ory-kratos (empty) → 0.0.5.5
raw patch · 4 files changed
+1220/−0 lines, 4 filesdep +aesondep +basedep +containerssetup-changed
Dependencies added: aeson, base, containers, exceptions, http-api-data, http-client, http-client-tls, http-types, mtl, network-uri, servant, servant-client, servant-client-core, servant-server, swagger2, text, time, transformers, uuid, wai, warp
Files
- Setup.hs +2/−0
- lib/OryKratos/API.hs +362/−0
- lib/OryKratos/Types.hs +812/−0
- ory-kratos.cabal +44/−0
+ Setup.hs view
@@ -0,0 +1,2 @@+import Distribution.Simple+main = defaultMain
+ lib/OryKratos/API.hs view
@@ -0,0 +1,362 @@+{-# LANGUAGE DataKinds #-}+{-# LANGUAGE DeriveDataTypeable #-}+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DeriveTraversable #-}+{-# LANGUAGE FlexibleContexts #-}+{-# LANGUAGE FlexibleInstances #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE TypeOperators #-}+{-# LANGUAGE ViewPatterns #-}+{-# OPTIONS_GHC+-fno-warn-unused-binds -fno-warn-unused-imports -freduction-depth=328 #-}++-- |Client and Server+module OryKratos.API + ( Config(..)+ , OryKratosBackend(..)+ , createOryKratosClient+ , runOryKratosServer+ , runOryKratosMiddlewareServer+ , runOryKratosClient+ , runOryKratosClientWithManager+ , callOryKratos+ , OryKratosClient+ , OryKratosClientError(..)+ -- ** Servant+ , OryKratosAPI+ ) where++import OryKratos.Types hiding (error)++import Control.Monad.Catch (Exception, MonadThrow, throwM)+import Control.Monad.Except (ExceptT, runExceptT)+import Control.Monad.IO.Class+import Control.Monad.Trans.Reader (ReaderT (..))+import Data.Aeson (Value)+import Data.Coerce (coerce)+import Data.Data (Data)+import Data.Function ((&))+import qualified Data.Map as Map+import Data.Monoid ((<>))+import Data.Proxy (Proxy (..))+import Data.Set (Set)+import Data.Text (Text)+import qualified Data.Text as T+import Data.Time+import Data.UUID (UUID)+import GHC.Exts (IsString (..))+import GHC.Generics (Generic)+import Network.HTTP.Client (Manager, newManager)+import Network.HTTP.Client.TLS (tlsManagerSettings)+import Network.HTTP.Types.Method (methodOptions)+import Network.Wai (Middleware)+import qualified Network.Wai.Handler.Warp as Warp+import Servant (ServerError, serve)+import Servant.API+import Servant.API.Verbs (StdMethod (..), Verb)+import Servant.Client (ClientEnv, Scheme (Http), ClientError, client,+ mkClientEnv, parseBaseUrl)+import Servant.Client.Core (baseUrlPort, baseUrlHost)+import Servant.Client.Internal.HttpClient (ClientM (..))+import Servant.Server (Handler (..), Application)+import Servant.Server.StaticFiles (serveDirectoryFileServer)+import Web.FormUrlEncoded+import Web.HttpApiData+++++-- | List of elements parsed from a query.+newtype QueryList (p :: CollectionFormat) a = QueryList+ { fromQueryList :: [a]+ } deriving (Functor, Applicative, Monad, Foldable, Traversable)++-- | Formats in which a list can be encoded into a HTTP path.+data CollectionFormat+ = CommaSeparated -- ^ CSV format for multiple parameters.+ | SpaceSeparated -- ^ Also called "SSV"+ | TabSeparated -- ^ Also called "TSV"+ | PipeSeparated -- ^ `value1|value2|value2`+ | MultiParamArray -- ^ Using multiple GET parameters, e.g. `foo=bar&foo=baz`. Only for GET params.++instance FromHttpApiData a => FromHttpApiData (QueryList 'CommaSeparated a) where+ parseQueryParam = parseSeparatedQueryList ','++instance FromHttpApiData a => FromHttpApiData (QueryList 'TabSeparated a) where+ parseQueryParam = parseSeparatedQueryList '\t'++instance FromHttpApiData a => FromHttpApiData (QueryList 'SpaceSeparated a) where+ parseQueryParam = parseSeparatedQueryList ' '++instance FromHttpApiData a => FromHttpApiData (QueryList 'PipeSeparated a) where+ parseQueryParam = parseSeparatedQueryList '|'++instance FromHttpApiData a => FromHttpApiData (QueryList 'MultiParamArray a) where+ parseQueryParam = error "unimplemented FromHttpApiData for MultiParamArray collection format"++parseSeparatedQueryList :: FromHttpApiData a => Char -> Text -> Either Text (QueryList p a)+parseSeparatedQueryList char = fmap QueryList . mapM parseQueryParam . T.split (== char)++instance ToHttpApiData a => ToHttpApiData (QueryList 'CommaSeparated a) where+ toQueryParam = formatSeparatedQueryList ','++instance ToHttpApiData a => ToHttpApiData (QueryList 'TabSeparated a) where+ toQueryParam = formatSeparatedQueryList '\t'++instance ToHttpApiData a => ToHttpApiData (QueryList 'SpaceSeparated a) where+ toQueryParam = formatSeparatedQueryList ' '++instance ToHttpApiData a => ToHttpApiData (QueryList 'PipeSeparated a) where+ toQueryParam = formatSeparatedQueryList '|'++instance ToHttpApiData a => ToHttpApiData (QueryList 'MultiParamArray a) where+ toQueryParam = error "unimplemented ToHttpApiData for MultiParamArray collection format"++formatSeparatedQueryList :: ToHttpApiData a => Char -> QueryList p a -> Text+formatSeparatedQueryList char = T.intercalate (T.singleton char) . map toQueryParam . fromQueryList+++-- | Servant type-level API, generated from the OpenAPI spec for OryKratos.+type OryKratosAPI+ = "identities" :> ReqBody '[JSON] CreateIdentity :> Verb 'POST 200 '[JSON] Identity -- 'createIdentity' route+ :<|> "recovery" :> "link" :> ReqBody '[JSON] CreateRecoveryLink :> Verb 'POST 200 '[JSON] RecoveryLink -- 'createRecoveryLink' route+ :<|> "identities" :> Capture "id" Text :> Verb 'DELETE 200 '[JSON] () -- 'deleteIdentity' route+ :<|> "identities" :> Capture "id" Text :> Verb 'GET 200 '[JSON] Identity -- 'getIdentity' route+ :<|> "schemas" :> Capture "id" Text :> Verb 'GET 200 '[JSON] Value -- 'getSchema' route+ :<|> "self-service" :> "errors" :> QueryParam "error" Text :> Verb 'GET 200 '[JSON] ErrorContainer -- 'getSelfServiceError' route+ :<|> "self-service" :> "login" :> "flows" :> QueryParam "id" Text :> Verb 'GET 200 '[JSON] LoginFlow -- 'getSelfServiceLoginFlow' route+ :<|> "self-service" :> "recovery" :> "flows" :> QueryParam "id" Text :> Verb 'GET 200 '[JSON] RecoveryFlow -- 'getSelfServiceRecoveryFlow' route+ :<|> "self-service" :> "registration" :> "flows" :> QueryParam "id" Text :> Verb 'GET 200 '[JSON] RegistrationFlow -- 'getSelfServiceRegistrationFlow' route+ :<|> "self-service" :> "settings" :> "flows" :> QueryParam "id" Text :> Verb 'GET 200 '[JSON] SettingsFlow -- 'getSelfServiceSettingsFlow' route+ :<|> "self-service" :> "verification" :> "flows" :> QueryParam "id" Text :> Verb 'GET 200 '[JSON] VerificationFlow -- 'getSelfServiceVerificationFlow' route+ :<|> "identities" :> QueryParam "per_page" Integer :> QueryParam "page" Integer :> Verb 'GET 200 '[JSON] [Identity] -- 'listIdentities' route+ :<|> "metrics" :> "prometheus" :> Verb 'GET 200 '[JSON] () -- 'prometheus' route+ :<|> "identities" :> Capture "id" Text :> ReqBody '[JSON] UpdateIdentity :> Verb 'PUT 200 '[JSON] Identity -- 'updateIdentity' route+ :<|> "health" :> "alive" :> Verb 'GET 200 '[JSON] HealthStatus -- 'isInstanceAlive' route+ :<|> "health" :> "ready" :> Verb 'GET 200 '[JSON] HealthStatus -- 'isInstanceReady' route+ :<|> "self-service" :> "browser" :> "flows" :> "registration" :> "strategies" :> "oidc" :> "settings" :> "connections" :> Verb 'POST 200 '[JSON] () -- 'completeSelfServiceBrowserSettingsOIDCSettingsFlow' route+ :<|> "self-service" :> "login" :> "methods" :> "password" :> QueryParam "flow" Text :> ReqBody '[JSON] CompleteSelfServiceLoginFlowWithPasswordMethod :> Verb 'POST 200 '[JSON] LoginViaApiResponse -- 'completeSelfServiceLoginFlowWithPasswordMethod' route+ :<|> "self-service" :> "recovery" :> "methods" :> "link" :> QueryParam "token" Text :> QueryParam "flow" Text :> ReqBody '[JSON] CompleteSelfServiceRecoveryFlowWithLinkMethod :> Verb 'POST 200 '[JSON] () -- 'completeSelfServiceRecoveryFlowWithLinkMethod' route+ :<|> "self-service" :> "registration" :> "methods" :> "password" :> QueryParam "flow" Text :> ReqBody '[JSON] Value :> Verb 'POST 200 '[JSON] RegistrationViaApiResponse -- 'completeSelfServiceRegistrationFlowWithPasswordMethod' route+ :<|> "self-service" :> "settings" :> "methods" :> "password" :> QueryParam "flow" Text :> ReqBody '[JSON] CompleteSelfServiceSettingsFlowWithPasswordMethod :> Verb 'POST 200 '[JSON] SettingsViaApiResponse -- 'completeSelfServiceSettingsFlowWithPasswordMethod' route+ :<|> "self-service" :> "settings" :> "methods" :> "profile" :> QueryParam "flow" Text :> ReqBody '[JSON] Value :> Verb 'POST 200 '[JSON] SettingsFlow -- 'completeSelfServiceSettingsFlowWithProfileMethod' route+ :<|> "self-service" :> "verification" :> "methods" :> "link" :> QueryParam "token" Text :> QueryParam "flow" Text :> ReqBody '[JSON] CompleteSelfServiceVerificationFlowWithLinkMethod :> Verb 'POST 200 '[JSON] () -- 'completeSelfServiceVerificationFlowWithLinkMethod' route+ :<|> "self-service" :> "browser" :> "flows" :> "logout" :> Verb 'GET 200 '[JSON] () -- 'initializeSelfServiceBrowserLogoutFlow' route+ :<|> "self-service" :> "login" :> "api" :> QueryParam "refresh" Bool :> Verb 'GET 200 '[JSON] LoginFlow -- 'initializeSelfServiceLoginViaAPIFlow' route+ :<|> "self-service" :> "login" :> "browser" :> Verb 'GET 200 '[JSON] () -- 'initializeSelfServiceLoginViaBrowserFlow' route+ :<|> "self-service" :> "recovery" :> "api" :> Verb 'GET 200 '[JSON] RecoveryFlow -- 'initializeSelfServiceRecoveryViaAPIFlow' route+ :<|> "self-service" :> "recovery" :> "browser" :> Verb 'GET 200 '[JSON] () -- 'initializeSelfServiceRecoveryViaBrowserFlow' route+ :<|> "self-service" :> "registration" :> "api" :> Verb 'GET 200 '[JSON] RegistrationFlow -- 'initializeSelfServiceRegistrationViaAPIFlow' route+ :<|> "self-service" :> "registration" :> "browser" :> Verb 'GET 200 '[JSON] () -- 'initializeSelfServiceRegistrationViaBrowserFlow' route+ :<|> "self-service" :> "settings" :> "api" :> Verb 'GET 200 '[JSON] SettingsFlow -- 'initializeSelfServiceSettingsViaAPIFlow' route+ :<|> "self-service" :> "settings" :> "browser" :> Verb 'GET 200 '[JSON] () -- 'initializeSelfServiceSettingsViaBrowserFlow' route+ :<|> "self-service" :> "verification" :> "api" :> Verb 'GET 200 '[JSON] VerificationFlow -- 'initializeSelfServiceVerificationViaAPIFlow' route+ :<|> "self-service" :> "verification" :> "browser" :> Verb 'GET 200 '[JSON] () -- 'initializeSelfServiceVerificationViaBrowserFlow' route+ :<|> "sessions" :> ReqBody '[JSON] RevokeSession :> Verb 'DELETE 200 '[JSON] () -- 'revokeSession' route+ :<|> "sessions" :> "whoami" :> QueryParam "Authorization" Text :> Header "Cookie" Text :> Verb 'GET 200 '[JSON] Session -- 'whoami' route+ :<|> "version" :> Verb 'GET 200 '[JSON] Version -- 'getVersion' route+ :<|> Raw +++-- | Server or client configuration, specifying the host and port to query or serve on.+data Config = Config+ { configUrl :: String -- ^ scheme://hostname:port/path, e.g. "http://localhost:8080/"+ } deriving (Eq, Ord, Show, Read)+++-- | Custom exception type for our errors.+newtype OryKratosClientError = OryKratosClientError ClientError+ deriving (Show, Exception)+-- | Configuration, specifying the full url of the service.+++-- | Backend for OryKratos.+-- The backend can be used both for the client and the server. The client generated from the OryKratos OpenAPI spec+-- is a backend that executes actions by sending HTTP requests (see @createOryKratosClient@). Alternatively, provided+-- a backend, the API can be served using @runOryKratosMiddlewareServer@.+data OryKratosBackend m = OryKratosBackend+ { createIdentity :: CreateIdentity -> m Identity{- ^ This endpoint creates an identity. It is NOT possible to set an identity's credentials (password, ...) using this method! A way to achieve that will be introduced in the future. Learn how identities work in [ORY Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). -}+ , createRecoveryLink :: CreateRecoveryLink -> m RecoveryLink{- ^ This endpoint creates a recovery link which should be given to the user in order for them to recover (or activate) their account. -}+ , deleteIdentity :: Text -> m (){- ^ Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone. This endpoint returns 204 when the identity was deleted or when the identity was not found, in which case it is assumed that is has been deleted already. Learn how identities work in [ORY Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). -}+ , getIdentity :: Text -> m Identity{- ^ Learn how identities work in [ORY Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). -}+ , getSchema :: Text -> m Value{- ^ Get a Traits Schema Definition -}+ , getSelfServiceError :: Maybe Text -> m ErrorContainer{- ^ This endpoint returns the error associated with a user-facing self service errors. This endpoint supports stub values to help you implement the error UI: `?error=stub:500` - returns a stub 500 (Internal Server Error) error. More information can be found at [ORY Kratos User User Facing Error Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-facing-errors). -}+ , getSelfServiceLoginFlow :: Maybe Text -> m LoginFlow{- ^ This endpoint returns a login flow's context with, for example, error details and other information. More information can be found at [ORY Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration). -}+ , getSelfServiceRecoveryFlow :: Maybe Text -> m RecoveryFlow{- ^ This endpoint returns a recovery flow's context with, for example, error details and other information. More information can be found at [ORY Kratos Account Recovery Documentation](../self-service/flows/account-recovery.mdx). -}+ , getSelfServiceRegistrationFlow :: Maybe Text -> m RegistrationFlow{- ^ This endpoint returns a registration flow's context with, for example, error details and other information. More information can be found at [ORY Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration). -}+ , getSelfServiceSettingsFlow :: Maybe Text -> m SettingsFlow{- ^ When accessing this endpoint through ORY Kratos' Public API you must ensure that either the ORY Kratos Session Cookie or the ORY Kratos Session Token are set. The public endpoint does not return 404 status codes but instead 403 or 500 to improve data privacy. You can access this endpoint without credentials when using ORY Kratos' Admin API. More information can be found at [ORY Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). -}+ , getSelfServiceVerificationFlow :: Maybe Text -> m VerificationFlow{- ^ This endpoint returns a verification flow's context with, for example, error details and other information. More information can be found at [ORY Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). -}+ , listIdentities :: Maybe Integer -> Maybe Integer -> m [Identity]{- ^ Lists all identities. Does not support search at the moment. Learn how identities work in [ORY Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). -}+ , prometheus :: m (){- ^ ``` metadata: annotations: prometheus.io/port: \"4434\" prometheus.io/path: \"/metrics/prometheus\" ``` -}+ , updateIdentity :: Text -> UpdateIdentity -> m Identity{- ^ This endpoint updates an identity. It is NOT possible to set an identity's credentials (password, ...) using this method! A way to achieve that will be introduced in the future. The full identity payload (except credentials) is expected. This endpoint does not support patching. Learn how identities work in [ORY Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model). -}+ , isInstanceAlive :: m HealthStatus{- ^ This endpoint returns a 200 status code when the HTTP server is up running. This status does currently not include checks whether the database connection is working. If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set. Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance. -}+ , isInstanceReady :: m HealthStatus{- ^ This endpoint returns a 200 status code when the HTTP server is up running and the environment dependencies (e.g. the database) are responsive as well. If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set. Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance. -}+ , completeSelfServiceBrowserSettingsOIDCSettingsFlow :: m (){- ^ This endpoint completes a browser-based settings flow. This is usually achieved by POSTing data to this endpoint. > This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...) and HTML Forms. More information can be found at [ORY Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). -}+ , completeSelfServiceLoginFlowWithPasswordMethod :: Maybe Text -> CompleteSelfServiceLoginFlowWithPasswordMethod -> m LoginViaApiResponse{- ^ Use this endpoint to complete a login flow by sending an identity's identifier and password. This endpoint behaves differently for API and browser flows. API flows expect `application/json` to be sent in the body and responds with HTTP 200 and a application/json body with the session token on success; HTTP 302 redirect to a fresh login flow if the original flow expired with the appropriate error messages set; HTTP 400 on form validation errors. Browser flows expect `application/x-www-form-urlencoded` to be sent in the body and responds with a HTTP 302 redirect to the post/after login URL or the `return_to` value if it was set and if the login succeeded; a HTTP 302 redirect to the login UI URL with the flow ID containing the validation errors otherwise. More information can be found at [ORY Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration). -}+ , completeSelfServiceRecoveryFlowWithLinkMethod :: Maybe Text -> Maybe Text -> CompleteSelfServiceRecoveryFlowWithLinkMethod -> m (){- ^ Use this endpoint to complete a recovery flow using the link method. This endpoint behaves differently for API and browser flows and has several states: `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent and works with API- and Browser-initiated flows. For API clients it either returns a HTTP 200 OK when the form is valid and HTTP 400 OK when the form is invalid and a HTTP 302 Found redirect with a fresh recovery flow if the flow was otherwise invalid (e.g. expired). For Browser clients it returns a HTTP 302 Found redirect to the Recovery UI URL with the Recovery Flow ID appended. `sent_email` is the success state after `choose_method` and allows the user to request another recovery email. It works for both API and Browser-initiated flows and returns the same responses as the flow in `choose_method` state. `passed_challenge` expects a `token` to be sent in the URL query and given the nature of the flow (\"sending a recovery link\") does not have any API capabilities. The server responds with a HTTP 302 Found redirect either to the Settings UI URL (if the link was valid) and instructs the user to update their password, or a redirect to the Recover UI URL with a new Recovery Flow ID which contains an error message that the recovery link was invalid. More information can be found at [ORY Kratos Account Recovery Documentation](../self-service/flows/account-recovery.mdx). -}+ , completeSelfServiceRegistrationFlowWithPasswordMethod :: Maybe Text -> Value -> m RegistrationViaApiResponse{- ^ Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint behaves differently for API and browser flows. API flows expect `application/json` to be sent in the body and respond with HTTP 200 and a application/json body with the created identity success - if the session hook is configured the `session` and `session_token` will also be included; HTTP 302 redirect to a fresh registration flow if the original flow expired with the appropriate error messages set; HTTP 400 on form validation errors. Browser flows expect `application/x-www-form-urlencoded` to be sent in the body and responds with a HTTP 302 redirect to the post/after registration URL or the `return_to` value if it was set and if the registration succeeded; a HTTP 302 redirect to the registration UI URL with the flow ID containing the validation errors otherwise. More information can be found at [ORY Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration). -}+ , completeSelfServiceSettingsFlowWithPasswordMethod :: Maybe Text -> CompleteSelfServiceSettingsFlowWithPasswordMethod -> m SettingsViaApiResponse{- ^ Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint behaves differently for API and browser flows. API-initiated flows expect `application/json` to be sent in the body and respond with HTTP 200 and an application/json body with the session token on success; HTTP 302 redirect to a fresh settings flow if the original flow expired with the appropriate error messages set; HTTP 400 on form validation errors. HTTP 401 when the endpoint is called without a valid session token. HTTP 403 when `selfservice.flows.settings.privileged_session_max_age` was reached. Implies that the user needs to re-authenticate. Browser flows expect `application/x-www-form-urlencoded` to be sent in the body and responds with a HTTP 302 redirect to the post/after settings URL or the `return_to` value if it was set and if the flow succeeded; a HTTP 302 redirect to the Settings UI URL with the flow ID containing the validation errors otherwise. a HTTP 302 redirect to the login endpoint when `selfservice.flows.settings.privileged_session_max_age` was reached. More information can be found at [ORY Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). -}+ , completeSelfServiceSettingsFlowWithProfileMethod :: Maybe Text -> Value -> m SettingsFlow{- ^ Use this endpoint to complete a settings flow by sending an identity's updated traits. This endpoint behaves differently for API and browser flows. API-initiated flows expect `application/json` to be sent in the body and respond with HTTP 200 and an application/json body with the session token on success; HTTP 302 redirect to a fresh settings flow if the original flow expired with the appropriate error messages set; HTTP 400 on form validation errors. HTTP 401 when the endpoint is called without a valid session token. HTTP 403 when `selfservice.flows.settings.privileged_session_max_age` was reached and a sensitive field was updated (e.g. recovery email). Implies that the user needs to re-authenticate. Browser flows expect `application/x-www-form-urlencoded` to be sent in the body and responds with a HTTP 302 redirect to the post/after settings URL or the `return_to` value if it was set and if the flow succeeded; a HTTP 302 redirect to the settings UI URL with the flow ID containing the validation errors otherwise. a HTTP 302 redirect to the login endpoint when `selfservice.flows.settings.privileged_session_max_age` was reached. More information can be found at [ORY Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). -}+ , completeSelfServiceVerificationFlowWithLinkMethod :: Maybe Text -> Maybe Text -> CompleteSelfServiceVerificationFlowWithLinkMethod -> m (){- ^ Use this endpoint to complete a verification flow using the link method. This endpoint behaves differently for API and browser flows and has several states: `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent and works with API- and Browser-initiated flows. For API clients it either returns a HTTP 200 OK when the form is valid and HTTP 400 OK when the form is invalid and a HTTP 302 Found redirect with a fresh verification flow if the flow was otherwise invalid (e.g. expired). For Browser clients it returns a HTTP 302 Found redirect to the Verification UI URL with the Verification Flow ID appended. `sent_email` is the success state after `choose_method` and allows the user to request another verification email. It works for both API and Browser-initiated flows and returns the same responses as the flow in `choose_method` state. `passed_challenge` expects a `token` to be sent in the URL query and given the nature of the flow (\"sending a verification link\") does not have any API capabilities. The server responds with a HTTP 302 Found redirect either to the