This module performs a single authentication lookup per request and uses the Yesod request-local caching mechanisms to store valid auth credentials found in the Authorization header.
The recommended way to use this module is to override the maybeAuthId in the Yesod typeclass to defaultMaybeBasicAuthId and supply a credentials lookup function.
instance YesodAuth App where
type AuthId App = Text
getAuthId = return . Just . credsIdent
maybeAuthId = defaultMaybeBasicAuthId checkCreds defaultAuthSettings
where
checkCreds = \k s -> return $ (k == "user")
&& (s == "secret")
WWW-Authenticate challenges are currently not implemented. The current workaround is to override the error handler in the Yesod typeclass:
instance Yesod App where
errorHandler NotAuthenticated = selectRep $
provideRep $ do
addHeader "WWW-Authenticate" $ T.concat
[ "RedirectJSON realm=\"Realm\", param=\"myurl.com\"" ]
-- send error response here
...
errorHandler e = defaultErrorHandler e
...
Proper response status on failed authentication is not implemented
yet. The current workaround is to override the Yesod
typeclass
isAuthorized
function to handle required auth routes. e.g.
instance Yesod App where
isAuthorized SecureR _ =
maybeAuthId >>= return . maybe AuthenticationRequired (const Authorized)
isAuthorized _ _ = Authorized
- [ ] Utilize Yesod.Auth framework
- [ ] Realm (AuthSettings)
- [ ] Proper response status and challenge (AuthSettings)