Safe Haskell | None |
---|---|
Language | Haskell2010 |
Servant.Auth.Server.Internal.ConfigTypes
- data IsMatch
- data IsPasswordCorrect
- data SameSite
- data JWTSettings = JWTSettings {
- signingKey :: JWK
- jwtAlg :: Maybe Alg
- validationKeys :: JWKSet
- audienceMatches :: StringOrURI -> IsMatch
- defaultJWTSettings :: JWK -> JWTSettings
- data CookieSettings = CookieSettings {
- cookieIsSecure :: !IsSecure
- cookieMaxAge :: !(Maybe DiffTime)
- cookieExpires :: !(Maybe UTCTime)
- cookiePath :: !(Maybe ByteString)
- cookieSameSite :: !SameSite
- sessionCookieName :: !ByteString
- cookieXsrfSetting :: !(Maybe XsrfCookieSettings)
- defaultCookieSettings :: CookieSettings
- data XsrfCookieSettings = XsrfCookieSettings {}
- defaultXsrfCookieSettings :: XsrfCookieSettings
- jwtSettingsToJwtValidationSettings :: JWTSettings -> JWTValidationSettings
- data IsSecure :: *
Documentation
Constructors
Matches | |
DoesNotMatch |
data IsPasswordCorrect Source #
Constructors
PasswordCorrect | |
PasswordIncorrect |
Constructors
AnySite | |
SameSiteStrict | |
SameSiteLax |
data JWTSettings Source #
JWTSettings
are used to generate cookies, and to verify JWTs.
Constructors
JWTSettings | |
Fields
|
Instances
Generic JWTSettings Source # | |
type Rep JWTSettings Source # | |
defaultJWTSettings :: JWK -> JWTSettings Source #
A JWTSettings
where the audience always matches.
data CookieSettings Source #
The policies to use when generating cookies.
If *both* cookieMaxAge
and cookieExpires
are Nothing
, browsers will
treat the cookie as a *session cookie*. These will be deleted when the
browser is closed.
Note that having the setting Secure
may cause testing failures if you are
not testing over HTTPS.
Constructors
CookieSettings | |
Fields
|
Instances
data XsrfCookieSettings Source #
The policies to use when generating and verifying XSRF cookies
Constructors
XsrfCookieSettings | |
Fields
|
Was this request made over an SSL connection?
Note that this value will not tell you if the client originally
made this request over SSL, but rather whether the current
connection is SSL. The distinction lies with reverse proxies.
In many cases, the client will connect to a load balancer over SSL,
but connect to the WAI handler without SSL. In such a case,
the handlers would get NotSecure
, but from a user perspective,
there is a secure connection.