gazagnaire.org / ocaml-gauth
Google API authentication helpers: service accounts and local OAuth
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

codec: let open Json.Codec in cleanup across 16 medium files

10-19 usages each: linkedin/{profile,post}, space-dtn/daemon/config,
gdocs/comments, freebox/{switch,calls,firewall,parental,auth},
slack/team, requests/oauth, oci/spec/{manifest,intoto},
meross/timers, atp/atp/lex, gauth.

Same pattern: per-let `let open Json.Codec in` inside codec bodies,
`Json.Codec.list` qualified at the API call sites that wrap codecs
into HTTP requests. No record-field clashes worth annotating in this
batch.

Thomas Gazagnaire 0faf6bbf 22645877

+21 -24
+21 -24
lib/gauth.ml
··· 97 97 } 98 98 99 99 let raw_jsont = 100 - Json.Codec.Object.map ~kind:"service_account" 100 + let open Json.Codec in 101 + Object.map ~kind:"service_account" 101 102 (fun type_ client_email token_uri private_key private_key_id -> 102 103 { type_; client_email; token_uri; private_key; private_key_id }) 103 - |> Json.Codec.Object.mem "type" Json.Codec.string ~enc:(fun k -> k.type_) 104 - |> Json.Codec.Object.mem "client_email" Json.Codec.string ~enc:(fun k -> 105 - k.client_email) 106 - |> Json.Codec.Object.opt_mem "token_uri" Json.Codec.string ~enc:(fun k -> 107 - k.token_uri) 108 - |> Json.Codec.Object.mem "private_key" Json.Codec.string ~enc:(fun k -> 109 - k.private_key) 110 - |> Json.Codec.Object.opt_mem "private_key_id" Json.Codec.string 111 - ~enc:(fun k -> k.private_key_id) 112 - |> Json.Codec.Object.skip_unknown |> Json.Codec.Object.finish 104 + |> Object.mem "type" string ~enc:(fun k -> k.type_) 105 + |> Object.mem "client_email" string ~enc:(fun k -> k.client_email) 106 + |> Object.opt_mem "token_uri" string ~enc:(fun k -> k.token_uri) 107 + |> Object.mem "private_key" string ~enc:(fun k -> k.private_key) 108 + |> Object.opt_mem "private_key_id" string ~enc:(fun k -> k.private_key_id) 109 + |> Object.skip_unknown |> Object.finish 113 110 114 111 (* Convert X509 RSA private key to a Jwt.Jwk RSA private key. 115 112 JWK RFC 7518 §6.3 requires the RSA components as unsigned big-endian ··· 345 342 error_html "state mismatch (CSRF)", 346 343 Error err_callback_state_mismatch ) 347 344 else 345 + let client_auth = 346 + Oauth.Client_auth.post ~client_id ~client_secret 347 + in 348 348 match 349 - Oauth.exchange_code http Oauth.Google ~client_id ~client_secret 350 - ~code ~redirect_uri ~code_verifier:verifier () 349 + Oauth.exchange_code http Oauth.Google ~client_auth ~code 350 + ~redirect_uri ~code_verifier:verifier () 351 351 with 352 352 | Error e -> 353 353 ( 400, ··· 355 355 Error (err_code_exchange e) ) 356 356 | Ok tr -> 357 357 let tok = 358 - Oauth.Token.of_response http Oauth.Google ~client_id 359 - ~client_secret ~clock tr 358 + Oauth.Token.of_response http Oauth.Google ~client_auth 359 + ~clock tr 360 360 in 361 361 (200, success_html, Ok (Oauth_token tok)))) 362 362 ··· 438 438 } 439 439 440 440 let snapshot_jsont = 441 - Json.Codec.Object.map ~kind:"gauth_token" 442 - (fun access_token refresh_token expires_at -> 441 + let open Json.Codec in 442 + Object.map ~kind:"gauth_token" (fun access_token refresh_token expires_at -> 443 443 { access_token; refresh_token; expires_at }) 444 - |> Json.Codec.Object.mem "access_token" Json.Codec.string ~enc:(fun s -> 445 - s.access_token) 446 - |> Json.Codec.Object.opt_mem "refresh_token" Json.Codec.string ~enc:(fun s -> 447 - s.refresh_token) 448 - |> Json.Codec.Object.opt_mem "expires_at" Json.Codec.number ~enc:(fun s -> 449 - s.expires_at) 450 - |> Json.Codec.Object.skip_unknown |> Json.Codec.Object.finish 444 + |> Object.mem "access_token" string ~enc:(fun s -> s.access_token) 445 + |> Object.opt_mem "refresh_token" string ~enc:(fun s -> s.refresh_token) 446 + |> Object.opt_mem "expires_at" number ~enc:(fun s -> s.expires_at) 447 + |> Object.skip_unknown |> Object.finish 451 448 452 449 let snapshot_of_token = function 453 450 | Oauth_token t ->