ory-hydra-client 1.9.2 → 1.10
raw patch · 14 files changed
+1034/−456 lines, 14 filesdep ~bytestringdep ~http-clientdep ~microlens
Dependency ranges changed: bytestring, http-client, microlens
Files
- README.md +12/−11
- lib/ORYHydra/API/Admin.hs +76/−80
- lib/ORYHydra/API/Metadata.hs +75/−0
- lib/ORYHydra/API/Public.hs +13/−19
- lib/ORYHydra/Client.hs +17/−11
- lib/ORYHydra/Core.hs +29/−16
- lib/ORYHydra/LoggingKatip.hs +3/−4
- lib/ORYHydra/LoggingMonadLogger.hs +3/−4
- lib/ORYHydra/Model.hs +212/−51
- lib/ORYHydra/ModelLens.hs +121/−24
- openapi.yaml +407/−212
- ory-hydra-client.cabal +9/−8
- tests/Instances.hs +53/−15
- tests/Test.hs +4/−1
README.md view
@@ -15,7 +15,7 @@ ``` which will generate docs for this lib in the `docs` folder. -To generate the docs in the normal location (to enable hyperlinks to external libs), remove +To generate the docs in the normal location (to enable hyperlinks to external libs), remove ``` build: haddock-arguments:@@ -55,7 +55,7 @@ **haskell-http-client additional properties:** | OPTION | DESCRIPTION | DEFAULT | ACTUAL |-| ------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | -------- | ------------------------------------- |+|---------------------------------|-------------------------------------------------------------------------------------------------------------------------------|----------|---------------------------------------| | allowFromJsonNulls | allow JSON Null during model decoding from JSON | true | true | | allowNonUniqueOperationIds | allow *different* API modules to contain the same operationId. Each API must be imported qualified | false | true | | allowToJsonNulls | allow emitting JSON Null during model encoding to JSON | false | false |@@ -76,13 +76,14 @@ | requestType | Set the name of the type used to generate requests | | ORYHydraRequest | | strictFields | Add strictness annotations to all model fields | true | false | | useKatip | Sets the default value for the UseKatip cabal flag. If true, the katip package provides logging instead of monad-logger | true | true |+| queryExtraUnreserved | Configures additional querystring characters which must not be URI encoded, e.g. '+' or ':' | | | [1]: https://www.stackage.org/haddock/lts-9.0/iso8601-time-0.1.4/Data-Time-ISO8601.html#v:formatISO8601Millis An example setting _dateTimeFormat_ and _strictFields_: ```-java -jar openapi-generator-cli.jar generate -i petstore.yaml -g haskell-http-client -o output/haskell-http-client --additional-properties=dateTimeFormat="%Y-%m-%dT%H:%M:%S%Q%z" --additional-properties=strictFields=false +java -jar openapi-generator-cli.jar generate -i petstore.yaml -g haskell-http-client -o output/haskell-http-client --additional-properties=dateTimeFormat="%Y-%m-%dT%H:%M:%S%Q%z" --additional-properties=strictFields=false ``` View the full list of Codegen "config option" parameters with the command:@@ -112,7 +113,7 @@ | MODULE | NOTES | | ------------------- | --------------------------------------------------- | | ORYHydra.Client | use the "dispatch" functions to send requests |-| ORYHydra.Core | core funcions, config and request types |+| ORYHydra.Core | core functions, config and request types | | ORYHydra.API | construct api requests | | ORYHydra.Model | describes api models | | ORYHydra.MimeTypes | encoding/decoding MIME types (content-types/accept) |@@ -136,10 +137,10 @@ * optional non-body parameters are included by using `applyOptionalParam` * optional body parameters are set by using `setBodyParam` -Example code generated for pretend _addFoo_ operation: +Example code generated for pretend _addFoo_ operation: ```haskell-data AddFoo +data AddFoo instance Consumes AddFoo MimeJSON instance Produces AddFoo MimeJSON instance Produces AddFoo MimeXML@@ -182,14 +183,14 @@ ```haskell mgr <- newManager defaultManagerSettings-config0 <- withStdoutLogging =<< newConfig +config0 <- withStdoutLogging =<< newConfig let config = config0 `addAuthMethod` AuthOAuthFoo "secret-key" -let addFooRequest = - addFoo - (ContentType MimeJSON) - (Accept MimeXML) +let addFooRequest =+ addFoo+ (ContentType MimeJSON)+ (Accept MimeXML) (ParamBar paramBar) (ParamQux paramQux) modelBaz
lib/ORYHydra/API/Admin.hs view
@@ -65,7 +65,7 @@ -- -- When an authorization code, hybrid, or implicit OAuth 2.0 Flow is initiated, ORY Hydra asks the login provider to authenticate the subject and then tell ORY Hydra now about it. If the subject authenticated, he/she must now be asked if the OAuth 2.0 Client which initiated the flow should be allowed to access the resources on the subject's behalf. The consent provider which handles this request and is a web app implemented and hosted by you. It shows a subject interface which asks the subject to grant or deny the client access to the requested scope (\"Application my-dropbox-app wants write access to all your private files\"). The consent challenge is appended to the consent provider's URL to which the subject's user-agent (browser) is redirected to. The consent provider uses that challenge to fetch information on the OAuth2 request and then tells ORY Hydra if the subject accepted or rejected the request. This endpoint tells ORY Hydra that the subject has authorized the OAuth 2.0 client to access resources on his/her behalf. The consent provider includes additional information, such as session data for access and ID tokens, and if the consent request should be used as basis for future requests. The response contains a redirect URL which the consent provider should redirect the user-agent to. -- -acceptConsentRequest0 +acceptConsentRequest0 :: (Consumes AcceptConsentRequest0 MimeJSON) => ConsentChallenge -- ^ "consentChallenge" -> ORYHydraRequest AcceptConsentRequest0 MimeJSON CompletedRequest MimeJSON@@ -91,7 +91,7 @@ -- -- When an authorization code, hybrid, or implicit OAuth 2.0 Flow is initiated, ORY Hydra asks the login provider (sometimes called \"identity provider\") to authenticate the subject and then tell ORY Hydra now about it. The login provider is an web-app you write and host, and it must be able to authenticate (\"show the subject a login screen\") a subject (in OAuth2 the proper name for subject is \"resource owner\"). The authentication challenge is appended to the login provider URL to which the subject's user-agent (browser) is redirected to. The login provider uses that challenge to fetch information on the OAuth2 request and then accept or reject the requested authentication process. This endpoint tells ORY Hydra that the subject has successfully authenticated and includes additional information such as the subject's ID and if ORY Hydra should remember the subject's subject agent for future authentication attempts by setting a cookie. The response contains a redirect URL which the login provider should redirect the user-agent to. -- -acceptLoginRequest0 +acceptLoginRequest0 :: (Consumes AcceptLoginRequest0 MimeJSON) => LoginChallenge -- ^ "loginChallenge" -> ORYHydraRequest AcceptLoginRequest0 MimeJSON CompletedRequest MimeJSON@@ -117,7 +117,7 @@ -- -- When a user or an application requests ORY Hydra to log out a user, this endpoint is used to confirm that logout request. No body is required. The response contains a redirect URL which the consent provider should redirect the user-agent to. -- -acceptLogoutRequest +acceptLogoutRequest :: LogoutChallenge -- ^ "logoutChallenge" -> ORYHydraRequest AcceptLogoutRequest MimeNoContent CompletedRequest MimeJSON acceptLogoutRequest (LogoutChallenge logoutChallenge) =@@ -137,7 +137,7 @@ -- -- This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as symmetric cryptographic keys (HS256, HS512) and asymetric cryptographic keys (RS256, ECDSA). If the specified JSON Web Key Set does not exist, it will be created. A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well. -- -createJsonWebKeySet +createJsonWebKeySet :: (Consumes CreateJsonWebKeySet MimeJSON) => Set -- ^ "set" - The set -> ORYHydraRequest CreateJsonWebKeySet MimeJSON JSONWebKeySet MimeJSON@@ -162,7 +162,7 @@ -- -- Create a new OAuth 2.0 client If you pass `client_secret` the secret will be used, otherwise a random secret will be generated. The secret will be returned in the response and you will not be able to retrieve it later on. Write the secret down and keep it somwhere safe. OAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are generated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities. To manage ORY Hydra, you will need an OAuth 2.0 Client as well. Make sure that this endpoint is well protected and only callable by first-party components. -- -createOAuth2Client +createOAuth2Client :: (Consumes CreateOAuth2Client MimeJSON, MimeRender MimeJSON OAuth2Client) => OAuth2Client -- ^ "body" -> ORYHydraRequest CreateOAuth2Client MimeJSON OAuth2Client MimeJSON@@ -188,18 +188,15 @@ -- -- Use this endpoint to delete a single JSON Web Key. A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well. -- --- Note: Has 'Produces' instances, but no response schema--- -deleteJsonWebKey +deleteJsonWebKey :: Kid -- ^ "kid" - The kid of the desired key -> Set -- ^ "set" - The set- -> ORYHydraRequest DeleteJsonWebKey MimeNoContent res MimeJSON+ -> ORYHydraRequest DeleteJsonWebKey MimeNoContent NoContent MimeNoContent deleteJsonWebKey (Kid kid) (Set set) = _mkRequest "DELETE" ["/keys/",toPath set,"/",toPath kid] data DeleteJsonWebKey --- | @application/json@-instance Produces DeleteJsonWebKey MimeJSON+instance Produces DeleteJsonWebKey MimeNoContent -- *** deleteJsonWebKeySet@@ -210,17 +207,14 @@ -- -- Use this endpoint to delete a complete JSON Web Key Set and all the keys in that set. A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well. -- --- Note: Has 'Produces' instances, but no response schema--- -deleteJsonWebKeySet +deleteJsonWebKeySet :: Set -- ^ "set" - The set- -> ORYHydraRequest DeleteJsonWebKeySet MimeNoContent res MimeJSON+ -> ORYHydraRequest DeleteJsonWebKeySet MimeNoContent NoContent MimeNoContent deleteJsonWebKeySet (Set set) = _mkRequest "DELETE" ["/keys/",toPath set] data DeleteJsonWebKeySet --- | @application/json@-instance Produces DeleteJsonWebKeySet MimeJSON+instance Produces DeleteJsonWebKeySet MimeNoContent -- *** deleteOAuth2Client@@ -231,17 +225,14 @@ -- -- Delete an existing OAuth 2.0 Client by its ID. OAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are generated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities. To manage ORY Hydra, you will need an OAuth 2.0 Client as well. Make sure that this endpoint is well protected and only callable by first-party components. -- --- Note: Has 'Produces' instances, but no response schema--- -deleteOAuth2Client +deleteOAuth2Client :: Id -- ^ "id" - The id of the OAuth 2.0 Client.