Settings UI URL (if the link was valid) and instructs the user to update their password, or a redirect to the Verification UI URL with a new Verification Flow ID which contains an error message that the verification link was invalid. More information can be found at [ORY Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). -}+ , initializeSelfServiceBrowserLogoutFlow :: m (){- ^ This endpoint initializes a logout flow. > This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...). On successful logout, the browser will be redirected (HTTP 302 Found) to the `return_to` parameter of the initial request or fall back to `urls.default_return_to`. More information can be found at [ORY Kratos User Logout Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-logout). -}+ , initializeSelfServiceLoginViaAPIFlow :: Maybe Bool -> m LoginFlow{- ^ This endpoint initiates a login flow for API clients such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error will be returned unless the URL query parameter `?refresh=true` is set. To fetch an existing login flow call `/self-service/login/flows?flow=<flow_id>`. :::warning You MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server Pages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make you vulnerable to a variety of CSRF attacks, including CSRF login attacks. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). ::: More information can be found at [ORY Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration). -}+ , initializeSelfServiceLoginViaBrowserFlow :: m (){- ^ This endpoint initializes a browser-based user login flow. Once initialized, the browser will be redirected to `selfservice.flows.login.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session exists already, the browser will be redirected to `urls.default_redirect_url` unless the query parameter `?refresh=true` was set. This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...). More information can be found at [ORY Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration). -}+ , initializeSelfServiceRecoveryViaAPIFlow :: m RecoveryFlow{- ^ This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error. To fetch an existing recovery flow call `/self-service/recovery/flows?flow=<flow_id>`. :::warning You MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server Pages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make you vulnerable to a variety of CSRF attacks. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). ::: More information can be found at [ORY Kratos Account Recovery Documentation](../self-service/flows/account-recovery.mdx). -}+ , initializeSelfServiceRecoveryViaBrowserFlow :: m (){- ^ This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to `selfservice.flows.recovery.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session exists, the browser is returned to the configured return URL. This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...). More information can be found at [ORY Kratos Account Recovery Documentation](../self-service/flows/account-recovery.mdx). -}+ , initializeSelfServiceRegistrationViaAPIFlow :: m RegistrationFlow{- ^ This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error will be returned unless the URL query parameter `?refresh=true` is set. To fetch an existing registration flow call `/self-service/registration/flows?flow=<flow_id>`. :::warning You MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server Pages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make you vulnerable to a variety of CSRF attacks. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). ::: More information can be found at [ORY Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration). -}+ , initializeSelfServiceRegistrationViaBrowserFlow :: m (){- ^ This endpoint initializes a browser-based user registration flow. Once initialized, the browser will be redirected to `selfservice.flows.registration.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session exists already, the browser will be redirected to `urls.default_redirect_url` unless the query parameter `?refresh=true` was set. :::note This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...). ::: More information can be found at [ORY Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration). -}+ , initializeSelfServiceSettingsViaAPIFlow :: m SettingsFlow{- ^ This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on. You must provide a valid ORY Kratos Session Token for this endpoint to respond with HTTP 200 OK. To fetch an existing settings flow call `/self-service/settings/flows?flow=<flow_id>`. :::warning You MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server Pages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make you vulnerable to a variety of CSRF attacks. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). ::: More information can be found at [ORY Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). -}+ , initializeSelfServiceSettingsViaBrowserFlow :: m (){- ^ This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to `selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid ORY Kratos Session Cookie is included in the request, a login flow will be initialized. :::note This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...). ::: More information can be found at [ORY Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). -}+ , initializeSelfServiceVerificationViaAPIFlow :: m VerificationFlow{- ^ This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on. To fetch an existing verification flow call `/self-service/verification/flows?flow=<flow_id>`. :::warning You MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server Pages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make you vulnerable to a variety of CSRF attacks. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). ::: More information can be found at [ORY Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). -}+ , initializeSelfServiceVerificationViaBrowserFlow :: m (){- ^ This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to `selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`. This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...). More information can be found at [ORY Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation). -}+ , revokeSession :: RevokeSession -> m (){- ^ Use this endpoint to revoke a session using its token. This endpoint is particularly useful for API clients such as mobile apps to log the user out of the system and invalidate the session. This endpoint does not remove any HTTP Cookies - use the Self-Service Logout Flow instead. -}+ , whoami :: Maybe Text -> Maybe Text -> m Session{- ^ Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated. Returns a session object in the body or 401 if the credentials are invalid or no credentials were sent. Additionally when the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header in the response. This endpoint is useful for reverse proxies and API Gateways. -}+ , getVersion :: m Version{- ^ This endpoint returns the service version typically notated using semantic versioning. If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set. Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance. -}+ }++newtype OryKratosClient a = OryKratosClient+ { runClient :: ClientEnv -> ExceptT ClientError IO a+ } deriving Functor++instance Applicative OryKratosClient where+ pure x = OryKratosClient (\_ -> pure x)+ (OryKratosClient f) <*> (OryKratosClient x) =+ OryKratosClient (\env -> f env <*> x env)++instance Monad OryKratosClient where+ (OryKratosClient a) >>= f =+ OryKratosClient (\env -> do+ value <- a env+ runClient (f value) env)++instance MonadIO OryKratosClient where+ liftIO io = OryKratosClient (\_ -> liftIO io)++createOryKratosClient :: OryKratosBackend OryKratosClient+createOryKratosClient = OryKratosBackend{..