-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | OAuth 2.0 authentication plugins
--   
--   Library to authenticate with OAuth 2.0 for Yesod web applications.
@package yesod-auth-oauth2
@version 0.6.1.1

module URI.ByteString.Extension
fromText :: Text -> Maybe URI
unsafeFromText :: Text -> URI
toText :: URI -> Text
fromRelative :: Scheme -> Host -> RelativeRef -> URI
withHost :: URIRef a -> Host -> URIRef a
withPath :: URIRef a -> ByteString -> URIRef a
withQuery :: URIRef a -> [(ByteString, ByteString)] -> URIRef a
instance Data.String.IsString URI.ByteString.Types.Scheme
instance Data.String.IsString URI.ByteString.Types.Host
instance Data.String.IsString (URI.ByteString.Types.URIRef URI.ByteString.Types.Absolute)
instance Data.String.IsString (URI.ByteString.Types.URIRef URI.ByteString.Types.Relative)


-- | OAuth callback error response
--   
--   <a>https://tools.ietf.org/html/rfc6749#section-4.1.2.1</a>
module Yesod.Auth.OAuth2.ErrorResponse
data ErrorResponse
ErrorResponse :: ErrorName -> Maybe Text -> Maybe Text -> ErrorResponse
[erName] :: ErrorResponse -> ErrorName
[erDescription] :: ErrorResponse -> Maybe Text
[erURI] :: ErrorResponse -> Maybe Text

-- | Textual value suitable for display to a User
erUserMessage :: ErrorResponse -> Text
data ErrorName
InvalidRequest :: ErrorName
UnauthorizedClient :: ErrorName
AccessDenied :: ErrorName
UnsupportedResponseType :: ErrorName
InvalidScope :: ErrorName
ServerError :: ErrorName
TemporarilyUnavailable :: ErrorName
Unknown :: Text -> ErrorName

-- | Check query parameters for an error, if found run the given action
--   
--   The action is expected to use a short-circuit response function like
--   <tt><tt>permissionDenied</tt></tt>, hence this returning <tt>()</tt>.
onErrorResponse :: MonadHandler m => (ErrorResponse -> m a) -> m ()
unknownError :: Text -> ErrorResponse
instance GHC.Show.Show Yesod.Auth.OAuth2.ErrorResponse.ErrorResponse
instance GHC.Show.Show Yesod.Auth.OAuth2.ErrorResponse.ErrorName

module Yesod.Auth.OAuth2.Exception
data YesodOAuth2Exception

-- | HTTP error during OAuth2 handshake
--   
--   Plugin name and JSON-encoded <tt>OAuth2Error</tt> from
--   <tt>hoauth2</tt>.
OAuth2Error :: Text -> ByteString -> YesodOAuth2Exception

-- | User profile was not as expected
--   
--   Plugin name and Aeson parse error message.
JSONDecodingError :: Text -> String -> YesodOAuth2Exception

-- | Other error conditions
--   
--   Plugin name and error message.
GenericError :: Text -> String -> YesodOAuth2Exception
instance GHC.Show.Show Yesod.Auth.OAuth2.Exception.YesodOAuth2Exception
instance GHC.Exception.Type.Exception Yesod.Auth.OAuth2.Exception.YesodOAuth2Exception

module Yesod.Auth.OAuth2.Dispatch

-- | How to take an <tt><a>OAuth2Token</a></tt> and retrieve user
--   credentials
type FetchCreds m = Manager -> OAuth2Token -> IO (Creds m)

-- | Dispatch the various OAuth2 handshake routes
dispatchAuthRequest :: Text -> OAuth2 -> FetchCreds m -> Text -> [Text] -> AuthHandler m TypedContent


-- | Generic OAuth2 plugin for Yesod
--   
--   See <tt><a>Yesod.Auth.OAuth2.GitHub</a></tt> for example usage.
module Yesod.Auth.OAuth2

-- | Query Parameter Representation
data OAuth2
OAuth2 :: Text -> Text -> URI -> URI -> Maybe URI -> OAuth2
[oauthClientId] :: OAuth2 -> Text
[oauthClientSecret] :: OAuth2 -> Text
[oauthOAuthorizeEndpoint] :: OAuth2 -> URI
[oauthAccessTokenEndpoint] :: OAuth2 -> URI
[oauthCallback] :: OAuth2 -> Maybe URI

-- | How to take an <tt><a>OAuth2Token</a></tt> and retrieve user
--   credentials
type FetchCreds m = Manager -> OAuth2Token -> IO (Creds m)