- -> ORYHydraRequest DeleteOAuth2Client MimeNoContent res MimeJSON+ -> ORYHydraRequest DeleteOAuth2Client MimeNoContent NoContent MimeNoContent deleteOAuth2Client (Id id) = _mkRequest "DELETE" ["/clients/",toPath id] data DeleteOAuth2Client --- | @application/json@-instance Produces DeleteOAuth2Client MimeJSON+instance Produces DeleteOAuth2Client MimeNoContent -- *** deleteOAuth2Token@@ -252,18 +243,15 @@ -- -- This endpoint deletes OAuth2 access tokens issued for a client from the database -- --- Note: Has 'Produces' instances, but no response schema--- -deleteOAuth2Token +deleteOAuth2Token :: ClientId -- ^ "clientId"- -> ORYHydraRequest DeleteOAuth2Token MimeNoContent res MimeJSON+ -> ORYHydraRequest DeleteOAuth2Token MimeNoContent NoContent MimeNoContent deleteOAuth2Token (ClientId clientId) = _mkRequest "DELETE" ["/oauth2/tokens"] `addQuery` toQuery ("client_id", Just clientId) data DeleteOAuth2Token --- | @application/json@-instance Produces DeleteOAuth2Token MimeJSON+instance Produces DeleteOAuth2Token MimeNoContent -- *** flushInactiveOAuth2Tokens@@ -274,11 +262,9 @@ -- -- This endpoint flushes expired OAuth2 access tokens from the database. You can set a time after which no tokens will be not be touched, in case you want to keep recent tokens for auditing. Refresh tokens can not be flushed as they are deleted automatically when performing the refresh flow. -- --- Note: Has 'Produces' instances, but no response schema--- -flushInactiveOAuth2Tokens +flushInactiveOAuth2Tokens :: (Consumes FlushInactiveOAuth2Tokens MimeJSON)- => ORYHydraRequest FlushInactiveOAuth2Tokens MimeJSON res MimeJSON+ => ORYHydraRequest FlushInactiveOAuth2Tokens MimeJSON NoContent MimeNoContent flushInactiveOAuth2Tokens = _mkRequest "POST" ["/oauth2/flush"] @@ -288,8 +274,7 @@ -- | @application/json@ instance Consumes FlushInactiveOAuth2Tokens MimeJSON --- | @application/json@-instance Produces FlushInactiveOAuth2Tokens MimeJSON+instance Produces FlushInactiveOAuth2Tokens MimeNoContent -- *** getConsentRequest@@ -300,7 +285,7 @@ -- -- When an authorization code, hybrid, or implicit OAuth 2.0 Flow is initiated, ORY Hydra asks the login provider to authenticate the subject and then tell ORY Hydra now about it. If the subject authenticated, he/she must now be asked if the OAuth 2.0 Client which initiated the flow should be allowed to access the resources on the subject's behalf. The consent provider which handles this request and is a web app implemented and hosted by you. It shows a subject interface which asks the subject to grant or deny the client access to the requested scope (\"Application my-dropbox-app wants write access to all your private files\"). The consent challenge is appended to the consent provider's URL to which the subject's user-agent (browser) is redirected to. The consent provider uses that challenge to fetch information on the OAuth2 request and then tells ORY Hydra if the subject accepted or rejected the request. -- -getConsentRequest +getConsentRequest :: ConsentChallenge -- ^ "consentChallenge" -> ORYHydraRequest GetConsentRequest MimeNoContent ConsentRequest MimeJSON getConsentRequest (ConsentChallenge consentChallenge) =@@ -320,7 +305,7 @@ -- -- This endpoint returns a singular JSON Web Key, identified by the set and the specific key ID (kid). -- -getJsonWebKey +getJsonWebKey :: Kid -- ^ "kid" - The kid of the desired key -> Set -- ^ "set" - The set -> ORYHydraRequest GetJsonWebKey MimeNoContent JSONWebKeySet MimeJSON@@ -340,7 +325,7 @@ -- -- This endpoint can be used to retrieve JWK Sets stored in ORY Hydra. A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well. -- -getJsonWebKeySet +getJsonWebKeySet :: Set -- ^ "set" - The set -> ORYHydraRequest GetJsonWebKeySet MimeNoContent JSONWebKeySet MimeJSON getJsonWebKeySet (Set set) =@@ -359,7 +344,7 @@ -- -- When an authorization code, hybrid, or implicit OAuth 2.0 Flow is initiated, ORY Hydra asks the login provider (sometimes called \"identity provider\") to authenticate the subject and then tell ORY Hydra now about it. The login provider is an web-app you write and host, and it must be able to authenticate (\"show the subject a login screen\") a subject (in OAuth2 the proper name for subject is \"resource owner\"). The authentication challenge is appended to the login provider URL to which the subject's user-agent (browser) is redirected to. The login provider uses that challenge to fetch information on the OAuth2 request and then accept or reject the requested authentication process. -- -getLoginRequest +getLoginRequest :: LoginChallenge -- ^ "loginChallenge" -> ORYHydraRequest GetLoginRequest MimeNoContent LoginRequest MimeJSON getLoginRequest (LoginChallenge loginChallenge) =@@ -379,7 +364,7 @@ -- -- Use this endpoint to fetch a logout request. -- -getLogoutRequest +getLogoutRequest :: LogoutChallenge -- ^ "logoutChallenge" -> ORYHydraRequest GetLogoutRequest MimeNoContent LogoutRequest MimeJSON getLogoutRequest (LogoutChallenge logoutChallenge) =@@ -399,7 +384,7 @@ -- -- Get an OAUth 2.0 client by its ID. This endpoint never returns passwords. OAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are generated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities. To manage ORY Hydra, you will need an OAuth 2.0 Client as well. Make sure that this endpoint is well protected and only callable by first-party components. -- -getOAuth2Client +getOAuth2Client :: Id -- ^ "id" - The id of the OAuth 2.0 Client. -> ORYHydraRequest GetOAuth2Client MimeNoContent OAuth2Client MimeJSON getOAuth2Client (Id id) =@@ -418,7 +403,7 @@ -- -- This endpoint returns the service version typically notated using semantic versioning. If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set. -- -getVersion +getVersion :: ORYHydraRequest GetVersion MimeNoContent Version MimeJSON getVersion = _mkRequest "GET" ["/version"]@@ -436,7 +421,7 @@ -- -- The introspection endpoint allows to check if a token (both refresh and access) is active or not. An active token is neither expired nor revoked. If a token is active, additional information on the token will be included. You can set additional data for a token by setting `accessTokenExtra` during the consent flow. For more information [read this blog post](https://www.oauth.com/oauth2-servers/token-introspection-endpoint/). -- -introspectOAuth2Token +introspectOAuth2Token :: (Consumes IntrospectOAuth2Token MimeFormUrlEncoded) => Token -- ^ "token" - The string value of the token. For access tokens, this is the \\\"access_token\\\" value returned from the token endpoint defined in OAuth 2.0. For refresh tokens, this is the \\\"refresh_token\\\" value returned. -> ORYHydraRequest IntrospectOAuth2Token MimeFormUrlEncoded OAuth2TokenIntrospection MimeJSON@@ -466,7 +451,7 @@ -- -- This endpoint returns a 200 status code when the HTTP server is up running. This status does currently not include checks whether the database connection is working. If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set. Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance. -- -isInstanceAlive +isInstanceAlive :: ORYHydraRequest IsInstanceAlive MimeNoContent HealthStatus MimeJSON isInstanceAlive = _mkRequest "GET" ["/health/alive"]@@ -484,14 +469,14 @@ -- -- This endpoint lists all clients in the database, and never returns client secrets. As a default it lists the first 100 clients. The `limit` parameter can be used to retrieve more clients, but it has an upper bound at 500 objects. Pagination should be used to retrieve more than 500 objects. OAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are generated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities. To manage ORY Hydra, you will need an OAuth 2.0 Client as well. Make sure that this endpoint is well protected and only callable by first-party components. The \"Link\" header is also included in successful responses, which contains one or more links for pagination, formatted like so: '<https://hydra-url/admin/clients?limit={limit}&offset={offset}>; rel=\"{page}\"', where page is one of the following applicable pages: 'first', 'next', 'last', and 'previous'. Multiple links can be included in this header, and will be separated by a comma. -- -listOAuth2Clients +listOAuth2Clients :: ORYHydraRequest ListOAuth2Clients MimeNoContent [OAuth2Client] MimeJSON listOAuth2Clients = _mkRequest "GET" ["/clients"] data ListOAuth2Clients --- | /Optional Param/ "limit" - The maximum amount of policies returned, upper bound is 500 policies+-- | /Optional Param/ "limit" - The maximum amount of clients to returned, upper bound is 500 clients. instance HasOptionalParam ListOAuth2Clients Limit where applyOptionalParam req (Limit xs) = req `addQuery` toQuery ("limit", Just xs)@@ -500,6 +485,16 @@ instance HasOptionalParam ListOAuth2Clients Offset where applyOptionalParam req (Offset xs) = req `addQuery` toQuery ("offset", Just xs)++-- | /Optional Param/ "client_name" - The name of the clients to filter by.+instance HasOptionalParam ListOAuth2Clients ClientName where+ applyOptionalParam req (ClientName xs) =+ req `addQuery` toQuery ("client_name", Just xs)++-- | /Optional Param/ "owner" - The owner of the clients to filter by.+instance HasOptionalParam ListOAuth2Clients Owner where+ applyOptionalParam req (Owner xs) =+ req `addQuery` toQuery ("owner", Just xs) -- | @application/json@ instance Produces ListOAuth2Clients MimeJSON @@ -512,7 +507,7 @@ -- -- This endpoint lists all subject's granted consent sessions, including client and granted scope. If the subject is unknown or has not granted any consent sessions yet, the endpoint returns an empty JSON array with status code 200 OK. The \"Link\" header is also included in successful responses, which contains one or more links for pagination, formatted like so: '<https://hydra-url/admin/oauth2/auth/sessions/consent?subject={user}&limit={limit}&offset={offset}>; rel=\"{page}\"', where page is one of the following applicable pages: 'first', 'next', 'last', and 'previous'. Multiple links can be included in this header, and will be separated by a comma. -- -listSubjectConsentSessions +listSubjectConsentSessions :: Subject -- ^ "subject" -> ORYHydraRequest ListSubjectConsentSessions MimeNoContent [PreviousConsentSession] MimeJSON listSubjectConsentSessions (Subject subject) =@@ -524,23 +519,33 @@ instance Produces ListSubjectConsentSessions MimeJSON --- *** prometheus+-- *** patchOAuth2Client --- | @GET \/metrics\/prometheus@+-- | @PATCH \/clients\/{id}@ -- --- Get Snapshot Metrics from the Hydra Service.+-- Patch an OAuth 2.0 Client -- --- If you're using k8s, you can then add annotations to your deployment like so: ``` metadata: annotations: prometheus.io/port: \"4445\" prometheus.io/path: \"/metrics/prometheus\" ``` If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set.+-- Patch an existing OAuth 2.0 Client. If you pass `client_secret` the secret will be updated and returned via the API. This is the only time you will be able to retrieve the client secret, so write it down and keep it safe. OAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are generated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities. To manage ORY Hydra, you will need an OAuth 2.0 Client as well. Make sure that this endpoint is well protected and only callable by first-party components. -- -prometheus - :: ORYHydraRequest Prometheus MimeNoContent NoContent MimeNoContent-prometheus =- _mkRequest "GET" ["/metrics/prometheus"]+patchOAuth2Client+ :: (Consumes PatchOAuth2Client MimeJSON, MimeRender MimeJSON Body)+ => Body -- ^ "body"+ -> Id -- ^ "id"+ -> ORYHydraRequest PatchOAuth2Client MimeJSON OAuth2Client MimeJSON+patchOAuth2Client body (Id id) =+ _mkRequest "PATCH" ["/clients/",toPath id]+ `setBodyParam` body -data Prometheus -instance Produces Prometheus MimeNoContent+data PatchOAuth2Client +instance HasBodyParam PatchOAuth2Client Body +-- | @application/json@+instance Consumes PatchOAuth2Client MimeJSON +-- | @application/json@+instance Produces PatchOAuth2Client MimeJSON++ -- *** rejectConsentRequest -- | @PUT \/oauth2\/auth\/requests\/consent\/reject@@@ -549,7 +554,7 @@ -- -- When an authorization code, hybrid, or implicit OAuth 2.0 Flow is initiated, ORY Hydra asks the login provider to authenticate the subject and then tell ORY Hydra now about it. If the subject authenticated, he/she must now be asked if the OAuth 2.0 Client which initiated the flow should be allowed to access the resources on the subject's behalf. The consent provider which handles this request and is a web app implemented and hosted by you. It shows a subject interface which asks the subject to grant or deny the client access to the requested scope (\"Application my-dropbox-app wants write access to all your private files\"). The consent challenge is appended to the consent provider's URL to which the subject's user-agent (browser) is redirected to. The consent provider uses that challenge to fetch information on the OAuth2 request and then tells ORY Hydra if the subject accepted or rejected the request. This endpoint tells ORY Hydra that the subject has not authorized the OAuth 2.0 client to access resources on his/her behalf. The consent provider must include a reason why the consent was not granted. The response contains a redirect URL which the consent provider should redirect the user-agent to. -- -rejectConsentRequest +rejectConsentRequest :: (Consumes RejectConsentRequest MimeJSON) => ConsentChallenge -- ^ "consentChallenge" -> ORYHydraRequest RejectConsentRequest MimeJSON CompletedRequest MimeJSON@@ -575,7 +580,7 @@ -- -- When an authorization code, hybrid, or implicit OAuth 2.0 Flow is initiated, ORY Hydra asks the login provider (sometimes called \"identity provider\") to authenticate the subject and then tell ORY Hydra now about it. The login provider is an web-app you write and host, and it must be able to authenticate (\"show the subject a login screen\") a subject (in OAuth2 the proper name for subject is \"resource owner\"). The