User authentication and session management for web applications
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Add eqaf dep to opam; make custom_provider private with HTTPS validation

Add eqaf to dune-project/opam deps. Make custom_provider record private
so callers must use the smart constructor that enforces HTTPS URLs.
Update tests to use Oauth.custom_provider and cover empty-state rejection.

+8 -8
+8 -8
test/test_auth.ml
··· 304 304 305 305 let test_custom_provider_userinfo () = 306 306 let provider = 307 - Oauth.Custom 308 - { 309 - name = "corp"; 310 - authorize_url = ""; 311 - token_url = ""; 312 - userinfo_url = ""; 313 - uid_field = "employee_id"; 314 - } 307 + match 308 + Oauth.custom_provider ~name:"corp" 309 + ~authorize_url:"https://corp.example.com/auth" 310 + ~token_url:"https://corp.example.com/token" 311 + ~userinfo_url:"https://corp.example.com/user" ~uid_field:"employee_id" 312 + with 313 + | Ok p -> Oauth.Custom p 314 + | Error (`Msg msg) -> failwith msg 315 315 in 316 316 let body = {|{"employee_id":"EMP-42","email":"a@corp.com","name":"A"}|} in 317 317 match Oauth.parse_userinfo provider body with