}+ where+ ((coerce -> createIdentity) :<|>+ (coerce -> createRecoveryLink) :<|>+ (coerce -> deleteIdentity) :<|>+ (coerce -> getIdentity) :<|>+ (coerce -> getSchema) :<|>+ (coerce -> getSelfServiceError) :<|>+ (coerce -> getSelfServiceLoginFlow) :<|>+ (coerce -> getSelfServiceRecoveryFlow) :<|>+ (coerce -> getSelfServiceRegistrationFlow) :<|>+ (coerce -> getSelfServiceSettingsFlow) :<|>+ (coerce -> getSelfServiceVerificationFlow) :<|>+ (coerce -> listIdentities) :<|>+ (coerce -> prometheus) :<|>+ (coerce -> updateIdentity) :<|>+ (coerce -> isInstanceAlive) :<|>+ (coerce -> isInstanceReady) :<|>+ (coerce -> completeSelfServiceBrowserSettingsOIDCSettingsFlow) :<|>+ (coerce -> completeSelfServiceLoginFlowWithPasswordMethod) :<|>+ (coerce -> completeSelfServiceRecoveryFlowWithLinkMethod) :<|>+ (coerce -> completeSelfServiceRegistrationFlowWithPasswordMethod) :<|>+ (coerce -> completeSelfServiceSettingsFlowWithPasswordMethod) :<|>+ (coerce -> completeSelfServiceSettingsFlowWithProfileMethod) :<|>+ (coerce -> completeSelfServiceVerificationFlowWithLinkMethod) :<|>+ (coerce -> initializeSelfServiceBrowserLogoutFlow) :<|>+ (coerce -> initializeSelfServiceLoginViaAPIFlow) :<|>+ (coerce -> initializeSelfServiceLoginViaBrowserFlow) :<|>+ (coerce -> initializeSelfServiceRecoveryViaAPIFlow) :<|>+ (coerce -> initializeSelfServiceRecoveryViaBrowserFlow) :<|>+ (coerce -> initializeSelfServiceRegistrationViaAPIFlow) :<|>+ (coerce -> initializeSelfServiceRegistrationViaBrowserFlow) :<|>+ (coerce -> initializeSelfServiceSettingsViaAPIFlow) :<|>+ (coerce -> initializeSelfServiceSettingsViaBrowserFlow) :<|>+ (coerce -> initializeSelfServiceVerificationViaAPIFlow) :<|>+ (coerce -> initializeSelfServiceVerificationViaBrowserFlow) :<|>+ (coerce -> revokeSession) :<|>+ (coerce -> whoami) :<|>+ (coerce -> getVersion) :<|>+ _) = client (Proxy :: Proxy OryKratosAPI)++-- | Run requests in the OryKratosClient monad.+runOryKratosClient :: Config -> OryKratosClient a -> ExceptT ClientError IO a+runOryKratosClient clientConfig cl = do+ manager <- liftIO $ newManager tlsManagerSettings+ runOryKratosClientWithManager manager clientConfig cl++-- | Run requests in the OryKratosClient monad using a custom manager.+runOryKratosClientWithManager :: Manager -> Config -> OryKratosClient a -> ExceptT ClientError IO a+runOryKratosClientWithManager manager Config{..} cl = do+ url <- parseBaseUrl configUrl+ runClient cl $ mkClientEnv manager url++-- | Like @runClient@, but returns the response or throws+-- a OryKratosClientError+callOryKratos+ :: (MonadIO m, MonadThrow m)+ => ClientEnv -> OryKratosClient a -> m a+callOryKratos env f = do+ res <- liftIO $ runExceptT $ runClient f env+ case res of+ Left err -> throwM (OryKratosClientError err)+ Right response -> pure response+++requestMiddlewareId :: Application -> Application+requestMiddlewareId a = a++-- | Run the OryKratos server at the provided host and port.+runOryKratosServer+ :: (MonadIO m, MonadThrow m)+ => Config -> OryKratosBackend (ExceptT ServerError IO) -> m ()+runOryKratosServer config backend = runOryKratosMiddlewareServer config requestMiddlewareId backend++-- | Run the OryKratos server at the provided host and port.+runOryKratosMiddlewareServer+ :: (MonadIO m, MonadThrow m)+ => Config -> Middleware -> OryKratosBackend (ExceptT ServerError IO) -> m ()+runOryKratosMiddlewareServer Config{..} middleware backend = do+ url <- parseBaseUrl configUrl+ let warpSettings = Warp.defaultSettings+ & Warp.setPort (baseUrlPort url)+ & Warp.setHost (fromString $ baseUrlHost url)+ liftIO $ Warp.runSettings warpSettings $ middleware $ serve (Proxy :: Proxy OryKratosAPI) (serverFromBackend backend)+ where+ serverFromBackend OryKratosBackend{..} =+ (coerce createIdentity :<|>+ coerce createRecoveryLink :<|>+ coerce deleteIdentity :<|>+ coerce getIdentity :<|>+ coerce getSchema :<|>+ coerce getSelfServiceError :<|>+ coerce getSelfServiceLoginFlow :<|>+ coerce getSelfServiceRecoveryFlow :<|>+ coerce getSelfServiceRegistrationFlow :<|>+ coerce getSelfServiceSettingsFlow :<|>+ coerce getSelfServiceVerificationFlow :<|>+ coerce listIdentities :<|>+ coerce prometheus :<|>+ coerce updateIdentity :<|>+ coerce isInstanceAlive :<|>+ coerce isInstanceReady :<|>+ coerce completeSelfServiceBrowserSettingsOIDCSettingsFlow :<|>+ coerce completeSelfServiceLoginFlowWithPasswordMethod :<|>+ coerce completeSelfServiceRecoveryFlowWithLinkMethod :<|>+ coerce completeSelfServiceRegistrationFlowWithPasswordMethod :<|>+ coerce completeSelfServiceSettingsFlowWithPasswordMethod :<|>+ coerce completeSelfServiceSettingsFlowWithProfileMethod :<|>+ coerce completeSelfServiceVerificationFlowWithLinkMethod :<|>+ coerce initializeSelfServiceBrowserLogoutFlow :<|>+ coerce initializeSelfServiceLoginViaAPIFlow :<|>+ coerce initializeSelfServiceLoginViaBrowserFlow :<|>+ coerce initializeSelfServiceRecoveryViaAPIFlow :<|>+ coerce initializeSelfServiceRecoveryViaBrowserFlow :<|>+ coerce initializeSelfServiceRegistrationViaAPIFlow :<|>+ coerce initializeSelfServiceRegistrationViaBrowserFlow :<|>+ coerce initializeSelfServiceSettingsViaAPIFlow :<|>+ coerce initializeSelfServiceSettingsViaBrowserFlow :<|>+ coerce initializeSelfServiceVerificationViaAPIFlow :<|>+ coerce initializeSelfServiceVerificationViaBrowserFlow :<|>+ coerce revokeSession :<|>+ coerce whoami :<|>+ coerce getVersion :<|>+ serveDirectoryFileServer "static")
+ lib/OryKratos/Types.hs view
@@ -0,0 +1,812 @@+{-# LANGUAGE DeriveDataTypeable #-}+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# OPTIONS_GHC -fno-warn-unused-binds -fno-warn-unused-imports #-}++module OryKratos.Types+ ( CompleteSelfServiceLoginFlowWithPasswordMethod (..),+ CompleteSelfServiceRecoveryFlowWithLinkMethod (..),+ CompleteSelfServiceSettingsFlowWithPasswordMethod (..),+ CompleteSelfServiceVerificationFlowWithLinkMethod (..),+ CreateIdentity (..),+ CreateRecoveryLink (..),+ ErrorContainer (..),+ FormField (..),+ GenericError (..),+ GenericErrorPayload (..),+ HealthNotReadyStatus (..),+ HealthStatus (..),+ Identity (..),+ LoginFlow (..),+ LoginFlowMethod (..),+ LoginFlowMethodConfig (..),+ LoginViaApiResponse (..),+ Message (..),+ RecoveryAddress (..),+ RecoveryFlow (..),+ RecoveryFlowMethod (..),+ RecoveryFlowMethodConfig (..),+ RecoveryLink (..),+ RegistrationFlow (..),+ RegistrationFlowMethod (..),+ RegistrationFlowMethodConfig (..),+ RegistrationViaApiResponse (..),+ RevokeSession (..),+ Session (..),+ SettingsFlow (..),+ SettingsFlowMethod (..),+ SettingsFlowMethodConfig (..),+ SettingsViaApiResponse (..),+ UpdateIdentity (..),+ VerifiableAddress (..),+ VerificationFlow (..),+ VerificationFlowMethod (..),+ VerificationFlowMethodConfig (..),+ Version (..),+ )+where++import Data.Aeson (FromJSON (..), ToJSON (..), Value, genericParseJSON, genericToEncoding, genericToJSON)+import Data.Aeson.Types (Options (..), defaultOptions)+import qualified Data.Char as Char+import Data.Data (Data)+import Data.Function ((&))+import Data.List (stripPrefix)+import qualified Data.Map as Map+import Data.Maybe (fromMaybe)+import Data.Set (Set)+import Data.Swagger (ToSchema, declareNamedSchema)+import qualified Data.Swagger as Swagger+import Data.Text (Text)+import qualified Data.Text as T+import Data.Time+import Data.UUID (UUID)+import GHC.Generics (Generic)++-- |+data CompleteSelfServiceLoginFlowWithPasswordMethod = CompleteSelfServiceLoginFlowWithPasswordMethod+ { -- | Sending the anti-csrf token is only required for browser login flows.+ csrf_token :: Maybe Text,+ -- | Identifier is the email or username of the user trying to log in.+ identifier :: Maybe Text,+ -- | The user's password.+ password :: Maybe Text+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON CompleteSelfServiceLoginFlowWithPasswordMethod++instance ToJSON CompleteSelfServiceLoginFlowWithPasswordMethod where+ toEncoding = genericToEncoding defaultOptions++-- |+data CompleteSelfServiceRecoveryFlowWithLinkMethod = CompleteSelfServiceRecoveryFlowWithLinkMethod+ { -- | Sending the anti-csrf token is only required for browser login flows.