authentication challenge is appended to the login provider URL to which the subject's user-agent (browser) is redirected to. The login provider uses that challenge to fetch information on the OAuth2 request and then accept or reject the requested authentication process. This endpoint tells ORY Hydra that the subject has not authenticated and includes a reason why the authentication was be denied. The response contains a redirect URL which the login provider should redirect the user-agent to. -- -rejectLoginRequest +rejectLoginRequest :: (Consumes RejectLoginRequest MimeJSON) => LoginChallenge -- ^ "loginChallenge" -> ORYHydraRequest RejectLoginRequest MimeJSON CompletedRequest MimeJSON@@ -601,13 +606,11 @@ -- -- When a user or an application requests ORY Hydra to log out a user, this endpoint is used to deny that logout request. No body is required. The response is empty as the logout provider has to chose what action to perform next. -- --- Note: Has 'Produces' instances, but no response schema--- -rejectLogoutRequest +rejectLogoutRequest :: (Consumes RejectLogoutRequest contentType) => ContentType contentType -- ^ request content-type ('MimeType') -> LogoutChallenge -- ^ "logoutChallenge"- -> ORYHydraRequest RejectLogoutRequest contentType res MimeJSON+ -> ORYHydraRequest RejectLogoutRequest contentType NoContent MimeNoContent rejectLogoutRequest _ (LogoutChallenge logoutChallenge) = _mkRequest "PUT" ["/oauth2/auth/requests/logout/reject"] `addQuery` toQuery ("logout_challenge", Just logoutChallenge)@@ -620,8 +623,7 @@ -- | @application/x-www-form-urlencoded@ instance Consumes RejectLogoutRequest MimeFormUrlEncoded --- | @application/json@-instance Produces RejectLogoutRequest MimeJSON+instance Produces RejectLogoutRequest MimeNoContent -- *** revokeAuthenticationSession@@ -632,18 +634,15 @@ -- -- This endpoint invalidates a subject's authentication session. After revoking the authentication session, the subject has to re-authenticate at ORY Hydra. This endpoint does not invalidate any tokens and does not work with OpenID Connect Front- or Back-channel logout. -- --- Note: Has 'Produces' instances, but no response schema--- -revokeAuthenticationSession +revokeAuthenticationSession :: Subject -- ^ "subject"- -> ORYHydraRequest RevokeAuthenticationSession MimeNoContent res MimeJSON+ -> ORYHydraRequest RevokeAuthenticationSession MimeNoContent NoContent MimeNoContent revokeAuthenticationSession (Subject subject) = _mkRequest "DELETE" ["/oauth2/auth/sessions/login"] `addQuery` toQuery ("subject", Just subject) data RevokeAuthenticationSession --- | @application/json@-instance Produces RevokeAuthenticationSession MimeJSON+instance Produces RevokeAuthenticationSession MimeNoContent -- *** revokeConsentSessions@@ -654,11 +653,9 @@ -- -- This endpoint revokes a subject's granted consent sessions for a specific OAuth 2.0 Client and invalidates all associated OAuth 2.0 Access Tokens. -- --- Note: Has 'Produces' instances, but no response schema--- -revokeConsentSessions +revokeConsentSessions :: Subject -- ^ "subject" - The subject (Subject) who's consent sessions should be deleted.- -> ORYHydraRequest RevokeConsentSessions MimeNoContent res MimeJSON+ -> ORYHydraRequest RevokeConsentSessions MimeNoContent NoContent MimeNoContent revokeConsentSessions (Subject subject) = _mkRequest "DELETE" ["/oauth2/auth/sessions/consent"] `addQuery` toQuery ("subject", Just subject)@@ -674,8 +671,7 @@ instance HasOptionalParam RevokeConsentSessions All where applyOptionalParam req (All xs) = req `addQuery` toQuery ("all", Just xs)--- | @application/json@-instance Produces RevokeConsentSessions MimeJSON+instance Produces RevokeConsentSessions MimeNoContent -- *** updateJsonWebKey@@ -686,7 +682,7 @@ -- -- Use this method if you do not want to let Hydra generate the JWKs for you, but instead save your own. A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well. -- -updateJsonWebKey +updateJsonWebKey :: (Consumes UpdateJsonWebKey MimeJSON) => Kid -- ^ "kid" - The kid of the desired key -> Set -- ^ "set" - The set@@ -712,7 +708,7 @@ -- -- Use this method if you do not want to let Hydra generate the JWKs for you, but instead save your own. A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well. -- -updateJsonWebKeySet +updateJsonWebKeySet :: (Consumes UpdateJsonWebKeySet MimeJSON) => Set -- ^ "set" - The set -> ORYHydraRequest UpdateJsonWebKeySet MimeJSON JSONWebKeySet MimeJSON@@ -737,7 +733,7 @@ -- -- Update an existing OAuth 2.0 Client. If you pass `client_secret` the secret will be updated and returned via the API. This is the only time you will be able to retrieve the client secret, so write it down and keep it safe. OAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are generated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities. To manage ORY Hydra, you will need an OAuth 2.0 Client as well. Make sure that this endpoint is well protected and only callable by first-party components. -- -updateOAuth2Client +updateOAuth2Client :: (Consumes UpdateOAuth2Client MimeJSON, MimeRender MimeJSON OAuth2Client) => OAuth2Client -- ^ "body" -> Id -- ^ "id"
+ lib/ORYHydra/API/Metadata.hs view
@@ -0,0 +1,75 @@+{-+ ORY Hydra++ Welcome to the ORY Hydra HTTP API documentation. You will find documentation for all HTTP APIs here.++ OpenAPI Version: 3.0.1+ ORY Hydra API version: latest+ Generated by OpenAPI Generator (https://openapi-generator.tech)+-}++{-|+Module : ORYHydra.API.Metadata+-}++{-# LANGUAGE FlexibleContexts #-}+{-# LANGUAGE FlexibleInstances #-}+{-# LANGUAGE MonoLocalBinds #-}+{-# LANGUAGE MultiParamTypeClasses #-}+{-# LANGUAGE OverloadedStrings #-}+{-# OPTIONS_GHC -fno-warn-name-shadowing -fno-warn-unused-binds -fno-warn-unused-imports #-}++module ORYHydra.API.Metadata where++import ORYHydra.Core+import ORYHydra.MimeTypes+import ORYHydra.Model as M++import qualified Data.Aeson as A+import qualified Data.ByteString as B+import qualified Data.ByteString.Lazy as BL+import qualified Data.Data as P (Typeable, TypeRep, typeOf, typeRep)+import qualified Data.Foldable as P+import qualified Data.Map as Map+import qualified Data.Maybe as P+import qualified Data.Proxy as P (Proxy(..))+import qualified Data.Set as Set+import qualified Data.String as P+import qualified Data.Text as T+import qualified Data.Text.Encoding as T+import qualified Data.Text.Lazy as TL+import qualified Data.Text.Lazy.Encoding as TL+import qualified Data.Time as TI+import qualified Network.HTTP.Client.MultipartFormData as NH+import qualified Network.HTTP.Media as ME+import qualified Network.HTTP.Types as NH+import qualified Web.FormUrlEncoded as WH+import qualified Web.HttpApiData as WH++import Data.Text (Text)+import GHC.Base ((<|>))++import Prelude ((==),(/=),($), (.),(<$>),(<*>),(>>=),Maybe(..),Bool(..),Char,Double,FilePath,Float,Int,Integer,String,fmap,undefined,mempty,maybe,pure,Monad,Applicative,Functor)+import qualified Prelude as P++-- * Operations+++-- ** Metadata++-- *** prometheus++-- | @GET \/metrics\/prometheus@+-- +-- Get snapshot metrics from the service. If you're using k8s, you can then add annotations to your deployment like so:+-- +-- ``` metadata: annotations: prometheus.io/port: \"4434\" prometheus.io/path: \"/metrics/prometheus\" ```+-- +prometheus+ :: ORYHydraRequest Prometheus MimeNoContent NoContent MimeNoContent+prometheus =+ _mkRequest "GET" ["/metrics/prometheus"]++data Prometheus +instance Produces Prometheus MimeNoContent+
lib/ORYHydra/API/Public.hs view
@@ -65,7 +65,7 @@ -- -- This endpoint initiates and completes user logout at ORY Hydra and initiates OpenID Connect Front-/Back-channel logout: https://openid.net/specs/openid-connect-frontchannel-1_0.html https://openid.net/specs/openid-connect-backchannel-1_0.html -- -disconnectUser +disconnectUser :: ORYHydraRequest DisconnectUser MimeNoContent NoContent MimeNoContent disconnectUser = _mkRequest "GET" ["/oauth2/sessions/logout"]@@ -82,7 +82,7 @@ -- -- The well known endpoint an be used to retrieve information for OpenID Connect clients. We encourage you to not roll your own OpenID Connect client but to use an OpenID Connect client library instead. You can learn more on this flow at https://openid.net/specs/openid-connect-discovery-1_0.html . Popular libraries for OpenID Connect clients include oidc-client-js (JavaScript), go-oidc (Golang), and others. For a full list of clients go here: https://openid.net/developers/certified/ -- -discoverOpenIDConfiguration +discoverOpenIDConfiguration :: ORYHydraRequest DiscoverOpenIDConfiguration MimeNoContent WellKnown MimeJSON discoverOpenIDConfiguration = _mkRequest "GET" ["/.well-known/openid-configuration"]@@ -100,7 +100,7 @@ -- -- This endpoint returns a 200 status code when the HTTP server is up running and the environment dependencies (e.g. the database) are responsive as well. If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set. Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance. -- -isInstanceReady +isInstanceReady :: ORYHydraRequest IsInstanceReady MimeNoContent HealthStatus MimeJSON isInstanceReady = _mkRequest "GET" ["/health/ready"]@@ -120,7 +120,7 @@ -- -- AuthMethod: 'AuthBasicBasic', 'AuthOAuthOauth2' -- -oauth2Token +oauth2Token :: (Consumes Oauth2Token MimeFormUrlEncoded) => GrantType -- ^ "grantType" -> ORYHydraRequest Oauth2Token MimeFormUrlEncoded Oauth2TokenResponse MimeJSON@@ -159,16 +159,13 @@ -- -- This endpoint is not documented here because you should never use your own implementation to perform OAuth2 flows. OAuth2 is a very popular protocol and a library for your programming language will exists. To learn more about this flow please refer to the specification: https://tools.ietf.org/html/rfc6749 -- --- Note: Has 'Produces' instances, but no response schema--- -oauthAuth - :: ORYHydraRequest OauthAuth MimeNoContent res MimeJSON+oauthAuth+ :: ORYHydraRequest OauthAuth MimeNoContent NoContent MimeNoContent oauthAuth = _mkRequest "GET" ["/oauth2/auth"] data OauthAuth --- | @application/json@-instance Produces OauthAuth MimeJSON+instance Produces OauthAuth MimeNoContent -- *** revokeOAuth2Token@@ -181,12 +178,10 @@ -- -- AuthMethod: 'AuthBasicBasic', 'AuthOAuthOauth2' -- --- Note: Has 'Produces' instances, but no response schema--- -revokeOAuth2Token +revokeOAuth2Token :: (Consumes RevokeOAuth2Token MimeFormUrlEncoded) => Token -- ^ "token"- -> ORYHydraRequest RevokeOAuth2Token MimeFormUrlEncoded res MimeJSON+ -> ORYHydraRequest RevokeOAuth2Token MimeFormUrlEncoded NoContent MimeNoContent revokeOAuth2Token (Token token) = _mkRequest "POST" ["/oauth2/revoke"] `_hasAuthType` (P.Proxy :: P.Proxy AuthBasicBasic)@@ -198,8 +193,7 @@ -- | @application/x-www-form-urlencoded@ instance Consumes RevokeOAuth2Token MimeFormUrlEncoded --- | @application/json@-instance Produces RevokeOAuth2Token MimeJSON+instance Produces RevokeOAuth2Token MimeNoContent -- *** userinfo@@ -208,11 +202,11 @@ -- -- OpenID Connect Userinfo -- --- This endpoint returns the payload of the ID Token, including the idTokenExtra values, of the provided OAuth 2.0 Access Token. For more information please [refer to the spec](http://openid.net/specs/openid-connect-core-1_0.html#UserInfo).+-- This endpoint returns the payload of the ID Token, including the idTokenExtra values, of the provided OAuth 2.0 Access Token. For more information please [refer to the spec](http://openid.net/specs/openid-connect-core-1_0.html#UserInfo). In the case of authentication error, a WWW-Authenticate header might be set in the response with more information about the error. See [the spec](https://datatracker.ietf.org/doc/html/rfc6750#section-3) for more details about header format. -- -- AuthMethod: 'AuthOAuthOauth2' -- -userinfo +userinfo :: ORYHydraRequest Userinfo MimeNoContent UserinfoResponse MimeJSON userinfo = _mkRequest "GET" ["/userinfo"]@@ -231,7 +225,7 @@ -- -- This endpoint returns JSON Web Keys to be used as public keys for verifying OpenID Connect ID Tokens and, if enabled, OAuth 2.0 JWT Access Tokens. This endpoint can be used with client libraries like [node-jwks-rsa](https://github.com/auth0/node-jwks-rsa) among others. -- -wellKnown0 +wellKnown0 :: ORYHydraRequest WellKnown0 MimeNoContent JSONWebKeySet MimeJSON wellKnown0 = _mkRequest "GET" ["/.well-known/jwks.json"]
lib/ORYHydra/Client.hs view
