icepeak-0.7.3.0: A fast JSON document store with push notification support.

Safe HaskellNone
LanguageHaskell2010

JwtMiddleware

Contents

Description

This module provides functionality for verifying the JSON Web Tokens in a wai setting.

Synopsis

Documentation

data AuthError Source #

Defines the kinds of errors that cause authorization to fail.

Constructors

TokenError TokenError

Authorization was denied due to an invalid token.

OperationNotAllowed

Authorization was denied because the operation is not allowed by the token.

data AuthResult Source #

Result of checking authorization

Constructors

AuthRejected AuthError

Authorization was denied because of the specified reason

AuthAccepted

Authorization was successful

Requests

isRequestAuthorized :: RequestHeaders -> Query -> POSIXTime -> Maybe Signer -> Path -> AccessMode -> AuthResult Source #

Check whether accessing the given path with the given mode is authorized by the token supplied in the request headers or query string (which may not be present, then failing the check).

getRequestClaim :: RequestHeaders -> Query -> POSIXTime -> Maybe Signer -> Either TokenError IcepeakClaim Source #

Extract the JWT claim from the request.

findTokenBytes :: RequestHeaders -> Query -> Maybe ByteString Source #

Lookup a token, first in the Authorization header of the request, then falling back to the access_token query parameter.

headerToken :: RequestHeaders -> Maybe ByteString Source #

Look up a token from the Authorization header. Header should be in the format Bearer token.

queryToken :: Query -> Maybe ByteString Source #

Look up a token from the access_token query parameter

Responses

errorResponseBody :: AuthError -> ByteString Source #

Generate a 401 Unauthorized response for a given authorization error.

Middleware