MyNixOS website logo
Description

Provides Access Token for Services.

Access Token Provider supporting multiple provider backends, including OAuth2 Resource Owner Password Credentials Grant, file-based token access (e.g. for Kubernetes) and fetching tokens from the environment (e.g. for local testing). The package is configurable via environment variables.

Access Token Provider Hackage version Stackage version Build Status

This package provides a convenient retrieval mechanism for access tokens. Multiple provider backends, including OAuth2 Resource Owner Password Credentials Grant, file-based token access (e.g. for Kubernetes) and fetching tokens from the environment (e.g. for local testing) are supported; custom provider backends can easily be added.

Examples

import qualified Security.AccessTokenProvider as ATP

retrieveSomeToken :: IO ()
retrieveSomeToken = do
  tokenProvider <- ATP.new (AccessTokenName "token-name")
  token <- ATP.retrieveAccessToken tokenProvider
  print token

Configuration

Configuration is done by setting certain environment variables, depending on the provider.

OAuth2 based token retrieval

The OAuth2 (Resource Owner Password Credentials Grant) provider expects the ATP_CONF_ROPCG environment variable to contain a JSON object as follows:

{
  "credentials_directory": "/optional/credentials/directory",
  "auth_endpoint": "<OAuth2 authentication endpoint>",
  "tokens": {"token-name": {"scopes": ["first-scope", "second-scope"]}}
}

The credentials_directory setting defaults to the content of the environment variable CREDENTIALS_DIR. It is expected to contain the files user.json and client.json, containing the user and client credentials respectively.

File based token retrieval (e.g. for Kubernetes)

The file based provider expects the ATP_CONF_FILE environment variable to contain a JSON object as follows:

{
  "tokens": {"token-name": "/some/file/name"}
}

As a short cut, you can simply save a token path directly in the environment variable TOKEN_FILE.

Environment based token retrieval (e.g. for testing)

The file based provider expects the ATP_CONF_FIXED environment variable to contain a JSON object as follows:

{
  "tokens": {"token-name": "some-fixed-token"}
}
Metadata

Version

0.1.1.0

Platforms (77)

    Darwin
    FreeBSD
    Genode
    GHCJS
    Linux
    MMIXware
    NetBSD
    none
    OpenBSD
    Redox
    Solaris
    WASI
    Windows
Show all
  • aarch64-darwin
  • aarch64-freebsd
  • aarch64-genode
  • aarch64-linux
  • aarch64-netbsd
  • aarch64-none
  • aarch64-windows
  • aarch64_be-none
  • arm-none
  • armv5tel-linux
  • armv6l-linux
  • armv6l-netbsd
  • armv6l-none
  • armv7a-darwin
  • armv7a-linux
  • armv7a-netbsd
  • armv7l-linux
  • armv7l-netbsd
  • avr-none
  • i686-cygwin
  • i686-darwin
  • i686-freebsd
  • i686-genode
  • i686-linux
  • i686-netbsd
  • i686-none
  • i686-openbsd
  • i686-windows
  • javascript-ghcjs
  • loongarch64-linux
  • m68k-linux
  • m68k-netbsd
  • m68k-none
  • microblaze-linux
  • microblaze-none
  • microblazeel-linux
  • microblazeel-none
  • mips-linux
  • mips-none
  • mips64-linux
  • mips64-none
  • mips64el-linux
  • mipsel-linux
  • mipsel-netbsd
  • mmix-mmixware
  • msp430-none
  • or1k-none
  • powerpc-netbsd
  • powerpc-none
  • powerpc64-linux
  • powerpc64le-linux
  • powerpcle-none
  • riscv32-linux
  • riscv32-netbsd
  • riscv32-none
  • riscv64-linux
  • riscv64-netbsd
  • riscv64-none
  • rx-none
  • s390-linux
  • s390-none
  • s390x-linux
  • s390x-none
  • vc4-none
  • wasm32-wasi
  • wasm64-wasi
  • x86_64-cygwin
  • x86_64-darwin
  • x86_64-freebsd
  • x86_64-genode
  • x86_64-linux
  • x86_64-netbsd
  • x86_64-none
  • x86_64-openbsd
  • x86_64-redox
  • x86_64-solaris
  • x86_64-windows