@@ -32,6 +32,7 @@ import qualified Control.Monad.IO.Class as P import qualified Control.Monad as P import qualified Data.Aeson.Types as A+import qualified Data.ByteString as B import qualified Data.ByteString.Char8 as BC import qualified Data.ByteString.Lazy as BL import qualified Data.ByteString.Lazy.Char8 as BCL@@ -69,7 +70,7 @@ -- | pair of decoded http body and http response data MimeResult res = MimeResult { mimeResult :: Either MimeError res -- ^ decoded http body- , mimeResultResponse :: NH.Response BCL.ByteString -- ^ http response + , mimeResultResponse :: NH.Response BCL.ByteString -- ^ http response } deriving (Show, Functor, Foldable, Traversable) @@ -77,8 +78,8 @@ data MimeError = MimeError { mimeError :: String -- ^ unrender/parser error- , mimeErrorResponse :: NH.Response BCL.ByteString -- ^ http response - } deriving (Eq, Show)+ , mimeErrorResponse :: NH.Response BCL.ByteString -- ^ http response+ } deriving (Show) -- | send a request returning the 'MimeResult' dispatchMime@@ -171,7 +172,7 @@ => ORYHydraConfig -- ^ config -> ORYHydraRequest req contentType res accept -- ^ request -> IO (InitRequest req contentType res accept) -- ^ initialized request-_toInitRequest config req0 = +_toInitRequest config req0 = runConfigLogWithExceptions "Client" config $ do parsedReq <- P.liftIO $ NH.parseRequest $ BCL.unpack $ BCL.append (configHost config) (BCL.concat (rUrlPath req0)) req1 <- P.liftIO $ _applyAuthMethods req0 config@@ -179,13 +180,18 @@ (configValidateAuthMethods config && (not . null . rAuthTypes) req1) (E.throw $ AuthMethodException $ "AuthMethod not configured: " <> (show . head . rAuthTypes) req1) let req2 = req1 & _setContentTypeHeader & _setAcceptHeader- reqHeaders = ("User-Agent", WH.toHeader (configUserAgent config)) : paramsHeaders (rParams req2)- reqQuery = NH.renderQuery True (paramsQuery (rParams req2))- pReq = parsedReq { NH.method = (rMethod req2)+ params = rParams req2+ reqHeaders = ("User-Agent", WH.toHeader (configUserAgent config)) : paramsHeaders params+ reqQuery = let query = paramsQuery params+ queryExtraUnreserved = configQueryExtraUnreserved config+ in if B.null queryExtraUnreserved+ then NH.renderQuery True query+ else NH.renderQueryPartialEscape True (toPartialEscapeQuery queryExtraUnreserved query)+ pReq = parsedReq { NH.method = rMethod req2 , NH.requestHeaders = reqHeaders , NH.queryString = reqQuery }- outReq <- case paramsBody (rParams req2) of+ outReq <- case paramsBody params of ParamBodyNone -> pure (pReq { NH.requestBody = mempty }) ParamBodyB bs -> pure (pReq { NH.requestBody = NH.RequestBodyBS bs }) ParamBodyBL bl -> pure (pReq { NH.requestBody = NH.RequestBodyLBS bl })@@ -202,16 +208,16 @@ modifyInitRequestM :: Monad m => InitRequest req contentType res accept -> (NH.Request -> m NH.Request) -> m (InitRequest req contentType res accept) modifyInitRequestM (InitRequest req) f = fmap InitRequest (f req) --- ** Logging +-- ** Logging -- | Run a block using the configured logger instance runConfigLog :: P.MonadIO m- => ORYHydraConfig -> LogExec m+ => ORYHydraConfig -> LogExec m a runConfigLog config = configLogExecWithContext config (configLogContext config) -- | Run a block using the configured logger instance (logs exceptions) runConfigLogWithExceptions :: (E.MonadCatch m, P.MonadIO m)- => T.Text -> ORYHydraConfig -> LogExec m+ => T.Text -> ORYHydraConfig -> LogExec m a runConfigLogWithExceptions src config = runConfigLog config . logExceptions src
lib/ORYHydra/Core.hs view
@@ -44,6 +44,7 @@ import qualified Data.Data as P (Data, Typeable, TypeRep, typeRep) import qualified Data.Foldable as P import qualified Data.Ix as P+import qualified Data.Kind as K (Type) import qualified Data.Maybe as P import qualified Data.Proxy as P (Proxy(..)) import qualified Data.Text as T@@ -55,9 +56,9 @@ import qualified Network.HTTP.Client.MultipartFormData as NH import qualified Network.HTTP.Types as NH import qualified Prelude as P+import qualified Text.Printf as T import qualified Web.FormUrlEncoded as WH import qualified Web.HttpApiData as WH-import qualified Text.Printf as T import Control.Applicative ((<|>)) import Control.Applicative (Alternative)@@ -66,11 +67,11 @@ import Data.Foldable(foldlM) import Data.Monoid ((<>)) import Data.Text (Text)-import Prelude (($), (.), (<$>), (<*>), Maybe(..), Bool(..), Char, String, fmap, mempty, pure, return, show, IO, Monad, Functor)+import Prelude (($), (.), (&&), (<$>), (<*>), Maybe(..), Bool(..), Char, String, fmap, mempty, pure, return, show, IO, Monad, Functor, maybe) -- * ORYHydraConfig --- | +-- | data ORYHydraConfig = ORYHydraConfig { configHost :: BCL.ByteString -- ^ host supplied in the Request , configUserAgent :: Text -- ^ user-agent supplied in the Request@@ -78,6 +79,7 @@ , configLogContext :: LogContext -- ^ Configures the logger , configAuthMethods :: [AnyAuthMethod] -- ^ List of configured auth methods , configValidateAuthMethods :: Bool -- ^ throw exceptions if auth methods are not configured+ , configQueryExtraUnreserved :: B.ByteString -- ^ Configures additional querystring characters which must not be URI encoded, e.g. '+' or ':' } -- | display the config@@ -108,7 +110,8 @@ , configLogContext = logCxt , configAuthMethods = [] , configValidateAuthMethods = True- } + , configQueryExtraUnreserved = ""+ } -- | updates config use AuthMethod on matching requests addAuthMethod :: AuthMethod auth => ORYHydraConfig -> auth -> ORYHydraConfig@@ -130,7 +133,7 @@ -- | updates the config to disable logging withNoLogging :: ORYHydraConfig -> ORYHydraConfig withNoLogging p = p { configLogExecWithContext = runNullLogExec}- + -- * ORYHydraRequest -- | Represents a request.@@ -229,7 +232,7 @@ -- ** ORYHydraRequest Utils -_mkRequest :: NH.Method -- ^ Method +_mkRequest :: NH.Method -- ^ Method -> [BCL.ByteString] -- ^ Endpoint -> ORYHydraRequest req contentType res accept -- ^ req: Request Type, res: Response Type _mkRequest m u = ORYHydraRequest m u _mkParams []@@ -263,13 +266,13 @@ _setContentTypeHeader :: forall req contentType res accept. MimeType contentType => ORYHydraRequest req contentType res accept -> ORYHydraRequest req contentType res accept _setContentTypeHeader req =- case mimeType (P.Proxy :: P.Proxy contentType) of + case mimeType (P.Proxy :: P.Proxy contentType) of Just m -> req `setHeader` [("content-type", BC.pack $ P.show m)] Nothing -> req `removeHeader` ["content-type"] _setAcceptHeader :: forall req contentType res accept. MimeType accept => ORYHydraRequest req contentType res accept -> ORYHydraRequest req contentType res accept _setAcceptHeader req =- case mimeType (P.Proxy :: P.Proxy accept) of + case mimeType (P.Proxy :: P.Proxy accept) of Just m -> req `setHeader` [("accept", BC.pack $ P.show m)] Nothing -> req `removeHeader` ["accept"] @@ -293,25 +296,25 @@ addQuery req query = req & L.over (rParamsL . paramsQueryL) (query P.++) addForm :: ORYHydraRequest req contentType res accept -> WH.Form -> ORYHydraRequest req contentType res accept-addForm req newform = +addForm req newform = let form = case paramsBody (rParams req) of ParamBodyFormUrlEncoded _form -> _form _ -> mempty in req & L.set (rParamsL . paramsBodyL) (ParamBodyFormUrlEncoded (newform <> form)) _addMultiFormPart :: ORYHydraRequest req contentType res accept -> NH.Part -> ORYHydraRequest req contentType res accept-_addMultiFormPart req newpart = +_addMultiFormPart req newpart = let parts = case paramsBody (rParams req) of ParamBodyMultipartFormData _parts -> _parts _ -> [] in req & L.set (rParamsL . paramsBodyL) (ParamBodyMultipartFormData (newpart : parts)) _setBodyBS :: ORYHydraRequest req contentType res accept -> B.ByteString -> ORYHydraRequest req contentType res accept-_setBodyBS req body = +_setBodyBS req body = req & L.set (rParamsL . paramsBodyL) (ParamBodyB body) _setBodyLBS :: ORYHydraRequest req contentType res accept -> BL.ByteString -> ORYHydraRequest req contentType res accept-_setBodyLBS req body = +_setBodyLBS req body = req & L.set (rParamsL . paramsBodyL) (ParamBodyBL body) _hasAuthType :: AuthMethod authMethod => ORYHydraRequest req contentType res accept -> P.Proxy authMethod -> ORYHydraRequest req contentType res accept@@ -335,6 +338,16 @@ toQuery x = [(fmap . fmap) toQueryParam x] where toQueryParam = T.encodeUtf8 . WH.toQueryParam +toPartialEscapeQuery :: B.ByteString -> NH.Query -> NH.PartialEscapeQuery+toPartialEscapeQuery extraUnreserved query = fmap (\(k, v) -> (k, maybe [] go v)) query+ where go :: B.ByteString -> [NH.EscapeItem]+ go v = v & B.groupBy (\a b -> a `B.notElem` extraUnreserved && b `B.notElem` extraUnreserved)+ & fmap (\xs -> if B.null xs then NH.QN xs+ else if B.head xs `B.elem` extraUnreserved+ then NH.QN xs -- Not Encoded+ else NH.QE xs -- Encoded+ )+ -- *** OpenAPI `CollectionFormat` Utils -- | Determines the format of the array if type array is used.@@ -380,7 +393,7 @@ {-# INLINE go #-} {-# INLINE expandList #-} {-# INLINE combine #-}- + -- * AuthMethods -- | Provides a method to apply auth methods to requests@@ -411,7 +424,7 @@ foldlM go req as where go r (AnyAuthMethod a) = applyAuthMethod config a r- + -- * Utils -- | Removes Null fields. (OpenAPI-Specification 2.0 does not allow Null in JSON)@@ -504,7 +517,7 @@ -- * Byte/Binary Formatting - + -- | base64 encoded characters newtype ByteArray = ByteArray { unByteArray :: BL.ByteString } deriving (P.Eq,P.Data,P.Ord,P.Typeable,NF.NFData)@@ -560,4 +573,4 @@ -- * Lens Type Aliases type Lens_' s a = Lens_ s s a a-type Lens_ s t a b = forall (f :: * -> *). Functor f => (a -> f b) -> s -> f t+type Lens_ s t a b = forall (f :: K.Type -> K.Type). Functor f => (a -> f b) -> s -> f t
lib/ORYHydra/LoggingKatip.hs view
@@ -34,11 +34,11 @@ -- * Type Aliases (for compatibility) -- | Runs a Katip logging block with the Log environment-type LogExecWithContext = forall m. P.MonadIO m =>- LogContext -> LogExec m+type LogExecWithContext = forall m a. P.MonadIO m =>+ LogContext -> LogExec m a -- | A Katip logging block-type LogExec m = forall a. LG.KatipT m a -> m a+type LogExec m a = LG.KatipT m a -> m a -- | A Katip Log environment type LogContext = LG.LogEnv@@ -115,4 +115,3 @@ levelDebug :: LogLevel levelDebug = LG.DebugS-
lib/ORYHydra/LoggingMonadLogger.hs view
@@ -24,7 +24,6 @@ import qualified Data.Text as T import qualified Data.Time as TI -import Data.Monoid ((<>)) import Data.Text (Text) import qualified Control.Monad.Logger as LG@@ -32,11 +31,11 @@ -- * Type Aliases (for compatibility) -- | Runs a monad-logger block with the filter predicate-type LogExecWithContext = forall m. P.MonadIO m =>- LogContext -> LogExec m+type LogExecWithContext = forall m a. P.MonadIO m =>+ LogContext -> LogExec m a -- | A monad-logger block-type LogExec m = forall a. LG.LoggingT m a -> m a+type LogExec m a = LG.LoggingT m a -> m a -- | A monad-logger filter predicate type LogContext = LG.LogSource -> LG.LogLevel -> Bool
lib/ORYHydra/Model.hs view
