Haskell standalone desktop application authentication (using google / facebook / twitter / etc accounts)

Question

The Problem

I'm writing a standalone desktop application in Haskell and I would love to have an authentication support in it. I want the user to be able to log into this application by google / facebook / etc account.

Some Research

I've found some protocols and related haskell libraries:

• OpenID (openid, authenticate) - but as @Changaco has noted - this protocol is connected to the web browser.
• OAuth (authenticate-oauth, hoauth) - but the first one seems to be strongly related to Yesod (web framework) and the second supports OAuth version 1.0 (currently there is version 2.0 available)

The Question

Is it possible to create such authentication in standalone Haskell application? What library should I use? Or maybe I should write it in C++ and use it from Haskell?

The main requirements are:

1. The authentication mechanism should work in standalone application on all major platforms (Linux, Windows, Darwin)
2. The authentication mechanism should work with application without gui.

Answer 1

Original answer

OpenID works by sending the user to its provider's website and then redirecting it back to the "relying" website (cf OpenID spec). This process requires a web browser, so you either have to integrate one into your application or open one up. In the latter case you also need a way to get the result of the authentication process, either by asking the user to copy-paste it or by running a web server on localhost.

---

Second answer after question update

1. The authentication mechanism should work in standalone application on all major platforms (Linux, Windows, Darwin)
2. The authentication mechanism should work with application without gui.

Without a GUI, the best solution probably is to just prompt the user for his password. OpenID and OAuth 1.0 don't support this use case, but OAuth 2.0 does. authenticate-oauth and hoauth don't support the 2.0 protocol, but there is an hoauth2 package.

---

Third answer after further details given in the comments

User will be allowed to create accunt in a web service (and login using exisitng google / (etc) accounts). He will also have the possibility of downloading standalone applciation, which after execution will prompt him to login - to synchronize the settings, accounts etc.

In that case I think the simplest solution is to generate a unique "app key" for each user. He can then enter his user name and app key in the standalone application to authenticate himself to your website. This method avoids asking him for his Google/etc password, which he may not even know if he uses a password manager.