servant-auth icon indicating copy to clipboard operation
servant-auth copied to clipboard
verified publisher icon haskell-servant

Rewrite documentation

Open domenkozar opened this issue 7 years ago • 2 comments

outline

  • overview
  • readme
  • user guide
    • xsrf options
      • document same-site as sane default
      • #97 document we're using double-submit protection
      • #71 document ajax with double-submit has a racing condition
      • #55 show that double-submit can be turned off and show what alternatives we support from https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
    • cookies
    • basicauth
    • JWT tokens
    • #73 authorization
    • #132 mention that key used for JWT means that we'll be able to decrypt cookies so it should be persistet
    • #119 new authorization schemes?

closes

  • #15 integrate this PR
  • #2 upstream servant-auth into servant
  • #64 prepare to be official once #2 is done
  • #43 add example POSTing to /login

domenkozar avatar Nov 04 '18 19:11 domenkozar

Maybe a few words about differences between servant-auth, servant-auth-server and servant-client. Just started reading about auth in servant and am a little confused which to focus on.

vlatkoB avatar Nov 14 '18 12:11 vlatkoB

It's similar to servant vs servant-server vs servant-client:

  • servant-auth has the combinators to use in API types and some related types/functions/etc
  • servant-auth-server has the server interpretation of those combinators and related types/functions/etc
  • servant-auth-server has the client interpretation of those combinators and related types/functions/etc

alpmestan avatar Nov 14 '18 13:11 alpmestan