servant-auth icon indicating copy to clipboard operation
servant-auth copied to clipboard

Published 20 hours ago verified publisher icon haskell-servant

Prepare to be official

Open jkarni opened this issue 8 years ago • 11 comments

servant-auth is becoming the official auth mechanism for servant. Before that can happen, we should

  • [ ] Update the tutorial (in the servant repo)
  • [x] Fix #52 / #59
  • [ ] Maybe also #8 ? (That's a little less clear to me; it's not like the current servant authentication combinators have useful instances there)
  • [ ] Add option without cookies

jkarni avatar Oct 18 '17 17:10 jkarni

We need to support GHC-7.8.4 here (or drop it from core servant).

phadej avatar Nov 06 '17 09:11 phadej

Well, didn't we say the last 3 major releases? 8.2, 8.0, 7.10 should be enough then. By the way, I may end up giving a shot at writing the servant-auth bit of the tutorial. I've been looking at it from closer lately when helping people out on the IRC channel, so I'm a little more qualified than I was =)

alpmestan avatar Nov 06 '17 10:11 alpmestan

FWIW, I'd support as far as possible, if there's no big hassle in that. I'll see why 7.8.4 doesn't work, I don't think there are anything preventing it from working. (Except it is hassle with managing stack.yamls, See #65 ).

phadej avatar Nov 06 '17 11:11 phadej

Ah, 7.8.4 won't work out, as jose is >= 7.10 :/

EDIT and neither we, or jose (or jose's dependencies, exception is that cryptonite does mention 7.8 atm in the README) say anything about their GHC support policy

phadej avatar Nov 06 '17 13:11 phadej

Ours has been agreed upon over time but we never wrote it down properly indeed.

alpmestan avatar Nov 06 '17 15:11 alpmestan

Add option without cookies

#54 should accomplish this but it doesn't have test coverage yet.

3noch avatar Nov 06 '17 18:11 3noch

I should also mention that #54 also adds a clearSession function which was missing from the API. This is needed for any sort of manual log out. It seems pretty important to me.

3noch avatar Nov 06 '17 18:11 3noch

Can Servant.Foreign instances be added? I've attempted one (below) but I can't quite figure out how to get the "Bearer " in (I'm new to Servant.Foreign).

instance (HasJWT auths, HasForeignType lang ftype Token, HasForeign lang ftype sub) => HasForeign lang ftype (Auth auths a :> sub) where
  type Foreign ftype (Auth auths a :> sub) = Foreign ftype sub

  foreignFor lang Proxy Proxy req =
    foreignFor lang Proxy subP $ req & reqHeaders <>~ [HeaderArg arg]
    where
      arg   = Arg
        { _argName = PathSegment "Authorization"
        , _argType = ftype
        }
      ftype = typeFor lang (Proxy :: Proxy ftype) (Proxy :: Proxy Token)
      subP  = Proxy :: Proxy sub

dbaynard avatar Nov 12 '17 02:11 dbaynard

@jkarni

Add option without cookies

Does this imply Cookie authentication without XSRF?

domenkozar avatar Jun 17 '18 09:06 domenkozar

As per https://github.com/haskell-servant/servant/pull/1074, the last thing missing is documentation.

domenkozar avatar Nov 09 '18 16:11 domenkozar

What's the status for adding new auth schemes btw? I guess it's rather important, as the experimental auth would let you do that quite easily.

alpmestan avatar Nov 09 '18 18:11 alpmestan