@@ -69,12 +69,18 @@ -- ** All newtype All = All { unAll :: Bool } deriving (P.Eq, P.Show) +-- ** Body+newtype Body = Body { unBody :: [PatchDocument] } deriving (P.Eq, P.Show, A.ToJSON)+ -- ** Client newtype Client = Client { unClient :: Text } deriving (P.Eq, P.Show) -- ** ClientId newtype ClientId = ClientId { unClientId :: Text } deriving (P.Eq, P.Show) +-- ** ClientName+newtype ClientName = ClientName { unClientName :: Text } deriving (P.Eq, P.Show)+ -- ** Code newtype Code = Code { unCode :: Text } deriving (P.Eq, P.Show) @@ -102,6 +108,9 @@ -- ** Offset newtype Offset = Offset { unOffset :: Integer } deriving (P.Eq, P.Show) +-- ** Owner+newtype Owner = Owner { unOwner :: Text } deriving (P.Eq, P.Show)+ -- ** RedirectUri newtype RedirectUri = RedirectUri { unRedirectUri :: Text } deriving (P.Eq, P.Show) @@ -421,50 +430,6 @@ { flushInactiveOAuth2TokensRequestNotAfter = Nothing } --- ** GenericError--- | GenericError--- Error response--- --- Error responses are sent when an error (e.g. unauthorized, bad request, ...) occurred.-data GenericError = GenericError- { genericErrorDebug :: Maybe Text -- ^ "debug" - Debug contains debug information. This is usually not available and has to be enabled.- , genericErrorError :: Text -- ^ /Required/ "error" - Name is the error name.- , genericErrorErrorDescription :: Maybe Text -- ^ "error_description" - Description contains further information on the nature of the error.- , genericErrorStatusCode :: Maybe Integer -- ^ "status_code" - Code represents the error status code (404, 403, 401, ...).- } deriving (P.Show, P.Eq, P.Typeable)---- | FromJSON GenericError-instance A.FromJSON GenericError where- parseJSON = A.withObject "GenericError" $ \o ->- GenericError- <$> (o .:? "debug")- <*> (o .: "error")- <*> (o .:? "error_description")- <*> (o .:? "status_code")---- | ToJSON GenericError-instance A.ToJSON GenericError where- toJSON GenericError {..} =- _omitNulls- [ "debug" .= genericErrorDebug- , "error" .= genericErrorError- , "error_description" .= genericErrorErrorDescription- , "status_code" .= genericErrorStatusCode- ]----- | Construct a value of type 'GenericError' (by applying it's required fields, if any)-mkGenericError- :: Text -- ^ 'genericErrorError': Name is the error name.- -> GenericError-mkGenericError genericErrorError =- GenericError- { genericErrorDebug = Nothing- , genericErrorError- , genericErrorErrorDescription = Nothing- , genericErrorStatusCode = Nothing- }- -- ** HealthNotReadyStatus -- | HealthNotReadyStatus data HealthNotReadyStatus = HealthNotReadyStatus@@ -647,10 +612,53 @@ { jSONWebKeySetKeys = Nothing } +-- ** JsonError+-- | JsonError+-- Generic Error Response+-- +-- Error responses are sent when an error (e.g. unauthorized, bad request, ...) occurred.+data JsonError = JsonError+ { jsonErrorError :: Maybe Text -- ^ "error" - Name is the error name.+ , jsonErrorErrorDebug :: Maybe Text -- ^ "error_debug" - Debug contains debug information. This is usually not available and has to be enabled.+ , jsonErrorErrorDescription :: Maybe Text -- ^ "error_description" - Description contains further information on the nature of the error.+ , jsonErrorStatusCode :: Maybe Integer -- ^ "status_code" - Code represents the error status code (404, 403, 401, ...).+ } deriving (P.Show, P.Eq, P.Typeable)++-- | FromJSON JsonError+instance A.FromJSON JsonError where+ parseJSON = A.withObject "JsonError" $ \o ->+ JsonError+ <$> (o .:? "error")+ <*> (o .:? "error_debug")+ <*> (o .:? "error_description")+ <*> (o .:? "status_code")++-- | ToJSON JsonError+instance A.ToJSON JsonError where+ toJSON JsonError {..} =+ _omitNulls+ [ "error" .= jsonErrorError+ , "error_debug" .= jsonErrorErrorDebug+ , "error_description" .= jsonErrorErrorDescription+ , "status_code" .= jsonErrorStatusCode+ ]+++-- | Construct a value of type 'JsonError' (by applying it's required fields, if any)+mkJsonError+ :: JsonError+mkJsonError =+ JsonError+ { jsonErrorError = Nothing+ , jsonErrorErrorDebug = Nothing+ , jsonErrorErrorDescription = Nothing+ , jsonErrorStatusCode = Nothing+ }+ -- ** JsonWebKeySetGeneratorRequest -- | JsonWebKeySetGeneratorRequest data JsonWebKeySetGeneratorRequest = JsonWebKeySetGeneratorRequest- { jsonWebKeySetGeneratorRequestAlg :: Text -- ^ /Required/ "alg" - The algorithm to be used for creating the key. Supports \"RS256\", \"ES512\", \"HS512\", and \"HS256\"+ { jsonWebKeySetGeneratorRequestAlg :: Text -- ^ /Required/ "alg" - The algorithm to be used for creating the key. Supports \"RS256\", \"ES256\", \"ES512\", \"HS512\", and \"HS256\" , jsonWebKeySetGeneratorRequestKid :: Text -- ^ /Required/ "kid" - The kid of the key to be created , jsonWebKeySetGeneratorRequestUse :: Text -- ^ /Required/ "use" - The \"use\" (public key use) parameter identifies the intended use of the public key. The \"use\" parameter is employed to indicate whether a public key is used for encrypting data or verifying the signature on data. Valid values are \"enc\" and \"sig\". } deriving (P.Show, P.Eq, P.Typeable)@@ -675,7 +683,7 @@ -- | Construct a value of type 'JsonWebKeySetGeneratorRequest' (by applying it's required fields, if any) mkJsonWebKeySetGeneratorRequest- :: Text -- ^ 'jsonWebKeySetGeneratorRequestAlg': The algorithm to be used for creating the key. Supports \"RS256\", \"ES512\", \"HS512\", and \"HS256\"+ :: Text -- ^ 'jsonWebKeySetGeneratorRequestAlg': The algorithm to be used for creating the key. Supports \"RS256\", \"ES256\", \"ES512\", \"HS512\", and \"HS256\" -> Text -- ^ 'jsonWebKeySetGeneratorRequestKid': The kid of the key to be created -> Text -- ^ 'jsonWebKeySetGeneratorRequestUse': The \"use\" (public key use) parameter identifies the intended use of the public key. The \"use\" parameter is employed to indicate whether a public key is used for encrypting data or verifying the signature on data. Valid values are \"enc\" and \"sig\". -> JsonWebKeySetGeneratorRequest@@ -760,7 +768,9 @@ -- Contains information about an ongoing logout request. -- data LogoutRequest = LogoutRequest- { logoutRequestRequestUrl :: Maybe Text -- ^ "request_url" - RequestURL is the original Logout URL requested.+ { logoutRequestChallenge :: Maybe Text -- ^ "challenge" - Challenge is the identifier (\"logout challenge\") of the logout authentication request. It is used to identify the session.+ , logoutRequestClient :: Maybe OAuth2Client -- ^ "client"+ , logoutRequestRequestUrl :: Maybe Text -- ^ "request_url" - RequestURL is the original Logout URL requested. , logoutRequestRpInitiated :: Maybe Bool -- ^ "rp_initiated" - RPInitiated is set to true if the request was initiated by a Relying Party (RP), also known as an OAuth 2.0 Client. , logoutRequestSid :: Maybe Text -- ^ "sid" - SessionID is the login session ID that was requested to log out. , logoutRequestSubject :: Maybe Text -- ^ "subject" - Subject is the user for whom the logout was request.@@ -770,7 +780,9 @@ instance A.FromJSON LogoutRequest where parseJSON = A.withObject "LogoutRequest" $ \o -> LogoutRequest- <$> (o .:? "request_url")+ <$> (o .:? "challenge")+ <*> (o .:? "client")+ <*> (o .:? "request_url") <*> (o .:? "rp_initiated") <*> (o .:? "sid") <*> (o .:? "subject")@@ -779,7 +791,9 @@ instance A.ToJSON LogoutRequest where toJSON LogoutRequest {..} = _omitNulls- [ "request_url" .= logoutRequestRequestUrl+ [ "challenge" .= logoutRequestChallenge+ , "client" .= logoutRequestClient+ , "request_url" .= logoutRequestRequestUrl , "rp_initiated" .= logoutRequestRpInitiated , "sid" .= logoutRequestSid , "subject" .= logoutRequestSubject@@ -791,7 +805,9 @@ :: LogoutRequest mkLogoutRequest = LogoutRequest- { logoutRequestRequestUrl = Nothing+ { logoutRequestChallenge = Nothing+ , logoutRequestClient = Nothing+ , logoutRequestRequestUrl = Nothing , logoutRequestRpInitiated = Nothing , logoutRequestSid = Nothing , logoutRequestSubject = Nothing@@ -1134,6 +1150,49 @@ , openIDConnectContextUiLocales = Nothing } +-- ** PatchDocument+-- | PatchDocument+-- A JSONPatch document as defined by RFC 6902+data PatchDocument = PatchDocument+ { patchDocumentFrom :: Maybe Text -- ^ "from" - A JSON-pointer+ , patchDocumentOp :: Text -- ^ /Required/ "op" - The operation to be performed+ , patchDocumentPath :: Text -- ^ /Required/ "path" - A JSON-pointer+ , patchDocumentValue :: Maybe A.Value -- ^ "value" - The value to be used within the operations+ } deriving (P.Show, P.Eq, P.Typeable)++-- | FromJSON PatchDocument+instance A.FromJSON PatchDocument where+ parseJSON = A.withObject "PatchDocument" $ \o ->+ PatchDocument+ <$> (o .:? "from")+ <*> (o .: "op")+ <*> (o .: "path")+ <*> (o .:? "value")++-- | ToJSON PatchDocument+instance A.ToJSON PatchDocument where+ toJSON PatchDocument {..} =+ _omitNulls+ [ "from" .= patchDocumentFrom+ , "op" .= patchDocumentOp+ , "path" .= patchDocumentPath+ , "value" .= patchDocumentValue+ ]+++-- | Construct a value of type 'PatchDocument' (by applying it's required fields, if any)+mkPatchDocument+ :: Text -- ^ 'patchDocumentOp': The operation to be performed+ -> Text -- ^ 'patchDocumentPath': A JSON-pointer+ -> PatchDocument+mkPatchDocument patchDocumentOp patchDocumentPath =+ PatchDocument+ { patchDocumentFrom = Nothing+ , patchDocumentOp+ , patchDocumentPath+ , patchDocumentValue = Nothing+ }+ -- ** PluginConfig -- | PluginConfig -- PluginConfig The config of a plugin.@@ -1808,6 +1867,37 @@ , rejectRequestStatusCode = Nothing } +-- ** RequestWasHandledResponse+-- | RequestWasHandledResponse+-- The response payload sent when there is an attempt to access already handled request.+-- +data RequestWasHandledResponse = RequestWasHandledResponse+ { requestWasHandledResponseRedirectTo :: Text -- ^ /Required/ "redirect_to" - Original request URL to which you should redirect the user if request was already handled.+ } deriving (P.Show, P.Eq, P.Typeable)++-- | FromJSON RequestWasHandledResponse+instance A.FromJSON RequestWasHandledResponse where+ parseJSON = A.withObject "RequestWasHandledResponse" $ \o ->+ RequestWasHandledResponse+ <$> (o .: "redirect_to")++-- | ToJSON RequestWasHandledResponse+instance A.ToJSON RequestWasHandledResponse where+ toJSON RequestWasHandledResponse {..} =+ _omitNulls+ [ "redirect_to" .= requestWasHandledResponseRedirectTo+ ]+++-- | Construct a value of type 'RequestWasHandledResponse' (by applying it's required fields, if any)+mkRequestWasHandledResponse+ :: Text -- ^ 'requestWasHandledResponseRedirectTo': Original request URL to which you should redirect the user if request was already handled.+ -> RequestWasHandledResponse+mkRequestWasHandledResponse requestWasHandledResponseRedirectTo =+ RequestWasHandledResponse+ { requestWasHandledResponseRedirectTo+ }+ -- ** UserinfoResponse -- | UserinfoResponse -- The userinfo response@@ -1937,6 +2027,73 @@ { versionVersion = Nothing } +-- ** Volume+-- | Volume+-- Volume volume+data Volume = Volume+ { volumeCreatedAt :: Maybe Text -- ^ "CreatedAt" - Date/Time the volume was created.+ , volumeDriver :: Text -- ^ /Required/ "Driver" - Name of the volume driver used by the volume.+ , volumeLabels :: (Map.Map String Text) -- ^ /Required/ "Labels" - User-defined key/value metadata.+ , volumeMountpoint :: Text -- ^ /Required/ "Mountpoint" - Mount path of the volume on the host.+ , volumeName :: Text -- ^ /Required/ "Name" - Name of the volume.+ , volumeOptions :: (Map.Map String Text) -- ^ /Required/ "Options" - The driver specific options used when creating the volume.+ , volumeScope :: Text -- ^ /Required/ "Scope" - The level at which the volume exists. Either `global` for cluster-wide, or `local` for machine level.+ , volumeStatus :: Maybe A.Value -- ^ "Status" - Low-level details about the volume, provided by the volume driver. Details are returned as a map with key/value pairs: `{\"key\":\"value\",\"key2\":\"value2\"}`. The `Status` field is optional, and is omitted if the volume driver does not support this feature.+ , volumeUsageData :: Maybe VolumeUsageData -- ^ "UsageData"+ } deriving (P.Show, P.Eq, P.Typeable)++-- | FromJSON Volume+instance A.FromJSON Volume where+ parseJSON = A.withObject "Volume" $ \o ->+ Volume+ <$> (o .:? "CreatedAt")+ <*> (o .: "Driver")+ <*> (o .: "Labels")+ <*> (o .: "Mountpoint")+ <*> (o .: "Name")+ <*> (o .: "Options")+ <*> (o .: "Scope")+ <*> (o .:? "Status")+ <*> (o .:? "UsageData")++-- | ToJSON Volume+instance A.ToJSON Volume where+ toJSON Volume {..} =+ _omitNulls+ [ "CreatedAt" .= volumeCreatedAt+ , "Driver" .= volumeDriver+ , "Labels" .= volumeLabels+ , "Mountpoint" .= volumeMountpoint+ , "Name" .= volumeName+ , "Options" .= volumeOptions+ , "Scope" .= volumeScope+ , "Status" .= volumeStatus+ , "UsageData" .= volumeUsageData+ ]+++-- | Construct a value of type 'Volume' (by applying it's required fields, if any)+mkVolume+ :: Text -- ^ 'volumeDriver': Name of the volume driver used by the volume.+ -> (Map.Map String Text) -- ^ 'volumeLabels': User-defined key/value metadata.+ -> Text -- ^ 'volumeMountpoint': Mount path of the volume on the host.+ -> Text -- ^ 'volumeName': Name of the volume.+ -> (Map.Map String Text) -- ^ 'volumeOptions': The driver specific options used when creating the volume.+ -> Text -- ^ 'volumeScope': The level at which the volume exists. Either `global` for cluster-wide, or `local` for machine level.+ -> Volume+mkVolume volumeDriver volumeLabels volumeMountpoint volumeName volumeOptions volumeScope =+ Volume+ { volumeCreatedAt = Nothing+ , volumeDriver+ , volumeLabels+ , volumeMountpoint+ , volumeName+ , volumeOptions+ , volumeScope+ , volumeStatus = Nothing+ , volumeUsageData = Nothing+ }+ -- ** VolumeUsageData -- | VolumeUsageData -- VolumeUsageData Usage details about the volume. This information is used by the `GET /system/df` endpoint, and omitted in other endpoints.