-- | Keeps track of open connections for keep-alive.
--   
--   If possible, you should share a single <a>Manager</a> between multiple
--   threads and requests.
--   
--   Since 0.1.0
data Manager

-- | The gained Access Token. Use <tt>Data.Aeson.decode</tt> to decode
--   string to <tt>AccessToken</tt>. The <tt>refreshToken</tt> is special
--   in some cases, e.g.
--   <a>https://developers.google.com/accounts/docs/OAuth2</a>
data OAuth2Token
OAuth2Token :: AccessToken -> Maybe RefreshToken -> Maybe Int -> Maybe Text -> Maybe IdToken -> OAuth2Token
[accessToken] :: OAuth2Token -> AccessToken
[refreshToken] :: OAuth2Token -> Maybe RefreshToken
[expiresIn] :: OAuth2Token -> Maybe Int
[tokenType] :: OAuth2Token -> Maybe Text
[idToken] :: OAuth2Token -> Maybe IdToken

-- | User credentials
data Creds master
Creds :: Text -> Text -> [(Text, Text)] -> Creds master

-- | How the user was authenticated
[credsPlugin] :: Creds master -> Text

-- | Identifier. Exact meaning depends on plugin.
[credsIdent] :: Creds master -> Text
[credsExtra] :: Creds master -> [(Text, Text)]
oauth2Url :: Text -> AuthRoute

-- | Create an <tt><a>AuthPlugin</a></tt> for the given OAuth2 provider
--   
--   Presents a generic <tt>"Login via #{name}"</tt> link
authOAuth2 :: YesodAuth m => Text -> OAuth2 -> FetchCreds m -> AuthPlugin m

-- | Create an <tt><a>AuthPlugin</a></tt> for the given OAuth2 provider
--   
--   Allows passing a custom widget for the login link. See
--   <tt><tt>oauth2Eve</tt></tt> for an example.
authOAuth2Widget :: YesodAuth m => WidgetFor m () -> Text -> OAuth2 -> FetchCreds m -> AuthPlugin m

-- | Read the <tt><a>AccessToken</a></tt> from the values set via
--   <tt><tt>setExtra</tt></tt>
getAccessToken :: Creds m -> Maybe AccessToken

-- | Read the <tt><a>RefreshToken</a></tt> from the values set via
--   <tt><tt>setExtra</tt></tt>
--   
--   N.B. not all providers supply this value.
getRefreshToken :: Creds m -> Maybe RefreshToken

-- | Read the original profile response from the values set via
--   <tt><tt>setExtra</tt></tt>
getUserResponse :: Creds m -> Maybe ByteString

-- | <tt><a>getUserResponse</a></tt>, and decode as JSON
getUserResponseJSON :: FromJSON a => Creds m -> Either String a


-- | Modules and support functions required by most or all provider
--   implementations. May also be useful for writing local providers.
module Yesod.Auth.OAuth2.Prelude

-- | Retrieve a user's profile as JSON
--   
--   The response should be parsed only far enough to read the required
--   <tt><a>credsIdent</a></tt>. Additional information should either be
--   re-parsed by or fetched via additional requests by consumers.
authGetProfile :: FromJSON a => Text -> Manager -> OAuth2Token -> URI -> IO (a, ByteString)

-- | A tuple of <tt>"scope"</tt> and the given scopes separated by a
--   delimiter
scopeParam :: Text -> [Text] -> (ByteString, ByteString)

-- | Construct part of <tt><a>credsExtra</a></tt>
--   
--   Always the following keys:
--   
--   <ul>
--   <li><tt>accessToken</tt>: to support follow-up requests</li>
--   <li><tt>userResponse</tt>: to support getting additional
--   information</li>
--   </ul>
--   
--   May set the following keys:
--   
--   <ul>
--   <li><tt>refreshToken</tt>: if the provider supports refreshing the
--   <tt>accessToken</tt></li>
--   </ul>
setExtra :: OAuth2Token -> ByteString -> [(Text, Text)]

-- | A space efficient, packed, unboxed Unicode text type.
data Text

-- | Decode a <a>ByteString</a> containing UTF-8 encoded text that is known
--   to be valid.
--   
--   If the input contains any invalid UTF-8 data, an exception will be
--   thrown that cannot be caught in pure code. For more control over the
--   handling of invalid data, use <a>decodeUtf8'</a> or
--   <a>decodeUtf8With</a>.
decodeUtf8 :: ByteString -> Text

