hsoz: Iron, Hawk, Oz: Web auth protocols
hsoz is a Haskell implementation of the Iron, Hawk, and Oz web authentication protocols. These protocols originate from the OAuth2 standardisation process, but are designed to be simpler to implement for the common case of web applications.
In the words of their principal designer:
Iron is a cryptographic utility for sealing a JSON object using symmetric key encryption with message integrity verification. Or in other words, it lets you encrypt an object, send it around (in cookies, authentication credentials, etc.), then receive it back and decrypt it. The algorithm ensures that the message was not tampered with, and also provides a simple mechanism for password rotation.
Hawk is an HTTP authentication scheme using a message authentication code (MAC) algorithm to provide partial HTTP request cryptographic verification.
Oz is a web authorization protocol based on industry best practices. Oz combines the Hawk authentication protocol with the Iron encryption protocol to provide a simple to use and secure solution for granting and authenticating third-party access to an API on behalf of a user or an application.
|Versions [faq]||0.0.0.2, 0.0.0.3, 0.0.0.4, 0.0.1.0|
|Dependencies||aeson, attoparsec, base (>=4.7 && <5), base16-bytestring, base64-bytestring, byteable, bytestring, case-insensitive, containers, cryptonite, data-default, either, errors, hsoz, http-client, http-conduit, http-types, lens, lucid, memory, mtl, network, scientific, scotty, securemem, text, time, transformers, uri-bytestring, vault, wai, warp, wreq [details]|
|Copyright||2016 Rodney Lorrimar|
|Source repo||head: git clone https://github.com/rvl/hsoz|
|Uploaded||by rvl at Wed Nov 30 10:42:00 UTC 2016|
|Downloads||1369 total (29 in the last 30 days)|
|Rating||(no votes yet) [estimated by rule of succession]|
Docs available [build log]
Last success reported on 2016-11-30 [all 1 reports]
For package maintainers and hackage trustees