servant-oauth2: A library for OAuth2 authentication in servant.

[ library, web ] [ Propose Tags ]

A library for OAuth2 authentication in servant. It is a modern wrapper around wai-middleware-auth, and provides the ability to build type-safe authorised APIs with authentication provided by the wai oauth2 backends. See for example usage.

[Skip to Readme]


  • Servant
    • Servant.OAuth2
      • Servant.OAuth2.Cookies
      • Servant.OAuth2.Hacks


Maintainer's Corner

Package maintainers

For package maintainers and hackage trustees


  • No Candidates
Versions [RSS],
Dependencies base (>=4.7 && <5), base64-bytestring, binary, bytestring, clientsession, cookie, exceptions, hoauth2, http-types, mtl, servant, servant-blaze, servant-server, shakespeare, text, tomland, unordered-containers, uri-bytestring, wai, wai-middleware-auth, warp [details]
License LicenseRef-OtherLicense
Copyright 2022 Tweag
Author Tweag
Category Web
Home page
Uploaded by NoonSilk at 2022-07-18T12:15:23Z
Distributions NixOS:
Reverse Dependencies 1 direct, 0 indirect [details]
Downloads 71 total (5 in the last 30 days)
Rating (no votes yet) [estimated by Bayesian average]
Your Rating
  • λ
  • λ
  • λ
Status Docs not available [build log]
All reported builds failed as of 2022-07-18 [all 2 reports]

Readme for servant-oauth2-

[back to package description]


This is a modern servant wrapper around the wai-middleware-auth OAuth2 provider implementations.


Simplest example:

./hack example-basic

Cookie example:

./hack example-cookies

Example that performs "authorisation" (i.e. there is an 'admin' section):

./hack example-auth

Before running

You'll need to make a GitHub OAuth application, and a Google one, if you want to test that as well.

The details of which you'll need to place in ./config.toml. See ./config.example.toml for an example.

The most important detail is that the callback URL on github, and in the config, is set to the same thing:



  • Contributing guide
  • Document exported functions
  • More detailed readme documentation
  • Build in an example of 'Authorisation'; i.e. lifting the logins to the type-level
  • Show an example of multiple auths (distinguish by type)
  • See if we can get away with only doing it for complete
  • Pass settings through somehow
  • Try and hide away as much details as possible
  • Define a basic structure following AuthProtect