-- | Encode text using UTF-8 encoding.
encodeUtf8 :: Text -> ByteString

-- | Retrieve the value associated with the given key of an <a>Object</a>.
--   The result is <tt>empty</tt> if the key is not present or the value
--   cannot be converted to the desired type.
--   
--   This accessor is appropriate if the key and value <i>must</i> be
--   present in an object for it to be valid. If the key and value are
--   optional, use <a>.:?</a> instead.
(.:) :: FromJSON a => Object -> Text -> Parser a

-- | Retrieve the value associated with the given key of an <a>Object</a>.
--   The result is <a>Nothing</a> if the key is not present or if its value
--   is <a>Null</a>, or <tt>empty</tt> if the value cannot be converted to
--   the desired type.
--   
--   This accessor is most useful if the key and value can be absent from
--   an object without affecting its validity. If the key and value are
--   mandatory, use <a>.:</a> instead.
(.:?) :: FromJSON a => Object -> Text -> Parser (Maybe a)
(.=) :: (KeyValue kv, ToJSON v) => Text -> v -> kv
infixr 8 .=

-- | An associative operation.
(<>) :: Semigroup a => a -> a -> a
infixr 6 <>

-- | A type that can be converted from JSON, with the possibility of
--   failure.
--   
--   In many cases, you can get the compiler to generate parsing code for
--   you (see below). To begin, let's cover writing an instance by hand.
--   
--   There are various reasons a conversion could fail. For example, an
--   <a>Object</a> could be missing a required key, an <a>Array</a> could
--   be of the wrong size, or a value could be of an incompatible type.
--   
--   The basic ways to signal a failed conversion are as follows:
--   
--   <ul>
--   <li><tt>empty</tt> and <tt>mzero</tt> work, but are terse and
--   uninformative;</li>
--   <li><a>fail</a> yields a custom error message;</li>
--   <li><a>typeMismatch</a> produces an informative message for cases when
--   the value encountered is not of the expected type.</li>
--   </ul>
--   
--   An example type and instance using <a>typeMismatch</a>:
--   
--   <pre>
--   -- Allow ourselves to write <a>Text</a> literals.
--   {-# LANGUAGE OverloadedStrings #-}
--   
--   data Coord = Coord { x :: Double, y :: Double }
--   
--   instance <a>FromJSON</a> Coord where
--       <a>parseJSON</a> (<a>Object</a> v) = Coord
--           <a>&lt;$&gt;</a> v <a>.:</a> "x"
--           <a>&lt;*&gt;</a> v <a>.:</a> "y"
--   
--       -- We do not expect a non-<a>Object</a> value here.
--       -- We could use <tt>mzero</tt> to fail, but <a>typeMismatch</a>
--       -- gives a much more informative error message.
--       <a>parseJSON</a> invalid    = <a>typeMismatch</a> "Coord" invalid
--   </pre>
--   
--   For this common case of only being concerned with a single type of
--   JSON value, the functions <a>withObject</a>, <tt>withNumber</tt>, etc.
--   are provided. Their use is to be preferred when possible, since they
--   are more terse. Using <a>withObject</a>, we can rewrite the above
--   instance (assuming the same language extension and data type) as:
--   
--   <pre>
--   instance <a>FromJSON</a> Coord where
--       <a>parseJSON</a> = <a>withObject</a> "Coord" $ \v -&gt; Coord
--           <a>&lt;$&gt;</a> v <a>.:</a> "x"
--           <a>&lt;*&gt;</a> v <a>.:</a> "y"
--   </pre>
--   
--   Instead of manually writing your <a>FromJSON</a> instance, there are
--   two options to do it automatically:
--   
--   <ul>
--   <li><a>Data.Aeson.TH</a> provides Template Haskell functions which
--   will derive an instance at compile time. The generated instance is
--   optimized for your type so it will probably be more efficient than the
--   following option.</li>
--   <li>The compiler can provide a default generic implementation for
--   <a>parseJSON</a>.</li>
--   </ul>
--   
--   To use the second, simply add a <tt>deriving <a>Generic</a></tt>
--   clause to your datatype and declare a <a>FromJSON</a> instance for
--   your datatype without giving a definition for <a>parseJSON</a>.
--   
--   For example, the previous example can be simplified to just:
--   
--   <pre>
--   {-# LANGUAGE DeriveGeneric #-}
--   
--   import <a>GHC.Generics</a>
--   
--   data Coord = Coord { x :: Double, y :: Double } deriving <a>Generic</a>
--   
--   instance <a>FromJSON</a> Coord
--   </pre>
--   
--   The default implementation will be equivalent to <tt>parseJSON =
--   <a>genericParseJSON</a> <a>defaultOptions</a></tt>; If you need
--   different options, you can customize the generic decoding by defining:
--   
--   <pre>
--   customOptions = <a>defaultOptions</a>
--                   { <a>fieldLabelModifier</a> = <a>map</a> <a>toUpper</a>
--                   }
--   
--   instance <a>FromJSON</a> Coord where
--       <a>parseJSON</a> = <a>genericParseJSON</a> customOptions
--   </pre>
class FromJSON a
parseJSON :: FromJSON a => Value -> Parser a
parseJSONList :: FromJSON a => Value -> Parser [a]

