Clément Delafargue

superseded by #202

after thinking things through and experimenting, here's what I think: - the datalog world should always be up-to-date wrt facts and rules from the token and authorizer blocks (this might...

Thanks for your PR! The general idea is good, but since biscuit blocks are versioned, the new operations cannot be directly added, they need to be checked against the block...

Thanks! I'm not sure how much of this is intended behaviour or not. In any case, it should be properly documented.

ah yes, the missing `HasLink` instance is an overview indeed. The PR makes the choice to use `Text` everywhere instead of `String` in alignment with `Network.HTTP.Types` which provides `QueryText`, and...

yeah, query params handling is complex since in many cases you can provide them un-encoded to user-agents and it will work. in some cases it’s the expected behaviour (people usually...

Yes. Thinking about it, imo ToDeepQuery and FromDeepQuery should only work on non-encoded values. So it would be good to make sure that the HasClient and HasServer instances correctly expect/pass...

the library does not offer helpers for these yet, so for now you are supposed to handle the revocation list yourself before running the authorizer. Other libs like biscuit-haskell include...

RFC2616 is quite outdated, so the status list from the original post is incomplete. RFC9110 adds the 308 response code as well https://httpwg.org/specs/rfc9110.html#status.308

## about negative matching currently, there is one way to assert the absence of a fact, the `deny` policy. It might work with your use-case, exploiting the fact that policies...