{-# LANGUAGE GeneralizedNewtypeDeriving #-}
module Servant.Auth where

-- * Authentication

-- | @Auth [auth1, auth2] val :> api@ represents an API protected *either* by
-- @auth1@ or @auth2@
data Auth (auths :: [*]) val

-- ** Combinators

-- | A JSON Web Token (JWT) in the the Authorization header:
--
--    @Authorization: Bearer <token>@
--
-- Note that while the token is signed, it is not encrypted. Therefore do not
-- keep in it any information you would not like the client to know.
--
-- JWTs are described in IETF's <https://tools.ietf.org/html/rfc7519 RFC 7519>
data JWT

-- | A cookie. The content cookie itself is a JWT. Another cookie is also used,
-- the contents of which are expected to be send back to the server in a
-- header, for CSRF protection.
data Cookie


-- We could use 'servant''s BasicAuth, but then we don't get control over the
-- documentation, and we'd have to polykind everything. (Also, we don't
-- currently depend on servant!)
--
-- | Basic Auth.
data BasicAuth

-- | Login via a form.
data FormLogin form