-- | A type that can be converted to JSON.
--   
--   Instances in general <i>must</i> specify <a>toJSON</a> and
--   <i>should</i> (but don't need to) specify <a>toEncoding</a>.
--   
--   An example type and instance:
--   
--   <pre>
--   -- Allow ourselves to write <a>Text</a> literals.
--   {-# LANGUAGE OverloadedStrings #-}
--   
--   data Coord = Coord { x :: Double, y :: Double }
--   
--   instance <a>ToJSON</a> Coord where
--     <a>toJSON</a> (Coord x y) = <a>object</a> ["x" <a>.=</a> x, "y" <a>.=</a> y]
--   
--     <a>toEncoding</a> (Coord x y) = <tt>pairs</tt> ("x" <a>.=</a> x <a>&lt;&gt;</a> "y" <a>.=</a> y)
--   </pre>
--   
--   Instead of manually writing your <a>ToJSON</a> instance, there are two
--   options to do it automatically:
--   
--   <ul>
--   <li><a>Data.Aeson.TH</a> provides Template Haskell functions which
--   will derive an instance at compile time. The generated instance is
--   optimized for your type so it will probably be more efficient than the
--   following option.</li>
--   <li>The compiler can provide a default generic implementation for
--   <a>toJSON</a>.</li>
--   </ul>
--   
--   To use the second, simply add a <tt>deriving <a>Generic</a></tt>
--   clause to your datatype and declare a <a>ToJSON</a> instance. If you
--   require nothing other than <a>defaultOptions</a>, it is sufficient to
--   write (and this is the only alternative where the default
--   <a>toJSON</a> implementation is sufficient):
--   
--   <pre>
--   {-# LANGUAGE DeriveGeneric #-}
--   
--   import <a>GHC.Generics</a>
--   
--   data Coord = Coord { x :: Double, y :: Double } deriving <a>Generic</a>
--   
--   instance <a>ToJSON</a> Coord where
--       <a>toEncoding</a> = <a>genericToEncoding</a> <a>defaultOptions</a>
--   </pre>
--   
--   If on the other hand you wish to customize the generic decoding, you
--   have to implement both methods:
--   
--   <pre>
--   customOptions = <a>defaultOptions</a>
--                   { <a>fieldLabelModifier</a> = <a>map</a> <a>toUpper</a>
--                   }
--   
--   instance <a>ToJSON</a> Coord where
--       <a>toJSON</a>     = <a>genericToJSON</a> customOptions
--       <a>toEncoding</a> = <a>genericToEncoding</a> customOptions
--   </pre>
--   
--   Previous versions of this library only had the <a>toJSON</a> method.
--   Adding <a>toEncoding</a> had two reasons:
--   
--   <ol>
--   <li>toEncoding is more efficient for the common case that the output
--   of <a>toJSON</a> is directly serialized to a <tt>ByteString</tt>.
--   Further, expressing either method in terms of the other would be
--   non-optimal.</li>
--   <li>The choice of defaults allows a smooth transition for existing
--   users: Existing instances that do not define <a>toEncoding</a> still
--   compile and have the correct semantics. This is ensured by making the
--   default implementation of <a>toEncoding</a> use <a>toJSON</a>. This
--   produces correct results, but since it performs an intermediate
--   conversion to a <a>Value</a>, it will be less efficient than directly
--   emitting an <a>Encoding</a>. (this also means that specifying nothing
--   more than <tt>instance ToJSON Coord</tt> would be sufficient as a
--   generically decoding instance, but there probably exists no good
--   reason to not specify <a>toEncoding</a> in new instances.)</li>
--   </ol>
class ToJSON a

