google-oauth2-jwt 0.3.3 → 0.3.3.1
raw patch · 4 files changed
+39/−40 lines, 4 filesdep ~HsOpenSSLdep ~RSAdep ~basePVP ok
version bump matches the API change (PVP)
Dependency ranges changed: HsOpenSSL, RSA, base, base64-bytestring, bytestring, text
API changes (from Hackage documentation)
Files
- LICENSE +1/−1
- README.md +1/−1
- google-oauth2-jwt.cabal +14/−14
- src/Network/Google/OAuth2/JWT.hs +23/−24
LICENSE view
@@ -1,4 +1,4 @@-google-oauth2-jwt - Copyright Michel Boucey (c) 2016-2017+google-oauth2-jwt - Copyright Michel Boucey (c) 2016-2024 All rights reserved.
README.md view
@@ -1,4 +1,4 @@-# Google-oauth2-jwt [](https://travis-ci.org/MichelBoucey/google-oauth2-jwt)+# Google-oauth2-jwt  Google-oauth2-jwt implements the creation of the signed JWT for Google Service Accounts, to make authorized calls to Google APIs from server to server. All details here:
google-oauth2-jwt.cabal view
@@ -1,5 +1,5 @@ name: google-oauth2-jwt-version: 0.3.3+version: 0.3.3.1 synopsis: Get a signed JWT for Google Service Accounts description: This library implements the creation of the signed JWT for Google Service Accounts.@@ -8,29 +8,29 @@ license-file: LICENSE author: Michel Boucey maintainer: michel.boucey@gmail.com-copyright: (c) 2016-2021 - Michel Boucey+copyright: (c) 2016-2024 - Michel Boucey category: Google build-type: Simple extra-source-files: README.md cabal-version: >= 1.10 -Tested-With: GHC ==8.4.4 || ==8.6.5 || ==8.8.4 || ==8.10.4 || ==9.0.1+Tested-With: GHC ==8.8.4 || ==8.10.7 || ==9.0.2 || ==9.2.8 || ==9.4.8 || ==9.6.3 || ==9.8.1 +source-repository head+ type: git+ location: git://github.com/MichelBoucey/google-oauth2-jwt.git+ library hs-source-dirs: src exposed-modules: Network.Google.OAuth2.JWT- build-depends: base >= 4.7 && < 5- , base64-bytestring >= 1.0.0 && < 1.2.0.1- , bytestring >= 0.10.6 && < 0.11- , HsOpenSSL >= 0.11.1.1 && < 0.12- , RSA >= 2.1.0.3 && < 2.5- , text >= 1.2.2 && < 1.3- , unix-time >= 0.3.6 && < 0.5+ build-depends: base >= 4.3 && < 5+ , base64-bytestring >= 1.0.0 && < 1.3+ , bytestring >= 0.10.6 && < 0.13+ , HsOpenSSL >= 0.11.7 && < 0.12+ , RSA >= 2.4.1 && < 2.5+ , text >= 1.2.2 && < 2.2+ , unix-time >= 0.3.6 && < 0.5 default-language: Haskell2010 GHC-options: -Wall--source-repository head- type: git- location: git://github.com/MichelBoucey/google-oauth2-jwt.git
src/Network/Google/OAuth2/JWT.hs view
@@ -23,10 +23,9 @@ import Control.Monad (unless) import qualified Data.ByteString as B import Data.ByteString.Base64.URL (encode)-import Data.ByteString.Lazy (fromStrict, toStrict) import Data.ByteString.Char8 (unpack)-import Data.Maybe (fromMaybe, fromJust)--- import Data.Monoid ((<>))+import Data.ByteString.Lazy (fromStrict, toStrict)+import Data.Maybe (fromJust, fromMaybe) import qualified Data.Text as T import Data.Text.Encoding (encodeUtf8) import Data.UnixTime (getUnixTime, utSeconds)@@ -59,7 +58,7 @@ -- > fromPEMString :: String -> IO PrivateKey fromPEMString s =- fromJust . toKeyPair <$> readPrivateKey s PwNone >>=+ readPrivateKey s PwNone >>= ( \k -> return PrivateKey { private_pub =@@ -74,7 +73,7 @@ , private_dP = 0 , private_dQ = 0 , private_qinv = 0- }+ }) . fromJust . toKeyPair -- | Create the signed JWT ready for transmission -- in the access token request as assertion value.@@ -96,23 +95,23 @@ -- Google API Console. -> IO (Either String SignedJWT) -- ^ Either an error message or a signed JWT.-getSignedJWT iss msub scs mxt pk = do- let xt = fromIntegral (fromMaybe 3600 mxt)- unless (xt >= 1 && xt <= 3600) (fail "Bad expiration time")- t <- getUnixTime- let i = header <> "." <> toB64 ("{\"iss\":\"" <> iss <> "\","- <> maybe T.empty (\e -> "\"sub\":\"" <> e <> "\",") msub- <> "\"scope\":\"" <> T.intercalate " " scs <> "\",\"aud\- \\":\"https://www.googleapis.com/oauth2/v4/token\",\"ex\- \p\":" <> toT (utSeconds t + CTime xt) <> ",\"iat\":"- <> toT (utSeconds t) <> "}")- return $- either- (return $ Left "RSAError")- (\s -> return $ SignedJWT $ i <> "." <> encode (toStrict s))- (rsassa_pkcs1_v1_5_sign hashSHA256 pk $ fromStrict i)- where- toT = T.pack . show- toB64 = encode . encodeUtf8- header = toB64 "{\"alg\":\"RS256\",\"typ\":\"JWT\"}"+getSignedJWT iss msub scs mxt pk =+ let toT = T.pack . show+ toB64 = encode . encodeUtf8+ header = toB64 "{\"alg\":\"RS256\",\"typ\":\"JWT\"}"+ in do+ let xt = fromIntegral (fromMaybe 3600 mxt)+ unless (xt >= 1 && xt <= 3600) (fail "Bad expiration time")+ t <- getUnixTime+ let i = header <> "." <> toB64 ("{\"iss\":\"" <> iss <> "\","+ <> maybe T.empty (\e -> "\"sub\":\"" <> e <> "\",") msub+ <> "\"scope\":\"" <> T.intercalate " " scs <> "\",\"aud\+ \\":\"https://www.googleapis.com/oauth2/v4/token\",\"ex\+ \p\":" <> toT (utSeconds t + CTime xt) <> ",\"iat\":"+ <> toT (utSeconds t) <> "}")+ return $+ either+ (return $ Left "RSAError")+ (\s -> return $ SignedJWT $ i <> "." <> encode (toStrict s))+ (rsassa_pkcs1_v1_5_sign hashSHA256 pk $ fromStrict i)