+ csrf_token :: Maybe Text,+ -- | Email to Recover Needs to be set when initiating the flow. If the email is a registered recovery email, a recovery link will be sent. If the email is not known, a email with details on what happened will be sent instead. format: email in: body+ email :: Maybe Text+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON CompleteSelfServiceRecoveryFlowWithLinkMethod++instance ToJSON CompleteSelfServiceRecoveryFlowWithLinkMethod where+ toEncoding = genericToEncoding defaultOptions++-- |+data CompleteSelfServiceSettingsFlowWithPasswordMethod = CompleteSelfServiceSettingsFlowWithPasswordMethod+ { -- | CSRFToken is the anti-CSRF token type: string+ csrf_token :: Maybe Text,+ -- | Password is the updated password type: string+ password :: Text+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON CompleteSelfServiceSettingsFlowWithPasswordMethod++instance ToJSON CompleteSelfServiceSettingsFlowWithPasswordMethod where+ toEncoding = genericToEncoding defaultOptions++-- |+data CompleteSelfServiceVerificationFlowWithLinkMethod = CompleteSelfServiceVerificationFlowWithLinkMethod+ { -- | Sending the anti-csrf token is only required for browser login flows.+ csrf_token :: Maybe Text,+ -- | Email to Verify Needs to be set when initiating the flow. If the email is a registered verification email, a verification link will be sent. If the email is not known, a email with details on what happened will be sent instead. format: email in: body+ email :: Maybe Text+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON CompleteSelfServiceVerificationFlowWithLinkMethod++instance ToJSON CompleteSelfServiceVerificationFlowWithLinkMethod where+ toEncoding = genericToEncoding defaultOptions++-- |+data CreateIdentity = CreateIdentity+ { -- | SchemaID is the ID of the JSON Schema to be used for validating the identity's traits.+ schema_id :: Text,+ -- | Traits represent an identity's traits. The identity is able to create, modify, and delete traits in a self-service manner. The input will always be validated against the JSON Schema defined in `schema_url`.+ traits :: Value+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON CreateIdentity++instance ToJSON CreateIdentity where+ toEncoding = genericToEncoding defaultOptions++-- |+data CreateRecoveryLink = CreateRecoveryLink+ { -- | Link Expires In The recovery link will expire at that point in time. Defaults to the configuration value of `selfservice.flows.recovery.request_lifespan`.+ expires_in :: Maybe Text,+ -- |+ identity_id :: Text+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON CreateRecoveryLink++instance ToJSON CreateRecoveryLink where+ toEncoding = genericToEncoding defaultOptions++-- |+data ErrorContainer = ErrorContainer+ { -- | Errors in the container+ errors :: Value,+ -- |+ id :: Text+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON ErrorContainer++instance ToJSON ErrorContainer where+ toEncoding = genericToEncoding defaultOptions++-- | Field represents a HTML Form Field+data FormField = FormField+ { -- | Disabled is the equivalent of `<input {{if .Disabled}}disabled{{end}}\">`+ disabled :: Maybe Bool,+ -- |+ messages :: Maybe [Message],+ -- | Name is the equivalent of `<input name=\"{{.Name}}\">`+ name :: Text,+ -- | Pattern is the equivalent of `<input pattern=\"{{.Pattern}}\">`+ pattern :: Maybe Text,+ -- | Required is the equivalent of `<input required=\"{{.Required}}\">`+ required :: Maybe Bool,+ -- | Type is the equivalent of `<input type=\"{{.Type}}\">`+ _type :: Text,+ -- | Value is the equivalent of `<input value=\"{{.Value}}\">`+ value :: Maybe Value+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON FormField where+ parseJSON =+ genericParseJSON+ defaultOptions+ { constructorTagModifier = \f -> if f == "_type" then "type" else f+ }++instance ToJSON FormField where+ toEncoding =+ genericToEncoding+ defaultOptions+ { constructorTagModifier = \f -> if f == "_type" then "type" else f+ }++-- | Error responses are sent when an error (e.g. unauthorized, bad request, ...) occurred.+data GenericError = GenericError+ { -- |+ error :: Maybe GenericErrorPayload+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON GenericError++instance ToJSON GenericError where+ toEncoding = genericToEncoding defaultOptions++-- |+data GenericErrorPayload = GenericErrorPayload+ { -- | Code represents the error status code (404, 403, 401, ...).+ code :: Maybe Integer,+ -- | Debug contains debug information. This is usually not available and has to be enabled.+ debug :: Maybe Text,+ -- |+ details :: Maybe Value,+ -- |+ message :: Maybe Text,+ -- |+ reason :: Maybe Text,+ -- |+ request :: Maybe Text,+ -- |+ status :: Maybe Text+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON GenericErrorPayload++instance ToJSON GenericErrorPayload where+ toEncoding = genericToEncoding defaultOptions++-- |+data HealthNotReadyStatus = HealthNotReadyStatus+ { -- | Errors contains a list of errors that caused the not ready status.+ errors :: Maybe (Map.Map String Text)+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON HealthNotReadyStatus++instance ToJSON HealthNotReadyStatus where+ toEncoding = genericToEncoding defaultOptions++-- |+data HealthStatus = HealthStatus+ { -- | Status always contains \"ok\".+ status :: Maybe Text+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON HealthStatus++instance ToJSON HealthStatus where+ toEncoding = genericToEncoding defaultOptions++-- |+data Identity = Identity+ { -- |+ id :: Text,+ -- | RecoveryAddresses contains all the addresses that can be used to recover an identity.+ recovery_addresses :: Maybe [RecoveryAddress],+ -- | SchemaID is the ID of the JSON Schema to be used for validating the identity's traits.+ schema_id :: Text,+ -- | SchemaURL is the URL of the endpoint where the identity's traits schema can be fetched from. format: url+ schema_url :: Text,+ -- |+ traits :: Value,+ -- | VerifiableAddresses contains all the addresses that can be verified by the user.+ verifiable_addresses :: Maybe [VerifiableAddress]+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON Identity++instance ToJSON Identity where+ toEncoding = genericToEncoding defaultOptions++-- | This object represents a login flow. A login flow is initiated at the \"Initiate Login API / Browser Flow\" endpoint by a client. Once a login flow is completed successfully, a session cookie or session token will be issued.+data LoginFlow = LoginFlow+ { -- | and so on.+ active :: Maybe Text,+ -- | ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to log in, a new flow has to be initiated.+ expires_at :: UTCTime,+ -- | Forced stores whether this login flow should enforce re-authentication.+ forced :: Maybe Bool,+ -- |+ id :: Text,+ -- | IssuedAt is the time (UTC) when the flow started.+ issued_at :: UTCTime,+ -- |+ messages :: Maybe [Message],+ -- | List of login methods This is the list of available login methods with their required form fields, such as `identifier` and `password` for the password login method. This will also contain error messages such as \"password can not be empty\".+ methods :: (Map.Map String LoginFlowMethod),+ -- | RequestURL is the initial URL that was requested from ORY Kratos. It can be used to forward information contained in the URL's path or query for example.+ request_url :: Text,+ -- | The flow type can either be `api` or `browser`.+ _type :: Maybe Text+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON LoginFlow where+ parseJSON =+ genericParseJSON+ defaultOptions+ { constructorTagModifier = \f -> if f == "_type" then "type" else f+ }++instance ToJSON LoginFlow where+ toEncoding =+ genericToEncoding+ defaultOptions+ { constructorTagModifier = \f -> if f == "_type" then "type" else f+ }++-- |+data LoginFlowMethod = LoginFlowMethod+ { -- |+ config :: LoginFlowMethodConfig,+ -- | and so on.