hsoz-0.0.0.2: Iron, Hawk, Oz: Web auth protocols

Safe HaskellNone
LanguageHaskell2010

Network.Hawk.Server

Description

These are functions for checking authenticated requests and sending authenticated responses.

Synopsis

Documentation

authenticateRequest :: MonadIO m => AuthReqOpts -> CredentialsFunc m t -> Request -> Maybe ByteString -> m (AuthResult t) Source #

Checks the Authorization header of a Request and (optionally) a payload. The header will be parsed and verified with the credentials supplied.

If the request payload is provided, it will be verified. If a payload is not supplied, it can be verified later with authenticatePayload.

authenticate :: MonadIO m => AuthOpts -> CredentialsFunc m t -> HawkReq -> m (AuthResult t) Source #

Checks the Authorization header of a generic request. The header will be parsed and verified with the credentials supplied.

If a payload is provided, it will be verified. If the payload is not supplied, it can be verified later with authenticatePayload.

authenticateBewit :: MonadIO m => AuthReqOpts -> CredentialsFunc m t -> Request -> m (AuthResult t) Source #

Checks the Authorization header of a request according to the "bewit" scheme. See Network.Hawk.URI for a description of that scheme.

authenticatePayload :: AuthSuccess t -> PayloadInfo -> Either String () Source #

Verifies the payload hash as a separate step after other things have been check. This is useful when the request body is streamed for example.

data HawkReq Source #

A package of values containing the attributes of a HTTP request which are relevant to Hawk authentication.

header :: Credentials -> HeaderArtifacts -> Maybe PayloadInfo -> Header Source #

Generates a suitable Server-Authorization header to send back to the client. Credentials and artifacts would be provided by a previous call to authenticateRequest (or authenticate).

If a payload is supplied, its hash will be included in the header.

data AuthReqOpts Source #

Bundle of parameters for authenticateRequest. Provides information about what the public URL of the server would be. If the application is served from a HTTP reverse proxy, then the Host header might have a different name, or the hostname:port might need to be overridden.

Constructors

AuthReqOpts 

Fields

Instances

data AuthOpts Source #

Bundle of parameters for authenticate.

Instances