Open lthms opened 8 years ago
I did not know about it. What is it about? Anyway - I will look into it, when I have some time. If you need it sooner - I would love a pull request! :-)
You are welcome! I am happy if people find it useful!
Docs: http://haskell-servant.readthedocs.io/en/stable/tutorial/Authentication.html Needs to be fixed first: https://github.com/haskell-servant/servant/issues/463
Until someone (e.g. me) gets to fixing this, you can use an authentication scheme like I do for my application:
I simply use a plain Authorization header and create an API like this:
type FullAPI = "public" :> "endpoint" :> Get '[JSON] Text
:<|> "private" :> Header "Authorization" AuthToken :> AuthAPI
type AuthAPI = my protected handlers
Then I use servant's enter
to protect my auth API in a single place. With enter you can translate a monad stack to another monad stack of your liking, e.g. one with a Reader monad containing the retrieved authorization data, in the translation function you can simply throw an appropriate error if the authentication data is not correct. You can find an example here. It is a bit obfuscated because I am not yet using a standard transformer stack, but freer extensible effects (was an experiment) - but you get the idea.
Hope that helps - it took me a while to notice that you can handle authentication pretty well with enter, which is documented here.
Best regards,
Robert
In fact I am quite happy with this enter
based authentication - that's why I never really checked out the new Auth API of servant.
Correct me if I am wrong, but I think the AuthProtect combinator is not supported by servant-purescript. Do you have any plan to add this support?
Anyway, thank for this awesome project!