+ method :: Text+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON LoginFlowMethod++instance ToJSON LoginFlowMethod where+ toEncoding = genericToEncoding defaultOptions++-- |+data LoginFlowMethodConfig = LoginFlowMethodConfig+ { -- | Action should be used as the form action URL `<form action=\"{{ .Action }}\" method=\"post\">`.+ action :: Text,+ -- | Fields contains multiple fields+ fields :: [FormField],+ -- |+ messages :: Maybe [Message],+ -- | Method is the form method (e.g. POST)+ method :: Text,+ -- | Providers is set for the \"oidc\" flow method.+ providers :: Maybe [FormField]+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON LoginFlowMethodConfig++instance ToJSON LoginFlowMethodConfig where+ toEncoding = genericToEncoding defaultOptions++-- | The Response for Login Flows via API+data LoginViaApiResponse = LoginViaApiResponse+ { -- |+ session :: Session,+ -- | The Session Token A session token is equivalent to a session cookie, but it can be sent in the HTTP Authorization Header: Authorization: bearer ${session-token} The session token is only issued for API flows, not for Browser flows!+ session_token :: Text+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON LoginViaApiResponse++instance ToJSON LoginViaApiResponse where+ toEncoding = genericToEncoding defaultOptions++-- |+data Message = Message+ { -- |+ context :: Maybe Value,+ -- |+ id :: Maybe Integer,+ -- |+ text :: Maybe Text,+ -- | The flow type can either be `api` or `browser`.+ _type :: Maybe Text+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON Message where+ parseJSON =+ genericParseJSON+ defaultOptions+ { constructorTagModifier = \f -> if f == "_type" then "type" else f+ }++instance ToJSON Message where+ toEncoding =+ genericToEncoding+ defaultOptions+ { constructorTagModifier = \f -> if f == "_type" then "type" else f+ }++-- |+data RecoveryAddress = RecoveryAddress+ { -- |+ id :: Text,+ -- |+ value :: Text,+ -- |+ via :: Text+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON RecoveryAddress++instance ToJSON RecoveryAddress where+ toEncoding = genericToEncoding defaultOptions++-- | This request is used when an identity wants to recover their account. We recommend reading the [Account Recovery Documentation](../self-service/flows/password-reset-account-recovery)+data RecoveryFlow = RecoveryFlow+ { -- | Active, if set, contains the registration method that is being used. It is initially not set.+ active :: Maybe Text,+ -- | ExpiresAt is the time (UTC) when the request expires. If the user still wishes to update the setting, a new request has to be initiated.+ expires_at :: UTCTime,+ -- |+ id :: Text,+ -- | IssuedAt is the time (UTC) when the request occurred.+ issued_at :: UTCTime,+ -- |+ messages :: Maybe [Message],+ -- | Methods contains context for all account recovery methods. If a registration request has been processed, but for example the password is incorrect, this will contain error messages.+ methods :: (Map.Map String RecoveryFlowMethod),+ -- | RequestURL is the initial URL that was requested from ORY Kratos. It can be used to forward information contained in the URL's path or query for example.+ request_url :: Text,+ -- |+ state :: Text,+ -- | The flow type can either be `api` or `browser`.+ _type :: Maybe Text+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON RecoveryFlow where+ parseJSON =+ genericParseJSON+ defaultOptions+ { constructorTagModifier = \f -> if f == "_type" then "type" else f+ }++instance ToJSON RecoveryFlow where+ toEncoding =+ genericToEncoding+ defaultOptions+ { constructorTagModifier = \f -> if f == "_type" then "type" else f+ }++-- |+data RecoveryFlowMethod = RecoveryFlowMethod+ { -- |+ config :: RecoveryFlowMethodConfig,+ -- | Method contains the request credentials type.+ method :: Text+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON RecoveryFlowMethod++instance ToJSON RecoveryFlowMethod where+ toEncoding = genericToEncoding defaultOptions++-- |+data RecoveryFlowMethodConfig = RecoveryFlowMethodConfig+ { -- | Action should be used as the form action URL `<form action=\"{{ .Action }}\" method=\"post\">`.+ action :: Text,+ -- | Fields contains multiple fields+ fields :: [FormField],+ -- |+ messages :: Maybe [Message],+ -- | Method is the form method (e.g. POST)+ method :: Text+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON RecoveryFlowMethodConfig++instance ToJSON RecoveryFlowMethodConfig where+ toEncoding = genericToEncoding defaultOptions++-- |+data RecoveryLink = RecoveryLink+ { -- | Recovery Link Expires At The timestamp when the recovery link expires.+ expires_at :: Maybe UTCTime,+ -- | Recovery Link This link can be used to recover the account.+ recovery_link :: Text+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON RecoveryLink++instance ToJSON RecoveryLink where+ toEncoding = genericToEncoding defaultOptions++-- |+data RegistrationFlow = RegistrationFlow+ { -- | and so on.+ active :: Maybe Text,+ -- | ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to log in, a new flow has to be initiated.+ expires_at :: UTCTime,+ -- |+ id :: Text,+ -- | IssuedAt is the time (UTC) when the flow occurred.+ issued_at :: UTCTime,+ -- |+ messages :: Maybe [Message],+ -- | Methods contains context for all enabled registration methods. If a registration flow has been processed, but for example the password is incorrect, this will contain error messages.+ methods :: (Map.Map String RegistrationFlowMethod),+ -- | RequestURL is the initial URL that was requested from ORY Kratos. It can be used to forward information contained in the URL's path or query for example.+ request_url :: Text,+ -- | The flow type can either be `api` or `browser`.+ _type :: Maybe Text+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON RegistrationFlow where+ parseJSON =+ genericParseJSON+ defaultOptions+ { constructorTagModifier = \f -> if f == "_type" then "type" else f+ }++instance ToJSON RegistrationFlow where+ toEncoding =+ genericToEncoding+ defaultOptions+ { constructorTagModifier = \f -> if f == "_type" then "type" else f+ }++-- |+data RegistrationFlowMethod = RegistrationFlowMethod+ { -- |+ config :: RegistrationFlowMethodConfig,+ -- | and so on.+ method :: Text+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON RegistrationFlowMethod++instance ToJSON RegistrationFlowMethod where+ toEncoding = genericToEncoding defaultOptions++-- |+data RegistrationFlowMethodConfig = RegistrationFlowMethodConfig+ { -- | Action should be used as the form action URL `<form action=\"{{ .Action }}\" method=\"post\">`.+ action :: Text,+ -- | Fields contains multiple fields+ fields :: [FormField],+ -- |+ messages :: Maybe [Message],+ -- | Method is the form method (e.g. POST)+ method :: Text,+ -- | Providers is set for the \"oidc\" registration method.+ providers :: Maybe [FormField]+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON RegistrationFlowMethodConfig++instance ToJSON RegistrationFlowMethodConfig where+ toEncoding = genericToEncoding defaultOptions++-- | The Response for Registration Flows via API+data RegistrationViaApiResponse = RegistrationViaApiResponse+ { -- |+ identity :: Identity,+ -- |+ session :: Maybe Session,+ -- | The Session Token This field is only set when the session hook is configured as a post-registration hook. A session token is equivalent to a session cookie, but it can be sent in the HTTP Authorization Header: Authorization: bearer ${session-token} The session token is only issued for API flows, not for Browser flows!+ session_token :: Text+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON RegistrationViaApiResponse++instance ToJSON RegistrationViaApiResponse where+ toEncoding = genericToEncoding defaultOptions++-- |+data RevokeSession = RevokeSession+ { -- | The Session Token Invalidate this session token.