src/Sproxy/Application/OAuth2/LinkedIn.hs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91

{-# LANGUAGE DeriveDataTypeable #-}
{-# LANGUAGE OverloadedStrings #-}

module Sproxy.Application.OAuth2.LinkedIn
  ( provider
  ) where

import Control.Applicative (empty)
import Control.Exception (Exception, throwIO)
import Data.Aeson
       (FromJSON, Value(Object), (.:), decode, parseJSON)
import Data.ByteString.Lazy (ByteString)
import Data.Monoid ((<>))
import Data.Text (Text)
import Data.Text.Encoding (encodeUtf8)
import Data.Typeable (Typeable)
import qualified Network.HTTP.Conduit as H
import Network.HTTP.Types.URI (urlEncode)

import Sproxy.Application.Cookie
       (newUser, setFamilyName, setGivenName)
import Sproxy.Application.OAuth2.Common
       (AccessTokenBody(accessToken), OAuth2Client(..), OAuth2Provider)

provider :: OAuth2Provider
provider (client_id, client_secret) =
  OAuth2Client
  { oauth2Description = "LinkedIn"
  , oauth2AuthorizeURL =
      \state redirect_uri ->
        "https://www.linkedin.com/oauth/v2/authorization" <>
        "?scope=r_basicprofile%20r_emailaddress" <>
        "&client_id=" <>
        urlEncode True client_id <>
        "&redirect_uri=" <>
        urlEncode True redirect_uri <>
        "&response_type=code" <>
        "&state=" <>
        urlEncode True state
  , oauth2Authenticate =
      \code redirect_uri -> do
        let treq =
              H.urlEncodedBody
                [ ("client_id", client_id)
                , ("client_secret", client_secret)
                , ("code", code)
                , ("grant_type", "authorization_code")
                , ("redirect_uri", redirect_uri)
                ] $
              H.parseRequest_
                "POST https://www.linkedin.com/oauth/v2/accessToken"
        mgr <- H.newManager H.tlsManagerSettings
        tresp <- H.httpLbs treq mgr
        case decode $ H.responseBody tresp of
          Nothing -> throwIO $ LinkedInException tresp
          Just atResp -> do
            let ureq =
                  (H.parseRequest_
                     "https://api.linkedin.com/v1/people/\
                \~:(email-address,first-name,last-name)?format=json")
                  { H.requestHeaders =
                      [ ( "Authorization"
                        , "Bearer " <> encodeUtf8 (accessToken atResp))
                      ]
                  }
            uresp <- H.httpLbs ureq mgr
            case decode $ H.responseBody uresp of
              Nothing -> throwIO $ LinkedInException uresp
              Just u ->
                return $
                setFamilyName (lastName u) $
                setGivenName (firstName u) $ newUser (emailAddress u)
  }

data LinkedInException =
  LinkedInException (H.Response ByteString)
  deriving (Show, Typeable)

instance Exception LinkedInException

data LinkedInUserInfo = LinkedInUserInfo
  { emailAddress :: Text
  , firstName :: Text
  , lastName :: Text
  } deriving (Eq, Show)

instance FromJSON LinkedInUserInfo where
  parseJSON (Object v) =
    LinkedInUserInfo <$> v .: "emailAddress" <*> v .: "firstName" <*>
    v .: "lastName"
  parseJSON _ = empty