-- | Convert a Haskell value to a JSON-friendly intermediate type.
toJSON :: ToJSON a => a -> Value

-- | Encode a Haskell value as JSON.
--   
--   The default implementation of this method creates an intermediate
--   <a>Value</a> using <a>toJSON</a>. This provides source-level
--   compatibility for people upgrading from older versions of this
--   library, but obviously offers no performance advantage.
--   
--   To benefit from direct encoding, you <i>must</i> provide an
--   implementation for this method. The easiest way to do so is by having
--   your types implement <a>Generic</a> using the <tt>DeriveGeneric</tt>
--   extension, and then have GHC generate a method body as follows.
--   
--   <pre>
--   instance <a>ToJSON</a> Coord where
--       <a>toEncoding</a> = <a>genericToEncoding</a> <a>defaultOptions</a>
--   </pre>
toEncoding :: ToJSON a => a -> Encoding
toJSONList :: ToJSON a => [a] -> Value
toEncodingList :: ToJSON a => [a] -> Encoding

-- | Like <a>decode</a> but returns an error message when decoding fails.
eitherDecode :: FromJSON a => ByteString -> Either String a

-- | <tt><a>withObject</a> expected f value</tt> applies <tt>f</tt> to the
--   <a>Object</a> when <tt>value</tt> is an <a>Object</a> and fails using
--   <tt><a>typeMismatch</a> expected</tt> otherwise.
withObject :: () => String -> (Object -> Parser a) -> Value -> Parser a

-- | Synonym for <a>throw</a>
throwIO :: (MonadThrow m, Exception e) => e -> m a

-- | Query Parameter Representation
data OAuth2
OAuth2 :: Text -> Text -> URI -> URI -> Maybe URI -> OAuth2
[oauthClientId] :: OAuth2 -> Text
[oauthClientSecret] :: OAuth2 -> Text
[oauthOAuthorizeEndpoint] :: OAuth2 -> URI
[oauthAccessTokenEndpoint] :: OAuth2 -> URI
[oauthCallback] :: OAuth2 -> Maybe URI

-- | The gained Access Token. Use <tt>Data.Aeson.decode</tt> to decode
--   string to <tt>AccessToken</tt>. The <tt>refreshToken</tt> is special
--   in some cases, e.g.
--   <a>https://developers.google.com/accounts/docs/OAuth2</a>
data OAuth2Token
OAuth2Token :: AccessToken -> Maybe RefreshToken -> Maybe Int -> Maybe Text -> Maybe IdToken -> OAuth2Token
[accessToken] :: OAuth2Token -> AccessToken
[refreshToken] :: OAuth2Token -> Maybe RefreshToken
[expiresIn] :: OAuth2Token -> Maybe Int
[tokenType] :: OAuth2Token -> Maybe Text
[idToken] :: OAuth2Token -> Maybe IdToken
newtype AccessToken
AccessToken :: Text -> AccessToken
[atoken] :: AccessToken -> Text
newtype RefreshToken
RefreshToken :: Text -> RefreshToken
[rtoken] :: RefreshToken -> Text

-- | Keeps track of open connections for keep-alive.
--   
--   If possible, you should share a single <a>Manager</a> between multiple
--   threads and requests.
--   
--   Since 0.1.0
data Manager
class (Yesod master, PathPiece AuthId master, RenderMessage master FormMessage) => YesodAuth master where {
    type family AuthId master :: Type;
}

-- | specify the layout. Uses defaultLayout by default
authLayout :: (YesodAuth master, MonadHandler m, HandlerSite m ~ master) => WidgetFor master () -> m Html

-- | Default destination on successful login, if no other destination
--   exists.
loginDest :: YesodAuth master => master -> Route master

-- | Default destination on successful logout, if no other destination
--   exists.
logoutDest :: YesodAuth master => master -> Route master

-- | Perform authentication based on the given credentials.
--   
--   Default implementation is in terms of <tt><a>getAuthId</a></tt>
--   
--   @since: 1.4.4
authenticate :: (YesodAuth master, MonadHandler m, HandlerSite m ~ master) => Creds master -> m (AuthenticationResult master)

-- | Determine the ID associated with the set of credentials.
--   
--   Default implementation is in terms of <tt><a>authenticate</a></tt>
getAuthId :: (YesodAuth master, MonadHandler m, HandlerSite m ~ master) => Creds master -> m (Maybe (AuthId master))

