Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support BasicAuth combinator (servant 0.5 support) #34

Closed
JoshuaGross opened this issue Mar 29, 2016 · 9 comments
Closed

Support BasicAuth combinator (servant 0.5 support) #34

JoshuaGross opened this issue Mar 29, 2016 · 9 comments

Comments

@JoshuaGross
Copy link
Contributor

More information here: https://haskell-servant.github.io/posts/2016-03-19-servant-0.5-release.html#basic-auth
@tommyengstrom
Copy link

Any work been done on this? I got stuck on this issue and don't know how to solve it.

@fizruk
Copy link
Member

fizruk commented Jul 11, 2016

I think you can just use ApiKeyParams with ApiKeyHeader location and "Authorization" header name. Basic Auth is essentially API Key, except it has the key (header value) of special form:

Basic <base64 encoded username:password>

Which you might mention in the _securitySchemeDescription by simply writing "Basic access authentication" or something like that.

You might also want to automatically add possible responses: 401 Unauthorized (when authentication data is missing) and, probably (but not necessarily) 403 Forbidden (when user is authenticated, but not authorized).

@tommyengstrom
Copy link

Aha, thanks for the pointer. I was trying to generate the swagger documentation for an API that contained BasicAuth. Now I just put it outside.

@tommyengstrom
Copy link

I just realized that by putting the Authorization outside of the documented API I lose the ability to have user dependent access levels. Is there some solution for this?

@fizruk
Copy link
Member

fizruk commented Jul 12, 2016

What do you mean by "user dependent access levels"?

@fizruk
Copy link
Member

fizruk commented Jul 12, 2016

@tommyengstrom BTW, I'm available on IRC #servant channel if you want more live discussion!

@tommyengstrom
Copy link

What I did was to define on api, lets call it SecureAPI, without any authorization. This API I can then generate swagger documentation for without running in to the issue of the BasicAuth combinator not being supported.

Then I did someting like:
BasicAuth "realm" AuthInfo :> SecureAPI :<|> SwaggerEndpoints

... But now the I don't have the ability to restrict access with more granularity, e.g. only allowing access to information about your data.

I'll join the IRC channel after lunch.

@domenkozar
Copy link

Given that servant-auth is going to replace the old authentication I recommend closing this in favor of https://github.com/haskell-servant/servant-auth/blob/master/servant-auth-swagger/src/Servant/Auth/Swagger.hs#L45

fisx pushed a commit to wireapp/servant-swagger that referenced this issue Jun 1, 2019
@tiago-loureiro
Merge pull request haskell-servant#34 from wireapp/issue-605
ac27609 
Ensure ranges are respected during updates as well
@gromakovsky gromakovsky mentioned this issue Nov 3, 2021
Open
@akhesaCaro
Copy link
Contributor

Hi,
Servant-swagger will be moved into the main Servant repo (see : haskell-servant/servant#1475)
If this issue is still relevant, would it be possible for you to summit it there? : https://github.com/haskell-servant/servant/issues

Thanks in advance!

maksbotan pushed a commit to biocad/servant-swagger that referenced this issue Mar 13, 2023
@ysangkok
No upper bound on Cabal dependency
307d284 
Fixes haskell-servant#34
@JoshuaGross JoshuaGross closed this as not planned Won't fix, can't repro, duplicate, stale Mar 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@JoshuaGross @domenkozar @fizruk @tommyengstrom @akhesaCaro