Safe Haskell	None
Language	Haskell2010

PostgREST.Auth

Description

This module provides functions to deal with the JWT authorization (http://jwt.io). It also can be used to define other authorization functions, in the future Oauth, LDAP and similar integrations can be coded here.

Authentication should always be implemented in an external service. In the test suite there is an example of simple login function that can be used for a very simple authentication system inside the PostgreSQL database.

Synopsis

containsRole :: JWTAttempt -> Bool
jwtClaims :: Maybe JWKSet -> Maybe StringOrURI -> LByteString -> UTCTime -> Maybe JSPath -> IO JWTAttempt
data JWTAttempt
- = JWTInvalid JWTError
- | JWTMissingSecret
- | JWTClaims (HashMap Text Value)
parseSecret :: ByteString -> JWKSet

Documentation

containsRole :: JWTAttempt -> Bool Source #

Whether a response from jwtClaims contains a role claim

jwtClaims :: Maybe JWKSet -> Maybe StringOrURI -> LByteString -> UTCTime -> Maybe JSPath -> IO JWTAttempt Source #

Receives the JWT secret and audience (from config) and a JWT and returns a map of JWT claims.

data JWTAttempt Source #

Possible situations encountered with client JWTs

Constructors

JWTInvalid JWTError
JWTMissingSecret
JWTClaims (HashMap Text Value)

Instances

Eq JWTAttempt Source #
Instance details Defined in PostgREST.Auth Methods (==) :: JWTAttempt -> JWTAttempt -> Bool # (/=) :: JWTAttempt -> JWTAttempt -> Bool #
Show JWTAttempt Source #
Instance details Defined in PostgREST.Auth Methods showsPrec :: Int -> JWTAttempt -> ShowS # show :: JWTAttempt -> String # showList :: [JWTAttempt] -> ShowS #

parseSecret :: ByteString -> JWKSet Source #

Parse `jwt-secret` configuration option and turn into a JWKSet.

There are three ways to specify `jwt-secret`: text secret, JSON Web Key (JWK), or JSON Web Key Set (JWKS). The first two are converted into a JWKSet with one key and the last is converted as is.