-- | Which authentication backends to use.
authPlugins :: YesodAuth master => master -> [AuthPlugin master]

-- | What to show on the login page.
--   
--   By default this calls <a>defaultLoginHandler</a>, which concatenates
--   plugin widgets and wraps the result in <a>authLayout</a>. Override if
--   you need fancy widget containers, additional functionality, or an
--   entirely custom page. For example, in some applications you may want
--   to prevent the login page being displayed for a user who is already
--   logged in, even if the URL is visited explicitly; this can be done by
--   overriding <a>loginHandler</a> in your instance declaration with
--   something like:
--   
--   <pre>
--   instance YesodAuth App where
--       ...
--       loginHandler = do
--           ma &lt;- lift maybeAuthId
--           when (isJust ma) $
--               lift $ redirect HomeR   -- or any other Handler code you want
--           defaultLoginHandler
--   </pre>
loginHandler :: YesodAuth master => AuthHandler master Html

-- | Used for i18n of messages provided by this package.
renderAuthMessage :: YesodAuth master => master -> [Text] -> AuthMessage -> Text

-- | After login and logout, redirect to the referring page, instead of
--   <a>loginDest</a> and <a>logoutDest</a>. Default is <a>False</a>.
redirectToReferer :: YesodAuth master => master -> Bool

-- | When being redirected to the login page should the current page be set
--   to redirect back to. Default is <a>True</a>.
redirectToCurrent :: YesodAuth master => master -> Bool

-- | Return an HTTP connection manager that is stored in the foundation
--   type. This allows backends to reuse persistent connections. If none of
--   the backends you're using use HTTP connections, you can safely return
--   <tt>error "authHttpManager"</tt> here.
authHttpManager :: (YesodAuth master, MonadHandler m, HandlerSite m ~ master) => m Manager

-- | Called on a successful login. By default, calls <tt>addMessageI
--   "success" NowLoggedIn</tt>.
onLogin :: (YesodAuth master, MonadHandler m, master ~ HandlerSite m) => m ()

-- | Called on logout. By default, does nothing
onLogout :: (YesodAuth master, MonadHandler m, master ~ HandlerSite m) => m ()

-- | Retrieves user credentials, if user is authenticated.
--   
--   By default, this calls <a>defaultMaybeAuthId</a> to get the user ID
--   from the session. This can be overridden to allow authentication via
--   other means, such as checking for a special token in a request header.
--   This is especially useful for creating an API to be accessed via some
--   means other than a browser.
maybeAuthId :: (YesodAuth master, MonadHandler m, master ~ HandlerSite m) => m (Maybe (AuthId master))

-- | Called on login error for HTTP requests. By default, calls
--   <tt>addMessage</tt> with "error" as status and redirects to
--   <tt>dest</tt>.
onErrorHtml :: (YesodAuth master, MonadHandler m, HandlerSite m ~ master) => Route master -> Text -> m Html

-- | runHttpRequest gives you a chance to handle an HttpException and retry
--   The default behavior is to simply execute the request which will throw
--   an exception on failure
--   
--   The HTTP <a>Request</a> is given in case it is useful to change
--   behavior based on inspecting the request. This is an experimental API
--   that is not broadly used throughout the yesod-auth code base
runHttpRequest :: (YesodAuth master, MonadHandler m, HandlerSite m ~ master, MonadUnliftIO m) => Request -> (Response BodyReader -> m a) -> m a
data AuthPlugin master
AuthPlugin :: Text -> (Method -> [Piece] -> AuthHandler master TypedContent) -> ((Route Auth -> Route master) -> WidgetFor master ()) -> AuthPlugin master
[apName] :: AuthPlugin master -> Text
[apDispatch] :: AuthPlugin master -> Method -> [Piece] -> AuthHandler master TypedContent
[apLogin] :: AuthPlugin master -> (Route Auth -> Route master) -> WidgetFor master ()

-- | User credentials
data Creds master
Creds :: Text -> Text -> [(Text, Text)] -> Creds master

-- | How the user was authenticated
[credsPlugin] :: Creds master -> Text

-- | Identifier. Exact meaning depends on plugin.
[credsIdent] :: Creds master -> Text
[credsExtra] :: Creds master -> [(Text, Text)]
type URI = URIRef Absolute
newtype Host
Host :: ByteString -> Host
[hostBS] :: Host -> ByteString

