Safe Haskell | Safe-Inferred |
---|---|
Language | Haskell2010 |
Authentication
data Auth (auths :: [Type]) val Source #
Auth [auth1, auth2] val :> api
represents an API protected *either* by
auth1
or auth2
Combinators
A JSON Web Token (JWT) in the Authorization header:
Authorization: Bearer <token>
Note that while the token is signed, it is not encrypted. Therefore do not keep in it any information you would not like the client to know.
JWTs are described in IETF's RFC 7519
A cookie. The content cookie itself is a JWT. Another cookie is also used, the contents of which are expected to be send back to the server in a header, for XSRF protection.