{-# LANGUAGE AllowAmbiguousTypes #-} -- This file is part of the Wire Server implementation. -- -- Copyright (C) 2022 Wire Swiss GmbH <opensource@wire.com> -- -- This program is free software: you can redistribute it and/or modify it under -- the terms of the GNU Affero General Public License as published by the Free -- Software Foundation, either version 3 of the License, or (at your option) any -- later version. -- -- This program is distributed in the hope that it will be useful, but WITHOUT -- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS -- FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more -- details. -- -- You should have received a copy of the GNU Affero General Public License along -- with this program. If not, see <https://www.gnu.org/licenses/>. -- | HTTP authentication support. Can be used with basic auth, token-based -- auth, or something else (though OAuth is likely not implementable with -- this API). module Web.Scim.Class.Auth ( AuthTypes (..), AuthDB (..), ) where import Servant import Web.Scim.Handler -- | Types used in authentication routines. class AuthTypes tag where -- | The type that the “Authorization” header will be parsed as. This info -- will be given to 'authCheck'. type AuthData tag -- | The result of performing authentication. -- -- Can be '()' to handle just authorized/non-authorized, or something more -- complex – for instance, if the auth header provides a token that may or -- may not correspond to a particular organization, then the result could -- be the ID of that organization). type AuthInfo tag -- | An interface that has to be implemented for a server to provide -- authentication. class (AuthTypes tag, FromHttpApiData (AuthData tag)) => AuthDB tag m where -- | Do authentication or throw an error in `ScimHandler` (e.g. -- 'Web.Scim.Schema.Error.unauthorized') if the provided credentials are -- invalid or don't correspond to any user. authCheck :: Maybe (AuthData tag) -> ScimHandler m (AuthInfo tag)