@@ -1983,6 +2140,7 @@ , wellKnownBackchannelLogoutSupported :: Maybe Bool -- ^ "backchannel_logout_supported" - Boolean value specifying whether the OP supports back-channel logout, with true indicating support. , wellKnownClaimsParameterSupported :: Maybe Bool -- ^ "claims_parameter_supported" - Boolean value specifying whether the OP supports use of the claims parameter, with true indicating support. , wellKnownClaimsSupported :: Maybe [Text] -- ^ "claims_supported" - JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply values for. Note that for privacy or other reasons, this might not be an exhaustive list.+ , wellKnownCodeChallengeMethodsSupported :: Maybe [Text] -- ^ "code_challenge_methods_supported" - JSON array containing a list of Proof Key for Code Exchange (PKCE) [RFC7636] code challenge methods supported by this authorization server. , wellKnownEndSessionEndpoint :: Maybe Text -- ^ "end_session_endpoint" - URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP. , wellKnownFrontchannelLogoutSessionSupported :: Maybe Bool -- ^ "frontchannel_logout_session_supported" - Boolean value specifying whether the OP can pass iss (issuer) and sid (session ID) query parameters to identify the RP session with the OP when the frontchannel_logout_uri is used. If supported, the sid Claim is also included in ID Tokens issued by the OP. , wellKnownFrontchannelLogoutSupported :: Maybe Bool -- ^ "frontchannel_logout_supported" - Boolean value specifying whether the OP supports HTTP-based logout, with true indicating support.@@ -2015,6 +2173,7 @@ <*> (o .:? "backchannel_logout_supported") <*> (o .:? "claims_parameter_supported") <*> (o .:? "claims_supported")+ <*> (o .:? "code_challenge_methods_supported") <*> (o .:? "end_session_endpoint") <*> (o .:? "frontchannel_logout_session_supported") <*> (o .:? "frontchannel_logout_supported")@@ -2046,6 +2205,7 @@ , "backchannel_logout_supported" .= wellKnownBackchannelLogoutSupported , "claims_parameter_supported" .= wellKnownClaimsParameterSupported , "claims_supported" .= wellKnownClaimsSupported+ , "code_challenge_methods_supported" .= wellKnownCodeChallengeMethodsSupported , "end_session_endpoint" .= wellKnownEndSessionEndpoint , "frontchannel_logout_session_supported" .= wellKnownFrontchannelLogoutSessionSupported , "frontchannel_logout_supported" .= wellKnownFrontchannelLogoutSupported@@ -2087,6 +2247,7 @@ , wellKnownBackchannelLogoutSupported = Nothing , wellKnownClaimsParameterSupported = Nothing , wellKnownClaimsSupported = Nothing+ , wellKnownCodeChallengeMethodsSupported = Nothing , wellKnownEndSessionEndpoint = Nothing , wellKnownFrontchannelLogoutSessionSupported = Nothing , wellKnownFrontchannelLogoutSupported = Nothing@@ -2138,7 +2299,7 @@ applyAuthMethod _ a@(AuthOAuthOauth2 secret) req = P.pure $ if (P.typeOf a `P.elem` rAuthTypes req)- then req `setHeader` toHeader ("Authorization", "Bearer " <> secret) + then req `setHeader` toHeader ("Authorization", "Bearer " <> secret) & L.over rAuthTypesL (P.filter (/= P.typeOf a)) else req
lib/ORYHydra/ModelLens.hs view
@@ -209,30 +209,6 @@ --- * GenericError---- | 'genericErrorDebug' Lens-genericErrorDebugL :: Lens_' GenericError (Maybe Text)-genericErrorDebugL f GenericError{..} = (\genericErrorDebug -> GenericError { genericErrorDebug, ..} ) <$> f genericErrorDebug-{-# INLINE genericErrorDebugL #-}---- | 'genericErrorError' Lens-genericErrorErrorL :: Lens_' GenericError (Text)-genericErrorErrorL f GenericError{..} = (\genericErrorError -> GenericError { genericErrorError, ..} ) <$> f genericErrorError-{-# INLINE genericErrorErrorL #-}---- | 'genericErrorErrorDescription' Lens-genericErrorErrorDescriptionL :: Lens_' GenericError (Maybe Text)-genericErrorErrorDescriptionL f GenericError{..} = (\genericErrorErrorDescription -> GenericError { genericErrorErrorDescription, ..} ) <$> f genericErrorErrorDescription-{-# INLINE genericErrorErrorDescriptionL #-}---- | 'genericErrorStatusCode' Lens-genericErrorStatusCodeL :: Lens_' GenericError (Maybe Integer)-genericErrorStatusCodeL f GenericError{..} = (\genericErrorStatusCode -> GenericError { genericErrorStatusCode, ..} ) <$> f genericErrorStatusCode-{-# INLINE genericErrorStatusCodeL #-}--- -- * HealthNotReadyStatus -- | 'healthNotReadyStatusErrors' Lens@@ -349,6 +325,30 @@ +-- * JsonError++-- | 'jsonErrorError' Lens+jsonErrorErrorL :: Lens_' JsonError (Maybe Text)+jsonErrorErrorL f JsonError{..} = (\jsonErrorError -> JsonError { jsonErrorError, ..} ) <$> f jsonErrorError+{-# INLINE jsonErrorErrorL #-}++-- | 'jsonErrorErrorDebug' Lens+jsonErrorErrorDebugL :: Lens_' JsonError (Maybe Text)+jsonErrorErrorDebugL f JsonError{..} = (\jsonErrorErrorDebug -> JsonError { jsonErrorErrorDebug, ..} ) <$> f jsonErrorErrorDebug+{-# INLINE jsonErrorErrorDebugL #-}++-- | 'jsonErrorErrorDescription' Lens+jsonErrorErrorDescriptionL :: Lens_' JsonError (Maybe Text)+jsonErrorErrorDescriptionL f JsonError{..} = (\jsonErrorErrorDescription -> JsonError { jsonErrorErrorDescription, ..} ) <$> f jsonErrorErrorDescription+{-# INLINE jsonErrorErrorDescriptionL #-}++-- | 'jsonErrorStatusCode' Lens+jsonErrorStatusCodeL :: Lens_' JsonError (Maybe Integer)+jsonErrorStatusCodeL f JsonError{..} = (\jsonErrorStatusCode -> JsonError { jsonErrorStatusCode, ..} ) <$> f jsonErrorStatusCode+{-# INLINE jsonErrorStatusCodeL #-}+++ -- * JsonWebKeySetGeneratorRequest -- | 'jsonWebKeySetGeneratorRequestAlg' Lens@@ -419,6 +419,16 @@ -- * LogoutRequest +-- | 'logoutRequestChallenge' Lens+logoutRequestChallengeL :: Lens_' LogoutRequest (Maybe Text)+logoutRequestChallengeL f LogoutRequest{..} = (\logoutRequestChallenge -> LogoutRequest { logoutRequestChallenge, ..} ) <$> f logoutRequestChallenge+{-# INLINE logoutRequestChallengeL #-}++-- | 'logoutRequestClient' Lens+logoutRequestClientL :: Lens_' LogoutRequest (Maybe OAuth2Client)+logoutRequestClientL f LogoutRequest{..} = (\logoutRequestClient -> LogoutRequest { logoutRequestClient, ..} ) <$> f logoutRequestClient+{-# INLINE logoutRequestClientL #-}+ -- | 'logoutRequestRequestUrl' Lens logoutRequestRequestUrlL :: Lens_' LogoutRequest (Maybe Text) logoutRequestRequestUrlL f LogoutRequest{..} = (\logoutRequestRequestUrl -> LogoutRequest { logoutRequestRequestUrl, ..} ) <$> f logoutRequestRequestUrl@@ -747,6 +757,30 @@ +-- * PatchDocument++-- | 'patchDocumentFrom' Lens+patchDocumentFromL :: Lens_' PatchDocument (Maybe Text)+patchDocumentFromL f PatchDocument{..} = (\patchDocumentFrom -> PatchDocument { patchDocumentFrom, ..} ) <$> f patchDocumentFrom+{-# INLINE patchDocumentFromL #-}++-- | 'patchDocumentOp' Lens+patchDocumentOpL :: Lens_' PatchDocument (Text)+patchDocumentOpL f PatchDocument{..} = (\patchDocumentOp -> PatchDocument { patchDocumentOp, ..} ) <$> f patchDocumentOp+{-# INLINE patchDocumentOpL #-}++-- | 'patchDocumentPath' Lens+patchDocumentPathL :: Lens_' PatchDocument (Text)+patchDocumentPathL f PatchDocument{..} = (\patchDocumentPath -> PatchDocument { patchDocumentPath, ..} ) <$> f patchDocumentPath+{-# INLINE patchDocumentPathL #-}++-- | 'patchDocumentValue' Lens+patchDocumentValueL :: Lens_' PatchDocument (Maybe A.Value)+patchDocumentValueL f PatchDocument{..} = (\patchDocumentValue -> PatchDocument { patchDocumentValue, ..} ) <$> f patchDocumentValue+{-# INLINE patchDocumentValueL #-}+++ -- * PluginConfig -- | 'pluginConfigArgs' Lens@@ -1123,6 +1157,15 @@ +-- * RequestWasHandledResponse++-- | 'requestWasHandledResponseRedirectTo' Lens+requestWasHandledResponseRedirectToL :: Lens_' RequestWasHandledResponse (Text)+requestWasHandledResponseRedirectToL f RequestWasHandledResponse{..} = (\requestWasHandledResponseRedirectTo -> RequestWasHandledResponse { requestWasHandledResponseRedirectTo, ..} ) <$> f requestWasHandledResponseRedirectTo+{-# INLINE requestWasHandledResponseRedirectToL #-}+++ -- * UserinfoResponse -- | 'userinfoResponseBirthdate' Lens@@ -1231,6 +1274,55 @@ +-- * Volume++-- | 'volumeCreatedAt' Lens+volumeCreatedAtL :: Lens_' Volume (Maybe Text)+volumeCreatedAtL f Volume{..} = (\volumeCreatedAt -> Volume { volumeCreatedAt, ..} ) <$> f volumeCreatedAt+{-# INLINE volumeCreatedAtL #-}++-- | 'volumeDriver' Lens+volumeDriverL :: Lens_' Volume (Text)+volumeDriverL f Volume{..} = (\volumeDriver -> Volume { volumeDriver, ..} ) <$> f volumeDriver+{-# INLINE volumeDriverL #-}++-- | 'volumeLabels' Lens+volumeLabelsL :: Lens_' Volume ((Map.Map String Text))+volumeLabelsL f Volume{..} = (\volumeLabels -> Volume { volumeLabels, ..} ) <$> f volumeLabels+{-# INLINE volumeLabelsL #-}++-- | 'volumeMountpoint' Lens+volumeMountpointL :: Lens_' Volume (Text)+volumeMountpointL f Volume{..} = (\volumeMountpoint -> Volume { volumeMountpoint, ..} ) <$> f volumeMountpoint+{-# INLINE volumeMountpointL #-}++-- | 'volumeName' Lens+volumeNameL :: Lens_' Volume (Text)+volumeNameL f Volume{..} = (\volumeName -> Volume { volumeName, ..} ) <$> f volumeName+{-# INLINE volumeNameL #-}++-- | 'volumeOptions' Lens+volumeOptionsL :: Lens_' Volume ((Map.Map String Text))+volumeOptionsL f Volume{..} = (\volumeOptions -> Volume { volumeOptions, ..} ) <$> f volumeOptions+{-# INLINE volumeOptionsL #-}++-- | 'volumeScope' Lens+volumeScopeL :: Lens_' Volume (Text)+volumeScopeL f Volume{..} = (\volumeScope -> Volume { volumeScope, ..} ) <$> f volumeScope+{-# INLINE volumeScopeL #-}++-- | 'volumeStatus' Lens+volumeStatusL :: Lens_' Volume (Maybe A.Value)+volumeStatusL f Volume{..} = (\volumeStatus -> Volume { volumeStatus, ..} ) <$> f volumeStatus+{-# INLINE volumeStatusL #-}++-- | 'volumeUsageData' Lens+volumeUsageDataL :: Lens_' Volume (Maybe VolumeUsageData)+volumeUsageDataL f Volume{..} = (\volumeUsageData -> Volume { volumeUsageData, ..} ) <$> f volumeUsageData+{-# INLINE volumeUsageDataL #-}+++ -- * VolumeUsageData -- | 'volumeUsageDataRefCount' Lens@@ -1271,6 +1363,11 @@ wellKnownClaimsSupportedL :: Lens_' WellKnown (Maybe [Text]) wellKnownClaimsSupportedL f WellKnown{..} = (\wellKnownClaimsSupported -> WellKnown { wellKnownClaimsSupported, ..} ) <$> f wellKnownClaimsSupported {-# INLINE wellKnownClaimsSupportedL #-}++-- | 'wellKnownCodeChallengeMethodsSupported' Lens+wellKnownCodeChallengeMethodsSupportedL :: Lens_' WellKnown (Maybe [Text])+wellKnownCodeChallengeMethodsSupportedL f WellKnown{..} = (\wellKnownCodeChallengeMethodsSupported -> WellKnown { wellKnownCodeChallengeMethodsSupported, ..} ) <$> f wellKnownCodeChallengeMethodsSupported+{-# INLINE wellKnownCodeChallengeMethodsSupportedL #-} -- | 'wellKnownEndSessionEndpoint' Lens wellKnownEndSessionEndpointL :: Lens_' WellKnown (Maybe Text)
openapi.yaml view
@@ -25,8 +25,8 @@ content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError summary: JSON Web Keys Discovery tags: - public@@ -51,14 +51,14 @@ content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "500": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError summary: OpenID Connect Discovery tags: - public@@ -72,7 +72,8 @@ Multiple links can be included in this header, and will be separated by a comma. operationId: listOAuth2Clients parameters:- - description: The maximum amount of policies returned, upper bound is 500 policies+ - description: The maximum amount of clients to returned, upper bound is 500+ clients. in: query name: limit schema:@@ -84,6 +85,16 @@ schema: format: int64 type: integer+ - description: The name of the clients to filter by.+ in: query+ name: client_name+ schema:+ type: string+ - description: The owner of the clients to filter by.+ in: query+ name: owner+ schema:+ type: string responses: "200": content:@@ -97,8 +108,8 @@ content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError summary: List OAuth 2.0 Clients tags: - admin@@ -125,20 +136,20 @@ content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "409": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "500": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError summary: Create an OAuth 2.0 Client tags: - admin@@ -167,14 +178,14 @@ content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "500": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError summary: Deletes an OAuth 2.0 Client tags: - admin@@ -202,17 +213,52 @@ content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "500": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError summary: Get an OAuth 2.0 Client. tags: - admin+ patch:+ description: |-+ Patch an existing OAuth 2.0 Client. If you pass `client_secret` the secret will be updated and returned via the API. This is the only time you will be able to retrieve the client secret, so write it down and keep it safe.++ OAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are generated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities. To manage ORY Hydra, you will need an OAuth 2.0 Client as well. Make sure that this endpoint is well protected and only callable by first-party components.+ operationId: patchOAuth2Client+ parameters:+ - in: path+ name: id+ required: true+ schema:+ type: string+ requestBody:+ content:+ application/json:+ schema:+ $ref: '#/components/schemas/patchRequest'+ required: true+ responses:+ "200":+ content:+ application/json:+ schema:+ $ref: '#/components/schemas/oAuth2Client'+ description: oAuth2Client+ "500":+ content:+ application/json:+ schema:+ $ref: '#/components/schemas/jsonError'+ description: jsonError+ summary: Patch an OAuth 2.0 Client+ tags:+ - admin+ x-codegen-request-body-name: Body put: description: |- Update an existing OAuth 2.0 Client. If you pass `client_secret` the secret will be updated and returned via the API. This is the only time you will be able to retrieve the client secret, so write it down and keep it safe.@@ -242,8 +288,8 @@ content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError summary: Update an OAuth 2.0 Client tags: - admin@@ -271,8 +317,8 @@ content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError summary: Check Alive Status tags: - admin@@ -328,20 +374,20 @@ content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "403": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "500": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError summary: Delete a JSON Web Key Set tags: - admin@@ -369,20 +415,20 @@ content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "403": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "500": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError summary: Retrieve a JSON Web Key Set tags: - admin@@ -416,20 +462,20 @@ content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "403": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "500": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError summary: Generate a New JSON Web Key tags: - admin@@ -464,20 +510,20 @@ content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "403": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "500": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError summary: Update a JSON Web Key Set tags: - admin@@ -512,20 +558,20 @@ content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "403": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "500": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError summary: Delete a JSON Web Key tags: - admin@@ -557,14 +603,14 @@ content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "500": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError summary: Fetch a JSON Web Key tags: - admin@@ -604,20 +650,20 @@ content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "403": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "500": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError summary: Update a JSON Web Key tags: - admin@@ -625,17 +671,12 @@ /metrics/prometheus: get: description: |-- If you're using k8s, you can then add annotations to your deployment like so:- ``` metadata: annotations:- prometheus.io/port: "4445"+ prometheus.io/port: "4434" prometheus.io/path: "/metrics/prometheus" ```-- If the service supports TLS Edge Termination, this endpoint does not require the- `X-Forwarded-Proto` header to be set. operationId: prometheus responses: "200":@@ -643,9 +684,11 @@ description: |- Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is typically 201.- summary: Get Snapshot Metrics from the Hydra Service.+ summary: |-+ Get snapshot metrics from the service. If you're using k8s, you can then add annotations to+ your deployment like so: tags:- - admin+ - metadata /oauth2/auth: get: description: |-@@ -664,14 +707,14 @@ content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "500": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError summary: The OAuth 2.0 Authorize Endpoint tags: - public@@ -706,20 +749,20 @@ content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError- "409":+ $ref: '#/components/schemas/jsonError'+ description: jsonError+ "410": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/requestWasHandledResponse'+ description: requestWasHandledResponse "500": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError summary: Get Consent Request Information tags: - admin@@ -766,14 +809,14 @@ content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "500": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError summary: Accept a Consent Request tags: - admin@@ -820,14 +863,14 @@ content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "500": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError summary: Reject a Consent Request tags: - admin@@ -860,26 +903,26 @@ content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "404": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError- "409":+ $ref: '#/components/schemas/jsonError'+ description: jsonError+ "410": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/requestWasHandledResponse'+ description: requestWasHandledResponse "500": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError summary: Get a Login Request tags: - admin@@ -923,26 +966,26 @@ content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "401": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "404": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "500": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError summary: Accept a Login Request tags: - admin@@ -986,26 +1029,26 @@ content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "401": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "404": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "500": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError summary: Reject a Login Request tags: - admin@@ -1031,14 +1074,20 @@ content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError+ "410":+ content:+ application/json:+ schema:+ $ref: '#/components/schemas/requestWasHandledResponse'+ description: requestWasHandledResponse "500": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError summary: Get a Logout Request tags: - admin@@ -1067,14 +1116,14 @@ content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "500": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError summary: Accept a Logout Request tags: - admin@@ -1111,14 +1160,14 @@ content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "500": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError summary: Reject a Logout Request tags: - admin@@ -1158,20 +1207,14 @@ content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError- "404":- content:- application/json:- schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "500": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError summary: Revokes Consent Sessions of a Subject for a Specific OAuth 2.0 Client tags: - admin@@ -1204,14 +1247,14 @@ content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "500": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError summary: Lists All Consent Sessions of a Subject tags: - admin@@ -1238,20 +1281,14 @@ content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError- "404":- content:- application/json:- schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "500": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError summary: |- Invalidates All Login Sessions of a Certain User Invalidates a Subject's Authentication Session@@ -1280,14 +1317,14 @@ content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "500": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError summary: Flush Expired OAuth2 Access Tokens tags: - admin@@ -1332,14 +1369,14 @@ content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "500": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError summary: Introspect OAuth2 Tokens tags: - admin@@ -1371,14 +1408,14 @@ content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "500": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError security: - basic: [] - oauth2: []@@ -1443,20 +1480,20 @@ content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "401": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "500": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError security: - basic: [] - oauth2: []@@ -1484,14 +1521,14 @@ content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "500": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError summary: Delete OAuth2 Access Tokens from a Client tags: - admin@@ -1502,6 +1539,10 @@ the provided OAuth 2.0 Access Token. For more information please [refer to the spec](http://openid.net/specs/openid-connect-core-1_0.html#UserInfo).++ In the case of authentication error, a WWW-Authenticate header might be set in the response+ with more information about the error. See [the spec](https://datatracker.ietf.org/doc/html/rfc6750#section-3)+ for more details about header format. operationId: userinfo responses: "200":@@ -1514,14 +1555,14 @@ content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError "500": content: application/json: schema:- $ref: '#/components/schemas/genericError'- description: genericError+ $ref: '#/components/schemas/jsonError'+ description: jsonError security: - oauth2: [] summary: OpenID Connect Userinfo@@ -1738,10 +1779,6 @@ type: object JoseJSONWebKeySet: type: object- NullTime:- format: date-time- title: NullTime implements sql.NullTime functionality.- type: string PluginConfig: properties: Args:@@ -2161,6 +2198,56 @@ type: string title: StringSlicePipeDelimiter de/encodes the string slice to/from a SQL string. type: array+ Volume:+ description: Volume volume+ properties:+ CreatedAt:+ description: Date/Time the volume was created.+ type: string+ Driver:+ description: Name of the volume driver used by the volume.+ type: string+ Labels:+ additionalProperties:+ type: string+ description: User-defined key/value metadata.+ type: object+ Mountpoint:+ description: Mount path of the volume on the host.+ type: string+ Name:+ description: Name of the volume.+ type: string+ Options:+ additionalProperties:+ type: string+ description: The driver specific options used when creating the volume.+ type: object+ Scope:+ description: |-+ The level at which the volume exists. Either `global` for cluster-wide,+ or `local` for machine level.+ type: string+ Status:+ description: |-+ Low-level details about the volume, provided by the volume driver.+ Details are returned as a map with key/value pairs:+ `{"key":"value","key2":"value2"}`.++ The `Status` field is optional, and is omitted if the volume driver+ does not support this feature.+ properties: {}+ type: object+ UsageData:+ $ref: '#/components/schemas/VolumeUsageData'+ required:+ - Driver+ - Labels+ - Mountpoint+ - Name+ - Options+ - Scope+ type: object VolumeUsageData: description: |- VolumeUsageData Usage details about the volume. This information is used by the@@ -2450,19 +2537,36 @@ format: date-time type: string type: object- genericError:+ healthNotReadyStatus:+ properties:+ errors:+ additionalProperties:+ type: string+ description: Errors contains a list of errors that caused the not ready+ status.+ type: object+ type: object+ healthStatus:+ example:+ status: status+ properties:+ status:+ description: Status always contains "ok".+ type: string+ type: object+ jsonError: description: Error responses are sent when an error (e.g. unauthorized, bad request, ...) occurred. properties:- debug:- description: Debug contains debug information. This is usually not available- and has to be enabled.- example: The database adapter was unable to find the element- type: string error: description: Name is the error name. example: The requested resource could not be found type: string+ error_debug:+ description: Debug contains debug information. This is usually not available+ and has to be enabled.+ example: The database adapter was unable to find the element+ type: string error_description: description: Description contains further information on the nature of the error.@@ -2473,32 +2577,13 @@ example: 404 format: int64 type: integer- required:- - error- title: Error response- type: object- healthNotReadyStatus:- properties:- errors:- additionalProperties:- type: string- description: Errors contains a list of errors that caused the not ready- status.