
- Add README to summarize information
-
68383cf revise deployment scripts, in particular examples
5.0.0
4.0.1
4.0.0
3.0.0
- (3a60354) Upgrade
src/toelm@0.19 - (ef85924) Upgrade
examples/implicittoelm@0.19 - (88f27a7) Remove
examples/authorization_code - (7ce7c82) Change
StringtoUrlforAuthorization.urlAuthorization.redirectUriAuthentication#AuthorizationCode.redirectUriAuthentication#AuthorizationCode.urlAuthentication#ClientCredentials.urlAuthentication#Password.urlAuthentication#Refresh.url
- (912197c) Expose
lenientResponseDecoderfromOAuth.Decode