+ session_token :: Text+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON RevokeSession++instance ToJSON RevokeSession where+ toEncoding = genericToEncoding defaultOptions++-- |+data Session = Session+ { -- |+ active :: Maybe Bool,+ -- |+ authenticated_at :: UTCTime,+ -- |+ expires_at :: UTCTime,+ -- |+ id :: Text,+ -- |+ identity :: Identity,+ -- |+ issued_at :: UTCTime+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON Session++instance ToJSON Session where+ toEncoding = genericToEncoding defaultOptions++-- | This flow is used when an identity wants to update settings (e.g. profile data, passwords, ...) in a selfservice manner. We recommend reading the [User Settings Documentation](../self-service/flows/user-settings)+data SettingsFlow = SettingsFlow+ { -- | Active, if set, contains the registration method that is being used. It is initially not set.+ active :: Maybe Text,+ -- | ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to update the setting, a new flow has to be initiated.+ expires_at :: UTCTime,+ -- |+ id :: Text,+ -- |+ identity :: Identity,+ -- | IssuedAt is the time (UTC) when the flow occurred.+ issued_at :: UTCTime,+ -- |+ messages :: Maybe [Message],+ -- | Methods contains context for all enabled registration methods. If a settings flow has been processed, but for example the first name is empty, this will contain error messages.+ methods :: (Map.Map String SettingsFlowMethod),+ -- | RequestURL is the initial URL that was requested from ORY Kratos. It can be used to forward information contained in the URL's path or query for example.+ request_url :: Text,+ -- |+ state :: Text,+ -- | The flow type can either be `api` or `browser`.+ _type :: Maybe Text+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON SettingsFlow where+ parseJSON =+ genericParseJSON+ defaultOptions+ { constructorTagModifier = \f -> if f == "_type" then "type" else f+ }++instance ToJSON SettingsFlow where+ toEncoding =+ genericToEncoding+ defaultOptions+ { constructorTagModifier = \f -> if f == "_type" then "type" else f+ }++-- |+data SettingsFlowMethod = SettingsFlowMethod+ { -- |+ config :: SettingsFlowMethodConfig,+ -- | Method is the name of this flow method.+ method :: Text+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON SettingsFlowMethod++instance ToJSON SettingsFlowMethod where+ toEncoding = genericToEncoding defaultOptions++-- |+data SettingsFlowMethodConfig = SettingsFlowMethodConfig+ { -- | Action should be used as the form action URL `<form action=\"{{ .Action }}\" method=\"post\">`.+ action :: Text,+ -- | Fields contains multiple fields+ fields :: [FormField],+ -- |+ messages :: Maybe [Message],+ -- | Method is the form method (e.g. POST)+ method :: Text+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON SettingsFlowMethodConfig++instance ToJSON SettingsFlowMethodConfig where+ toEncoding = genericToEncoding defaultOptions++-- | The Response for Settings Flows via API+data SettingsViaApiResponse = SettingsViaApiResponse+ { -- |+ flow :: SettingsFlow,+ -- |+ identity :: Identity+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON SettingsViaApiResponse++instance ToJSON SettingsViaApiResponse where+ toEncoding = genericToEncoding defaultOptions++-- |+data UpdateIdentity = UpdateIdentity+ { -- | SchemaID is the ID of the JSON Schema to be used for validating the identity's traits. If set will update the Identity's SchemaID.+ schema_id :: Maybe Text,+ -- | Traits represent an identity's traits. The identity is able to create, modify, and delete traits in a self-service manner. The input will always be validated against the JSON Schema defined in `schema_id`.+ traits :: Value+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON UpdateIdentity++instance ToJSON UpdateIdentity where+ toEncoding = genericToEncoding defaultOptions++-- |+data VerifiableAddress = VerifiableAddress+ { -- |+ id :: Text,+ -- |+ status :: Text,+ -- |+ value :: Text,+ -- |+ verified :: Bool,+ -- |+ verified_at :: Maybe UTCTime,+ -- |+ via :: Text+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON VerifiableAddress++instance ToJSON VerifiableAddress where+ toEncoding = genericToEncoding defaultOptions++-- | Used to verify an out-of-band communication channel such as an email address or a phone number. For more information head over to: https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation+data VerificationFlow = VerificationFlow+ { -- | Active, if set, contains the registration method that is being used. It is initially not set.+ active :: Maybe Text,+ -- | ExpiresAt is the time (UTC) when the request expires. If the user still wishes to verify the address, a new request has to be initiated.+ expires_at :: Maybe UTCTime,+ -- |+ id :: Maybe Text,+ -- | IssuedAt is the time (UTC) when the request occurred.+ issued_at :: Maybe UTCTime,+ -- |+ messages :: Maybe [Message],+ -- | Methods contains context for all account verification methods. If a registration request has been processed, but for example the password is incorrect, this will contain error messages.+ methods :: (Map.Map String VerificationFlowMethod),+ -- | RequestURL is the initial URL that was requested from ORY Kratos. It can be used to forward information contained in the URL's path or query for example.+ request_url :: Maybe Text,+ -- |+ state :: Text,+ -- | The flow type can either be `api` or `browser`.+ _type :: Maybe Text+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON VerificationFlow where+ parseJSON =+ genericParseJSON+ defaultOptions+ { constructorTagModifier = \f -> if f == "_type" then "type" else f+ }++instance ToJSON VerificationFlow where+ toEncoding =+ genericToEncoding+ defaultOptions+ { constructorTagModifier = \f -> if f == "_type" then "type" else f+ }++-- |+data VerificationFlowMethod = VerificationFlowMethod+ { -- |+ config :: VerificationFlowMethodConfig,+ -- | Method contains the request credentials type.+ method :: Text+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON VerificationFlowMethod++instance ToJSON VerificationFlowMethod where+ toEncoding = genericToEncoding defaultOptions++-- |+data VerificationFlowMethodConfig = VerificationFlowMethodConfig+ { -- | Action should be used as the form action URL `<form action=\"{{ .Action }}\" method=\"post\">`.+ action :: Text,+ -- | Fields contains multiple fields+ fields :: [FormField],+ -- |+ messages :: Maybe [Message],+ -- | Method is the form method (e.g. POST)+ method :: Text+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON VerificationFlowMethodConfig++instance ToJSON VerificationFlowMethodConfig where+ toEncoding = genericToEncoding defaultOptions++-- |+data Version = Version+ { -- | Version is the service's version.+ version :: Maybe Text+ }+ deriving (Show, Eq, Generic, Data)++instance FromJSON Version++instance ToJSON Version where+ toEncoding = genericToEncoding defaultOptions
+ ory-kratos.cabal view
@@ -0,0 +1,44 @@+cabal-version: 3.0+name: ory-kratos+version: 0.0.5.5+synopsis: API bindings for Ory Kratos+description: Auto-generated API bindings for ory-kratos 0.5.5-alpha1+homepage: https://github.com/njaremko/ory-kratos-haskell-sdk+author: ory+maintainer: nathan@jaremko.ca+copyright: 2021 - Ory+category: Web+build-type: Simple+license: Apache-2.0++library+ hs-source-dirs: lib+ exposed-modules:+ OryKratos.API+ OryKratos.Types++ ghc-options: -Wall+ build-depends:+ , aeson ^>=1.5.6+ , base ^>=4.14.0.0+ , containers ^>=0.6.2+ , exceptions ^>=0.10.4+ , http-api-data ^>=0.4.2+ , http-client ^>=0.6.4+ , http-client-tls ^>=0.3.5+ , http-types ^>=0.12.3+ , mtl ^>=2.2.2+ , network-uri ^>=2.6.4+ , servant ^>=0.18.2+ , servant-client ^>=0.18.2+ , servant-client-core ^>=0.18.2+ , servant-server ^>=0.18.2+ , swagger2 ^>=2.6+ , text ^>=1.2.4+ , time ^>=1.9.3+ , transformers ^>=0.5.6+ , uuid ^>=1.3.14+ , wai ^>=3.2.3+ , warp ^>=3.3.14++ default-language: Haskell2010