- type: object- type: object- healthStatus:- example:- status: status- properties:- status:- description: Status always contains "ok".- type: string+ title: Generic Error Response type: object jsonWebKeySetGeneratorRequest: properties: alg: description: The algorithm to be used for creating the key. Supports "RS256",- "ES512", "HS512", and "HS256"+ "ES256", "ES512", "HS512", and "HS256" type: string kid: description: The kid of the key to be created@@ -2649,10 +2734,68 @@ logoutRequest: example: subject: subject+ challenge: challenge+ client:+ metadata: '{}'+ token_endpoint_auth_signing_alg: token_endpoint_auth_signing_alg+ client_uri: client_uri+ jwks: '{}'+ logo_uri: logo_uri+ created_at: 2000-01-23T04:56:07.000+00:00+ allowed_cors_origins:+ - allowed_cors_origins+ - allowed_cors_origins+ client_id: client_id+ token_endpoint_auth_method: token_endpoint_auth_method+ userinfo_signed_response_alg: userinfo_signed_response_alg+ updated_at: 2000-01-23T04:56:07.000+00:00+ scope: scope+ request_uris:+ - request_uris+ - request_uris+ client_secret: client_secret+ backchannel_logout_session_required: true+ backchannel_logout_uri: backchannel_logout_uri+ client_name: client_name+ policy_uri: policy_uri+ owner: owner+ audience:+ - audience+ - audience+ post_logout_redirect_uris:+ - post_logout_redirect_uris+ - post_logout_redirect_uris+ grant_types:+ - grant_types+ - grant_types+ subject_type: subject_type+ redirect_uris:+ - redirect_uris+ - redirect_uris+ sector_identifier_uri: sector_identifier_uri+ frontchannel_logout_session_required: true+ frontchannel_logout_uri: frontchannel_logout_uri+ client_secret_expires_at: 0+ jwks_uri: jwks_uri+ request_object_signing_alg: request_object_signing_alg+ tos_uri: tos_uri+ contacts:+ - contacts+ - contacts+ response_types:+ - response_types+ - response_types rp_initiated: true request_url: request_url sid: sid properties:+ challenge:+ description: |-+ Challenge is the identifier ("logout challenge") of the logout authentication request. It is used to+ identify the session.+ type: string+ client:+ $ref: '#/components/schemas/oAuth2Client' request_url: description: RequestURL is the original Logout URL requested. type: string@@ -2669,6 +2812,10 @@ type: string title: Contains information about an ongoing logout request. type: object+ nullTime:+ format: date-time+ title: NullTime implements sql.NullTime functionality.+ type: string oAuth2Client: example: metadata: '{}'@@ -3094,6 +3241,33 @@ type: array title: Contains optional information about the OpenID Connect request. type: object+ patchDocument:+ description: A JSONPatch document as defined by RFC 6902+ properties:+ from:+ description: A JSON-pointer+ type: string+ op:+ description: The operation to be performed+ example: '"replace"'+ type: string+ path:+ description: A JSON-pointer+ example: '"/name"'+ type: string+ value:+ description: The value to be used within the operations+ properties: {}+ type: object+ required:+ - op+ - path+ type: object+ patchRequest:+ description: A JSONPatch request+ items:+ $ref: '#/components/schemas/patchDocument'+ type: array rejectRequest: properties: error:@@ -3122,6 +3296,17 @@ type: integer title: The request payload used to accept a login or consent request. type: object+ requestWasHandledResponse:+ properties:+ redirect_to:+ description: Original request URL to which you should redirect the user+ if request was already handled.+ type: string+ required:+ - redirect_to+ title: The response payload sent when there is an attempt to access already+ handled request.+ type: object userinfoResponse: description: The userinfo response example:@@ -3305,6 +3490,9 @@ userinfo_endpoint: userinfo_endpoint frontchannel_logout_supported: true require_request_uri_registration: true+ code_challenge_methods_supported:+ - code_challenge_methods_supported+ - code_challenge_methods_supported frontchannel_logout_session_supported: true jwks_uri: https://playground.ory.sh/ory-hydra/public/.well-known/jwks.json subject_types_supported:@@ -3339,6 +3527,13 @@ description: |- JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply values for. Note that for privacy or other reasons, this might not be an exhaustive list.+ items:+ type: string+ type: array+ code_challenge_methods_supported:+ description: |-+ JSON array containing a list of Proof Key for Code Exchange (PKCE) [RFC7636] code challenge methods supported+ by this authorization server. items: type: string type: array
ory-hydra-client.cabal view
@@ -1,6 +1,6 @@ name: ory-hydra-client-version: 1.9.2-synopsis: Auto-generated ory-hydra API Client+version: 1.10+synopsis: Auto-generated ory-hydra-client API Client description: . Client library for calling the ORY Hydra API based on http-client. .@@ -8,12 +8,12 @@ . base path: http://localhost .- ORY Hydra API version: 1.9.2+ ORY Hydra API version: 1.10 . OpenAPI version: 3.0.1 . category: Web, OAuth, Network-homepage: https://github.com/lykahb/ory-hydra+homepage: https://github.com/lykahb/ory-hydra-client author: Boris Lykah maintainer: lykahb@gmail.com copyright: 2021 - Boris Lykah, Mercury@@ -39,18 +39,18 @@ aeson >=1.0 && <2.0 , base >=4.7 && <5.0 , base64-bytestring >1.0 && <2.0- , bytestring >=0.10.0 && <0.11+ , bytestring >=0.10.0 , case-insensitive , containers >=0.5.0.0 && <0.8 , deepseq >= 1.4 && <1.6 , exceptions >= 0.4 , http-api-data >= 0.3.4 && <0.5- , http-client >=0.5 && <0.7+ , http-client >=0.5 && <0.8 , http-client-tls , http-media >= 0.4 && < 0.9 , http-types >=0.8 && <0.13 , iso8601-time >=0.1.3 && <0.2.0- , microlens >= 0.4.3 && <0.5+ , microlens >= 0.4.3 , mtl >=2.2.1 , network >=2.6.2 && <3.9 , random >=1.1@@ -65,6 +65,7 @@ exposed-modules: ORYHydra ORYHydra.API.Admin+ ORYHydra.API.Metadata ORYHydra.API.Public ORYHydra.Client ORYHydra.Core@@ -94,7 +95,7 @@ , QuickCheck , aeson , base >=4.7 && <5.0- , bytestring >=0.10.0 && <0.11+ , bytestring >=0.10.0 , containers , hspec >=1.8 , iso8601-time
tests/Instances.hs view
@@ -71,7 +71,7 @@ sizedObject n = liftM (A.object . map mapF) $ replicateM n $ (,) <$> (arbitrary :: Gen String) <*> simpleAndArrays- + -- | Checks if a given list has no duplicates in _O(n log n)_. hasNoDups :: (Ord a)@@ -86,7 +86,7 @@ instance ApproxEq TI.Day where (=~) = (==)- + arbitraryReduced :: Arbitrary a => Int -> Gen a arbitraryReduced n = resize (n `div` 2) arbitrary @@ -103,7 +103,7 @@ else return generated -- * Models- + instance Arbitrary AcceptConsentRequest where arbitrary = sized genAcceptConsentRequest @@ -182,17 +182,6 @@ FlushInactiveOAuth2TokensRequest <$> arbitraryReducedMaybe n -- flushInactiveOAuth2TokensRequestNotAfter :: Maybe DateTime -instance Arbitrary GenericError where- arbitrary = sized genGenericError--genGenericError :: Int -> Gen GenericError-genGenericError n =- GenericError- <$> arbitraryReducedMaybe n -- genericErrorDebug :: Maybe Text- <*> arbitrary -- genericErrorError :: Text- <*> arbitraryReducedMaybe n -- genericErrorErrorDescription :: Maybe Text- <*> arbitraryReducedMaybe n -- genericErrorStatusCode :: Maybe Integer- instance Arbitrary HealthNotReadyStatus where arbitrary = sized genHealthNotReadyStatus @@ -241,6 +230,17 @@ JSONWebKeySet <$> arbitraryReducedMaybe n -- jSONWebKeySetKeys :: Maybe [JSONWebKey] +instance Arbitrary JsonError where+ arbitrary = sized genJsonError++genJsonError :: Int -> Gen JsonError+genJsonError n =+ JsonError+ <$> arbitraryReducedMaybe n -- jsonErrorError :: Maybe Text+ <*> arbitraryReducedMaybe n -- jsonErrorErrorDebug :: Maybe Text+ <*> arbitraryReducedMaybe n -- jsonErrorErrorDescription :: Maybe Text+ <*> arbitraryReducedMaybe n -- jsonErrorStatusCode :: Maybe Integer+ instance Arbitrary JsonWebKeySetGeneratorRequest where arbitrary = sized genJsonWebKeySetGeneratorRequest @@ -273,7 +273,9 @@ genLogoutRequest :: Int -> Gen LogoutRequest genLogoutRequest n = LogoutRequest- <$> arbitraryReducedMaybe n -- logoutRequestRequestUrl :: Maybe Text+ <$> arbitraryReducedMaybe n -- logoutRequestChallenge :: Maybe Text+ <*> arbitraryReducedMaybe n -- logoutRequestClient :: Maybe OAuth2Client+ <*> arbitraryReducedMaybe n -- logoutRequestRequestUrl :: Maybe Text <*> arbitraryReducedMaybe n -- logoutRequestRpInitiated :: Maybe Bool <*> arbitraryReducedMaybe n -- logoutRequestSid :: Maybe Text <*> arbitraryReducedMaybe n -- logoutRequestSubject :: Maybe Text@@ -364,6 +366,17 @@ <*> arbitraryReducedMaybe n -- openIDConnectContextLoginHint :: Maybe Text <*> arbitraryReducedMaybe n -- openIDConnectContextUiLocales :: Maybe [Text] +instance Arbitrary PatchDocument where+ arbitrary = sized genPatchDocument++genPatchDocument :: Int -> Gen PatchDocument+genPatchDocument n =+ PatchDocument+ <$> arbitraryReducedMaybe n -- patchDocumentFrom :: Maybe Text+ <*> arbitrary -- patchDocumentOp :: Text+ <*> arbitrary -- patchDocumentPath :: Text+ <*> arbitraryReducedMaybeValue n -- patchDocumentValue :: Maybe A.Value+ instance Arbitrary PluginConfig where arbitrary = sized genPluginConfig @@ -526,6 +539,14 @@ <*> arbitraryReducedMaybe n -- rejectRequestErrorHint :: Maybe Text <*> arbitraryReducedMaybe n -- rejectRequestStatusCode :: Maybe Integer +instance Arbitrary RequestWasHandledResponse where+ arbitrary = sized genRequestWasHandledResponse++genRequestWasHandledResponse :: Int -> Gen RequestWasHandledResponse+genRequestWasHandledResponse n =+ RequestWasHandledResponse+ <$> arbitrary -- requestWasHandledResponseRedirectTo :: Text+ instance Arbitrary UserinfoResponse where arbitrary = sized genUserinfoResponse @@ -560,6 +581,22 @@ Version <$> arbitraryReducedMaybe n -- versionVersion :: Maybe Text +instance Arbitrary Volume where+ arbitrary = sized genVolume++genVolume :: Int -> Gen Volume+genVolume n =+ Volume+ <$> arbitraryReducedMaybe n -- volumeCreatedAt :: Maybe Text+ <*> arbitrary -- volumeDriver :: Text+ <*> arbitrary -- volumeLabels :: (Map.Map String Text)+ <*> arbitrary -- volumeMountpoint :: Text+ <*> arbitrary -- volumeName :: Text+ <*> arbitrary -- volumeOptions :: (Map.Map String Text)+ <*> arbitrary -- volumeScope :: Text+ <*> arbitraryReducedMaybeValue n -- volumeStatus :: Maybe A.Value+ <*> arbitraryReducedMaybe n -- volumeUsageData :: Maybe VolumeUsageData+ instance Arbitrary VolumeUsageData where arbitrary = sized genVolumeUsageData @@ -580,6 +617,7 @@ <*> arbitraryReducedMaybe n -- wellKnownBackchannelLogoutSupported :: Maybe Bool <*> arbitraryReducedMaybe n -- wellKnownClaimsParameterSupported :: Maybe Bool <*> arbitraryReducedMaybe n -- wellKnownClaimsSupported :: Maybe [Text]+ <*> arbitraryReducedMaybe n -- wellKnownCodeChallengeMethodsSupported :: Maybe [Text] <*> arbitraryReducedMaybe n -- wellKnownEndSessionEndpoint :: Maybe Text <*> arbitraryReducedMaybe n -- wellKnownFrontchannelLogoutSessionSupported :: Maybe Bool <*> arbitraryReducedMaybe n -- wellKnownFrontchannelLogoutSupported :: Maybe Bool
tests/Test.hs view
@@ -27,11 +27,11 @@ propMimeEq MimeJSON (Proxy :: Proxy ConsentRequestSession) propMimeEq MimeJSON (Proxy :: Proxy ContainerWaitOKBodyError) propMimeEq MimeJSON (Proxy :: Proxy FlushInactiveOAuth2TokensRequest)- propMimeEq MimeJSON (Proxy :: Proxy GenericError) propMimeEq MimeJSON (Proxy :: Proxy HealthNotReadyStatus) propMimeEq MimeJSON (Proxy :: Proxy HealthStatus) propMimeEq MimeJSON (Proxy :: Proxy JSONWebKey) propMimeEq MimeJSON (Proxy :: Proxy JSONWebKeySet)+ propMimeEq MimeJSON (Proxy :: Proxy JsonError) propMimeEq MimeJSON (Proxy :: Proxy JsonWebKeySetGeneratorRequest) propMimeEq MimeJSON (Proxy :: Proxy LoginRequest) propMimeEq MimeJSON (Proxy :: Proxy LogoutRequest)@@ -39,6 +39,7 @@ propMimeEq MimeJSON (Proxy :: Proxy OAuth2TokenIntrospection) propMimeEq MimeJSON (Proxy :: Proxy Oauth2TokenResponse) propMimeEq MimeJSON (Proxy :: Proxy OpenIDConnectContext)+ propMimeEq MimeJSON (Proxy :: Proxy PatchDocument) propMimeEq MimeJSON (Proxy :: Proxy PluginConfig) propMimeEq MimeJSON (Proxy :: Proxy PluginConfigArgs) propMimeEq MimeJSON (Proxy :: Proxy PluginConfigInterface)@@ -53,8 +54,10 @@ propMimeEq MimeJSON (Proxy :: Proxy PluginSettings) propMimeEq MimeJSON (Proxy :: Proxy PreviousConsentSession) propMimeEq MimeJSON (Proxy :: Proxy RejectRequest)+ propMimeEq MimeJSON (Proxy :: Proxy RequestWasHandledResponse) propMimeEq MimeJSON (Proxy :: Proxy UserinfoResponse) propMimeEq MimeJSON (Proxy :: Proxy Version)+ propMimeEq MimeJSON (Proxy :: Proxy Volume) propMimeEq MimeJSON (Proxy :: Proxy VolumeUsageData) propMimeEq MimeJSON (Proxy :: Proxy WellKnown)