A Yesod middleware for

Performs a single authentication lookup per request and uses the <<https://github.com/yesodweb/yesod/blob/7f775e1ddebaeb4b8509b512b6d4b539d96258bd/yesod-core/Yesod/Core/TypeCache.hs#L21 Yesod request-local caching>> mechanisms to store valid auth credentials found in the Authorization header.

The recommended way to use this module is to override the maybeAuthId to defaultMaybeBasicAuthId and supply a lookup function.

instance YesodAuth App where
    type AuthId App = Text
    getAuthId = return . Just . credsIdent
    maybeAuthId = defaultMaybeBasicAuthId checkCreds defaultAuthSettings
      where
        checkCreds = k s -> return $ (k == "user")
                                   && (s == "secret")

WWW-Authenticate challenges are currently not implemented. The current workaround is to override the error handler:

instance Yesod App where
  errorHandler NotAuthenticated = selectRep $
      provideRep $ do
        addHeader WWW-Authenticate $ T.concat
              [ "RedirectJSON realm="Realm", param="myurl.com"" ]
        -- send error response here
        ...
  errorHandler e = defaultErrorHandler e
  ...

Proper response status on failed authentication is not implemented. The current workaround is to override the Yesod typeclass isAuthorized function to handle required auth routes. e.g.

instance Yesod App where
  isAuthorized SecureR _   =
    maybeAuthId >>= return . maybe AuthenticationRequired (const Authorized)
  isAuthorized _ _         = Authorized