-- | Create an <tt><a>AuthPlugin</a></tt> for the given OAuth2 provider
--   
--   Presents a generic <tt>"Login via #{name}"</tt> link
authOAuth2 :: YesodAuth m => Text -> OAuth2 -> FetchCreds m -> AuthPlugin m

-- | Create an <tt><a>AuthPlugin</a></tt> for the given OAuth2 provider
--   
--   Allows passing a custom widget for the login link. See
--   <tt><tt>oauth2Eve</tt></tt> for an example.
authOAuth2Widget :: YesodAuth m => WidgetFor m () -> Text -> OAuth2 -> FetchCreds m -> AuthPlugin m

module Yesod.Auth.OAuth2.Nylas
oauth2Nylas :: YesodAuth m => Text -> Text -> AuthPlugin m
instance Data.Aeson.Types.FromJSON.FromJSON Yesod.Auth.OAuth2.Nylas.User


-- | OAuth2 plugin for <a>http://www.google.com</a>
--   
--   <ul>
--   <li>Authenticates against Google</li>
--   <li>Uses Google user id as credentials identifier</li>
--   </ul>
--   
--   If you were previously relying on email as the creds identifier, you
--   can still do that (and more) by overriding it in the creds returned by
--   the plugin with any value read out of the new <tt>userResponse</tt>
--   key in <tt><a>credsExtra</a></tt>.
--   
--   For example:
--   
--   <pre>
--   data User = User { userEmail :: Text }
--   
--   instance FromJSON User where -- you know...
--   
--   authenticate creds = do
--       -- 'getUserResponseJSON' provided by "Yesod.Auth.OAuth" module
--       let Right email = userEmail &lt;$&gt; getUserResponseJSON creds
--           updatedCreds = creds { credsIdent = email }
--   
--       -- continue normally with updatedCreds
--   </pre>
module Yesod.Auth.OAuth2.Google
oauth2Google :: YesodAuth m => Text -> Text -> AuthPlugin m
oauth2GoogleScoped :: YesodAuth m => [Text] -> Text -> Text -> AuthPlugin m
instance Data.Aeson.Types.FromJSON.FromJSON Yesod.Auth.OAuth2.Google.User

module Yesod.Auth.OAuth2.GitLab

-- | Authorize with <tt>gitlab.com</tt> and <tt>["read_user"]</tt>
--   
--   To customize either of these values, use
--   <tt><a>oauth2GitLabHostScopes</a></tt> and pass the default for the
--   argument not being customized. Note that we require at least
--   <tt>read_user</tt>, so we can request the credentials identifier.
--   
--   <pre>
--   oauth2GitLabHostScopes defaultHost ["api", "read_user"]
--   oauth2GitLabHostScopes "https://gitlab.example.com" defaultScopes
--   </pre>
oauth2GitLab :: YesodAuth m => Text -> Text -> AuthPlugin m
oauth2GitLabHostScopes :: YesodAuth m => URI -> [Text] -> Text -> Text -> AuthPlugin m
defaultHost :: URI
defaultScopes :: [Text]
instance Data.Aeson.Types.FromJSON.FromJSON Yesod.Auth.OAuth2.GitLab.User


-- | OAuth2 plugin for <a>http://github.com</a>
--   
--   <ul>
--   <li>Authenticates against github</li>
--   <li>Uses github user id as credentials identifier</li>
--   </ul>
module Yesod.Auth.OAuth2.GitHub
oauth2GitHub :: YesodAuth m => Text -> Text -> AuthPlugin m
oauth2GitHubScoped :: YesodAuth m => [Text] -> Text -> Text -> AuthPlugin m
instance Data.Aeson.Types.FromJSON.FromJSON Yesod.Auth.OAuth2.GitHub.User


-- | OAuth2 plugin for <a>http://eveonline.com</a>
--   
--   <ul>
--   <li>Authenticates against eveonline</li>
--   <li>Uses EVEs unique account-user-char-hash as credentials
--   identifier</li>
--   </ul>
module Yesod.Auth.OAuth2.EveOnline
oauth2Eve :: YesodAuth m => WidgetType m -> Text -> Text -> AuthPlugin m
oauth2EveScoped :: YesodAuth m => [Text] -> WidgetType m -> Text -> Text -> AuthPlugin m
data WidgetType m

-- | Simple "Login via eveonline" text
Plain :: WidgetType m
BigWhite :: WidgetType m
SmallWhite :: WidgetType m
BigBlack :: WidgetType m
SmallBlack :: WidgetType m
Custom :: WidgetFor m () -> WidgetType m
instance Data.Aeson.Types.FromJSON.FromJSON Yesod.Auth.OAuth2.EveOnline.User


