CI

unfoldml · Jun 17, 2023 · 54c461d · 54c461d
1 parent 941303b
commit 54c461d
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 8 deletions.
diff --git a/.github/workflows/haskell.yml b/.github/workflows/haskell.yml
@@ -22,7 +22,7 @@ jobs:
  uses: actions/checkout@v3
  - name: Setup compiler, build and test
  run: |
- stack build --resolver ${{ matrix.stack-resolver }}
+ stack build --silent --resolver ${{ matrix.stack-resolver }}
  stack test
 
  # - name: Setup Haskell tools

diff --git a/ms-graph-api.cabal b/ms-graph-api.cabal
@@ -32,7 +32,7 @@ library
  , aeson
  , bytestring
  , containers
- , hoauth2 >= 2.6.0
+ , hoauth2 == 2.6.0
  , http-client
  , http-conduit
  , http-types

diff --git a/src/Network/OAuth2/Session.hs b/src/Network/OAuth2/Session.hs
@@ -37,9 +37,8 @@ import qualified Data.Map as M (Map, insert, lookup, alter)
 -- -- heaps
 -- import qualified Data.Heap as H (Heap, empty, null, size, insert, viewMin, deleteMin, Entry(..), )
 -- hoauth2
-import Network.OAuth.OAuth2 (OAuth2Token(..))
+import Network.OAuth.OAuth2 (OAuth2Token(..), AccessToken(..), ExchangeToken(..), RefreshToken(..), OAuth2Error, IdToken(..))
 import Network.OAuth2.Experiment (IdpUserInfo, conduitUserInfoRequest, mkAuthorizeRequest, conduitTokenRequest, conduitRefreshTokenRequest, HasRefreshTokenRequest(..), WithExchangeToken, IdpApplication(..), GrantTypeFlow(..))
-import Network.OAuth.OAuth2.Internal (AccessToken(..), ExchangeToken(..), RefreshToken(..), OAuth2Error, IdToken(..))
 import Network.OAuth.OAuth2.TokenRequest (Errors)
 -- http-client
 import Network.HTTP.Client (Manager)
@@ -78,7 +77,7 @@ type Scotty = ScottyT TL.Text
 --
 -- https://learn.microsoft.com/en-us/azure/app-service/configure-authentication-user-identities#access-user-claims-in-app-code
 
--- | The JWT identity token extracted from the headers injected by App Service can be decoded for its claims e.g. @sub@ (which is unique for each user for a given app)
+-- | The JWT identity token from the @X-MS-TOKEN-AAD-ID-TOKEN@ header injected by App Service can be decoded for its claims e.g. @sub@ (which is unique for each user for a given app)
 --
 -- https://bogdan.bynapse.com/azure/the-app-service-token-store-was-added-to-app-service-authentication-authorization-and-it-is-a-repository-of-oauth-tokens-associated-with-your-app-users-when-a-user-logs-into-your-app-via-an-iden/
 --
@@ -209,7 +208,8 @@ refreshLoop :: (MonadUnliftIO m, Ord uid, HasRefreshTokenRequest a) =>
 refreshLoop ts idpApp mgr uid oaToken = forkFinally (act oaToken) cleanup
  where
  cleanup = \case
- Left _ -> pure () -- FIXME what to do in case of auth errors?
+ Left _ -> do
+ expireUser ts uid -- auth error(s), remove user from memory
  Right _ -> pure ()
  act oat = do
  ein <- updateToken ts uid oat -- replace new token in memory

diff --git a/stack.yaml b/stack.yaml
@@ -36,11 +36,11 @@ packages:
 # forks / in-progress versions pinned to a git hash. For extra:
 #
 extra-deps:
-# - hoauth2-2.6.0
+- hoauth2-2.6.0
 - validation-selective-0.2.0.0
 - selective-0.6
 
-allow-newer: true
+# allow-newer: true
 
 
 # - acme-missiles-0.3