wai-middleware-auth: Authentication middleware that secures WAI application

[ library, mit, program, web ] [ Propose Tags ]

Please see the README and Haddocks at https://www.stackage.org/package/wai-middleware-auth

[Skip to Readme]
Versions [faq],,,,,,,,,
Change log CHANGELOG.md
Dependencies aeson, base (>=4.12 && <5), base64-bytestring, binary, blaze-builder, blaze-html, bytestring, case-insensitive, cereal, clientsession, cookie (>=0.4.2), exceptions, hoauth2 (>=1.11), http-client, http-client-tls, http-conduit, http-reverse-proxy, http-types, jose (>=0.8.0), microlens, mtl, optparse-simple, regex-posix, safe-exceptions, shakespeare, text, time, unix-compat, unordered-containers, uri-bytestring, vault, wai (>=3.0 && <4), wai-app-static, wai-extra (>=3.0.7), wai-middleware-auth, warp, yaml [details]
License MIT
Author Alexey Kuleshevich
Maintainer alexey@fpcomplete.com
Category Web
Source repo head: git clone https://github.com/fpco/wai-middleware-auth
Uploaded by JasperWoudenberg at 2020-05-25T16:31:30Z
Distributions LTSHaskell:, NixOS:, Stackage:
Executables wai-auth
Downloads 4393 total (6 in the last 30 days)
Rating 2.0 (votes: 1) [estimated by Bayesian average]
Your Rating
  • λ
  • λ
  • λ
Status Hackage Matrix CI
Docs available [build log]
Last success reported on 2020-05-25 [all 1 reports]


[Index] [Quick Jump]


Maintainer's Corner

For package maintainers and hackage trustees

Readme for wai-middleware-auth-

[back to package description]


Build Status

Middleware that secures WAI application


$ stack install wai-middleware-auth


$ cabal install wai-middleware-auth


Along with middleware this package ships with an executable wai-auth, which can function as a protected file server or a reverse proxy. Right from the box it supports OAuth2 authentication as well as it's custom implementations for Google and Github.

Configuration is done using a yaml config file. Here is a sample file that will configure wai-auth to run a file server with google and github authentication on http://localhost:3000:

app_root: "_env:APPROOT:http://localhost:3000"
app_port: 3000
cookie_age: 3600
secret_key: "...+vwscbKR4DyPT"
  root_folder: "/path/to/html/files"
  redirect_to_index: true
  add_trailing_slash: true
    client_id: "...94cc"
    client_secret: "...166f"
    app_name: "Dev App for wai-middleware-auth"
      - "^[a-zA-Z0-9._%+-]+@example.com$"
    client_id: "...qlj.apps.googleusercontent.com"
    client_secret: "...oxW"
      - "^[a-zA-Z0-9._%+-]+@example.com$"

Above configuration will also block access to users that don't have an email with example.com domain. There is also a secret_key field which will be used to encrypt the session cookie. In order to generate a new random key run this command:

$ echo $(wai-auth key --base64)

Make sure you have proper callback/redirect urls registered with google/github apps, eg: http://localhost:3000/_auth_middleware/google/complete.

After configuration file is ready, running application is very easy:

$ wai-auth --config-file=/path/to/config.yaml
Listening on port 3000