-- | OAuth2 plugin for <a>http://bitbucket.com</a>
--   
--   <ul>
--   <li>Authenticates against bitbucket</li>
--   <li>Uses bitbucket uuid as credentials identifier</li>
--   </ul>
module Yesod.Auth.OAuth2.Bitbucket
oauth2Bitbucket :: YesodAuth m => Text -> Text -> AuthPlugin m
oauth2BitbucketScoped :: YesodAuth m => [Text] -> Text -> Text -> AuthPlugin m
instance Data.Aeson.Types.FromJSON.FromJSON Yesod.Auth.OAuth2.Bitbucket.User


-- | OAuth2 plugin for Battle.Net
--   
--   <ul>
--   <li>Authenticates against battle.net.</li>
--   <li>Uses user's id as credentials identifier.</li>
--   <li>Returns user's battletag in extras.</li>
--   </ul>
module Yesod.Auth.OAuth2.BattleNet
oauth2BattleNet :: YesodAuth m => WidgetFor m () -> Text -> Text -> Text -> AuthPlugin m

-- | <i>Deprecated: Use oauth2BattleNet</i>
oAuth2BattleNet :: YesodAuth m => Text -> Text -> Text -> WidgetFor m () -> AuthPlugin m
instance Data.Aeson.Types.FromJSON.FromJSON Yesod.Auth.OAuth2.BattleNet.User


-- | OAuth2 plugin for Azure AD.
--   
--   <ul>
--   <li>Authenticates against Azure AD</li>
--   <li>Uses email as credentials identifier</li>
--   </ul>
module Yesod.Auth.OAuth2.AzureAD
oauth2AzureAD :: YesodAuth m => Text -> Text -> AuthPlugin m
oauth2AzureADScoped :: YesodAuth m => [Text] -> Text -> Text -> AuthPlugin m
instance Data.Aeson.Types.FromJSON.FromJSON Yesod.Auth.OAuth2.AzureAD.User


-- | OAuth2 plugin for <a>http://login.salesforce.com</a>
--   
--   <ul>
--   <li>Authenticates against Salesforce (or sandbox)</li>
--   <li>Uses Salesforce user id as credentials identifier</li>
--   </ul>
module Yesod.Auth.OAuth2.Salesforce
oauth2Salesforce :: YesodAuth m => Text -> Text -> AuthPlugin m
oauth2SalesforceScoped :: YesodAuth m => [Text] -> Text -> Text -> AuthPlugin m
oauth2SalesforceSandbox :: YesodAuth m => Text -> Text -> AuthPlugin m
oauth2SalesforceSandboxScoped :: YesodAuth m => [Text] -> Text -> Text -> AuthPlugin m
instance Data.Aeson.Types.FromJSON.FromJSON Yesod.Auth.OAuth2.Salesforce.User


-- | OAuth2 plugin for <a>https://slack.com/</a>
--   
--   <ul>
--   <li>Authenticates against slack</li>
--   <li>Uses slack user id as credentials identifier</li>
--   </ul>
module Yesod.Auth.OAuth2.Slack
data SlackScope
SlackBasicScope :: SlackScope
SlackEmailScope :: SlackScope
SlackTeamScope :: SlackScope
SlackAvatarScope :: SlackScope
oauth2Slack :: YesodAuth m => Text -> Text -> AuthPlugin m
oauth2SlackScoped :: YesodAuth m => [SlackScope] -> Text -> Text -> AuthPlugin m
instance Data.Aeson.Types.FromJSON.FromJSON Yesod.Auth.OAuth2.Slack.User


-- | OAuth2 plugin for <a>http://spotify.com</a>
module Yesod.Auth.OAuth2.Spotify
oauth2Spotify :: YesodAuth m => [Text] -> Text -> Text -> AuthPlugin m
instance Data.Aeson.Types.FromJSON.FromJSON Yesod.Auth.OAuth2.Spotify.User


-- | OAuth2 plugin for <a>http://upcase.com</a>
--   
--   <ul>
--   <li>Authenticates against upcase</li>
--   <li>Uses upcase user id as credentials identifier</li>
--   </ul>
module Yesod.Auth.OAuth2.Upcase
oauth2Upcase :: YesodAuth m => Text -> Text -> AuthPlugin m
instance Data.Aeson.Types.FromJSON.FromJSON Yesod.Auth.OAuth2.Upcase.User
