Token Based Authentication

[qmmdb]

Have you considered adding token based authentication?

[agrafix]

Yes, that is certainly a good addition! But it will not land in the Spock package, but rather in a separate package (maybe it fits into the users package?). What exact type of token based auth did you have in mind? API-Keys? Cookie-Tokens? OAuth?

[qmmdb]

I'm leaning toward OAuth with tokens formatted in JWT.

[agrafix]

Yes, that should be a perfect case for an independent package building on Spock, as I do not see where it actually needs the Spock internals. There's a JWT library for haskell (https://github.com/frasertweedale/hs-jose), so it should be quick to implement. Do you want to give it a shot? :-)

[qmmdb]

1. I've never had to deal with this before until this week.
2. I'm reading all I can about the OAuth.
3. I really don't know if I'm the person to do this.

Not to kill any conversation, but since I opened this in the wrong repo, I'll close it now.

[qmmdb]

BTW, thanks for all of your work. This is an amazing project that has me excited about web development in Haskell again :)

[agrafix]

Happy to hear that! :-) I can't promise anything because I am very busy atm, but I'll look into OAuth & co when I find time. Let me know if you have any other ideas for Spock, find a bug or a bad documented feature!

[qmmdb]

https://github.com/anchor/oauth2-server seems relevant