16

The Problem

I'm writing a standalone desktop application in Haskell and I would love to have an authentication support in it. I want the user to be able to log into this application by google / facebook / etc account.

Some Research

I've found some protocols and related haskell libraries:

  • OpenID (openid, authenticate) - but as @Changaco has noted - this protocol is connected to the web browser.
  • OAuth (authenticate-oauth, hoauth) - but the first one seems to be strongly related to Yesod (web framework) and the second supports OAuth version 1.0 (currently there is version 2.0 available)

The Question

Is it possible to create such authentication in standalone Haskell application? What library should I use? Or maybe I should write it in C++ and use it from Haskell?

The main requirements are:

  1. The authentication mechanism should work in standalone application on all major platforms (Linux, Windows, Darwin)
  2. The authentication mechanism should work with application without gui.
Wojciech Danilo
  • 11,573
  • 17
  • 66
  • 132
  • 1
    What do you mean with "standalone"? A desktop application or a web application without using a framework? – firefrorefiddle Aug 28 '13 at 06:17
  • authenticate is also used by Yesod as one of possible authentication options. See http://hackage.haskell.org/packages/archive/yesod-auth/1.2.1/doc/html/Yesod-Auth-OpenId.html . – Laar Aug 28 '13 at 10:18
  • @MikeHartl: I'm talking about standalone desktop application. (fixed in the question) – Wojciech Danilo Aug 28 '13 at 11:08
  • 2
    I'm curious: why would a standalone application need Google/Facebook/etc authentication ? What are you trying to accomplish ? – Changaco Aug 30 '13 at 11:03
  • @Changaco: User will be allowed to create accunt in a web service (and login using exisitng google / (etc) accounts). He will also have the possibility of downloading standalone applciation, which after execution will prompt him to login - to synchronize the settings, accounts etc. Does it make sense now? – Wojciech Danilo Aug 30 '13 at 18:45
  • @Changaco: That is an interesting idea. Do you know any solutions, which allows you to do it? (I know we can use simple string based generated keys, but maybe there is some existing, proved solution) – Wojciech Danilo Aug 30 '13 at 19:58
  • @danilo2 I don't know of any specific solution. You can just reuse code from a project that generates random strings, for example [the `randomString` function used in yesod-core](https://github.com/yesodweb/yesod/blob/master/yesod-core/Yesod/Core/Internal/Request.hs). – Changaco Aug 30 '13 at 20:42

1 Answers1

5

Original answer

OpenID works by sending the user to its provider's website and then redirecting it back to the "relying" website (cf OpenID spec). This process requires a web browser, so you either have to integrate one into your application or open one up. In the latter case you also need a way to get the result of the authentication process, either by asking the user to copy-paste it or by running a web server on localhost.

Second answer after question update

  1. The authentication mechanism should work in standalone application on all major platforms (Linux, Windows, Darwin)
  2. The authentication mechanism should work with application without gui.

Without a GUI, the best solution probably is to just prompt the user for his password. OpenID and OAuth 1.0 don't support this use case, but OAuth 2.0 does. authenticate-oauth and hoauth don't support the 2.0 protocol, but there is an hoauth2 package.

Third answer after further details given in the comments

User will be allowed to create accunt in a web service (and login using exisitng google / (etc) accounts). He will also have the possibility of downloading standalone applciation, which after execution will prompt him to login - to synchronize the settings, accounts etc.

In that case I think the simplest solution is to generate a unique "app key" for each user. He can then enter his user name and app key in the standalone application to authenticate himself to your website. This method avoids asking him for his Google/etc password, which he may not even know if he uses a password manager.

Community
  • 1
  • 1
Changaco
  • 790
  • 5
  • 12
  • Ok, thank you very much! You are right - I was thinking, that OpenID is a very general protocol. I simply want to create an authentication mechanism to my standalone application, which will allow users to login by their existing gmail (etc) accounts. I've updated the question to better describe the problem. – Wojciech Danilo Aug 30 '13 at 01:09
  • Additonal I have found out, that maybe it is possible to use OpenID with standalone desktop apps: http://stackoverflow.com/questions/4634408/can-non-web-applications-use-openid – Wojciech Danilo Aug 30 '13 at 02:12