adding bot framework auth

ms-auth/ms-auth.cabal

@@ -1,5 +1,5 @@
 name: ms-auth
-version: 0.3.0.0
+version: 0.4.0.0
 synopsis: Microsoft Authentication API
 description: Bindings to the Microsoft Identity API / Active Directory (AD) for building applications that use either Authorization Code (User-facing) or (App-only) authorization flows. Helper functions are provided for building OAuth2 authentication flows and keep tokens transactionally secure and up to date.
 homepage: https://github.com/unfoldml/ms-graph-api

ms-auth/src/Network/OAuth2/Provider/AzureAD.hs

@@ -8,14 +8,18 @@
 -- | Settings for using Azure Active Directory as OAuth identity provider
 --
 -- Both @Auth Code Grant@ (i.e. with browser client interaction) and @App-only@ (i.e. Client Credentials) authentication flows are supported. The former is useful when a user needs to login and delegate some permissions to the application (i.e. accessing personal data), whereas the second is for server processes and automation accounts.
+--
+-- Azure Bot Framework is supported since v 0.
 module Network.OAuth2.Provider.AzureAD (
  AzureAD
+ , AzureBotFramework
  -- * Environment variables
  , envClientId
  , envClientSecret
  , envTenantId
  -- * App flow
  , azureADApp
+ , azureBotFrameworkOAuthADApp
  -- * Delegated permissions OAuth2 flow
  , OAuthCfg(..)
  , AzureADUser
@@ -163,7 +167,7 @@ defaultAzureOAuthADApp =
  , idpAppAuthorizeState = "CHANGE_ME" -- https://stackoverflow.com/questions/26132066/what-is-the-purpose-of-the-state-parameter-in-oauth-authorization-request
  , idpAppAuthorizeExtraParams = Map.empty
  , idpAppRedirectUri = [uri|http://localhost|] --
- , idpAppName = "default-azure-app" --
+ , idpAppName = "" --
  , idpAppTokenRequestAuthenticationMethod = ClientSecretBasic
  , idp = defaultAzureADIdp
  }
@@ -178,6 +182,31 @@ defaultAzureADIdp =
  , idpTokenEndpoint = [uri|https://login.microsoftonline.com/common/oauth2/v2.0/token|]
  }
 
+-- | 
+azureBotFrameworkOAuthADApp :: ClientId
+ -> ClientSecret
+ -> TL.Text -- ^ app name
+ -> IdpApplication 'ClientCredentials AzureBotFramework
+azureBotFrameworkOAuthADApp clid sec appname = ClientCredentialsIDPAppConfig {
+ idpAppClientId = clid,
+ idpAppClientSecret = sec,
+ idpAppName = appname,
+ idpAppScope = Set.fromList ["https://api.botframework.com/.default"],
+ idpAppTokenRequestExtraParams = mempty,
+ idp = defaultAzureBotFrameworkIdp
+ }
+
+
+data AzureBotFramework = AzureBotFramework
+
+defaultAzureBotFrameworkIdp :: Idp AzureBotFramework
+defaultAzureBotFrameworkIdp = Idp {
+ idpFetchUserInfo = authGetJSON @(IdpUserInfo AzureBotFramework)
+ , idpTokenEndpoint = [uri|https://login.microsoftonline.com/botframework.com/oauth2/v2.0/token|]
+ , idpUserInfoEndpoint = error $ unwords ["Azure Bot Framework Idp:", "OAuth user info endpoint is not defined"]
+ , idpAuthorizeEndpoint = error $ unwords ["Azure Bot Framework Idp:", "OAuth authorize endpoint is not defined"]
+ }
+
 -- | https://learn.microsoft.com/en-us/azure/active-directory/develop/userinfo
 data AzureADUser = AzureADUser
  { sub :: T.Text

ms-auth/src/Network/OAuth2/Session.hs

@@ -372,6 +372,27 @@ fetchUpdateTokenACG ts idpApp mgr etoken = ExceptT $ do
  Left es -> pure $ Left (OASEJWTException es) -- id token validation failed
  Left es -> pure $ Left (OASEOAuth2Errors es)
 
+
+-- -- -- for Bot Framework auth etc
+-- fetchUpdateToken' :: MonadIO m =>
+-- Tokens UserSub OAuth2Token
+-- -> IdpApplication 'ClientCredentials i
+-- -> Manager
+-- -> ExceptT OAuthSessionError m OAuth2Token
+-- fetchUpdateToken' ts idpApp mgr = ExceptT $ do
+-- tokenResp <- runExceptT $ conduitTokenRequest idpApp mgr -- OAuth2 token
+-- case tokenResp of
+-- Right oat -> case idToken oat of
+-- Nothing -> pure $ Left OASENoOpenID
+-- Just idt -> do
+-- idtClaimsE <- decValidIdToken idt -- decode and validate ID token
+-- case idtClaimsE of
+-- Right uid -> do
+-- _ <- refreshLoopACG ts idpApp mgr uid oat -- fork a thread and start refresh loop for this user
+-- pure $ Right oat
+
+
+
 -- | 2) fork a thread and start token refresh loop for user @uid@
 refreshLoopACG :: (MonadIO m, Ord uid, HasRefreshTokenRequest a) =>
  Tokens uid OAuth2Token