-
-
Notifications
You must be signed in to change notification settings - Fork 412
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] Servant auth server PoC #1560
base: master
Are you sure you want to change the base?
Conversation
, AllAuth auths a | ||
, HasContextEntry ctxs (AuthHandler Request (NewAuthResult a)) | ||
) => HasServer (NewAuth mods auths a :> api) ctxs where | ||
type ServerT (NewAuth mods auths a :> api) m = |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it make sense define the instance for NewAuth mods (auth ': auths) a :> api
to statically ensure that at least one auth mode is defined ? We could define a custom type error for the case where the list of auths is empty.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, probably a good idea, yeah.
Just to clarify my understanding here (I am not overly familiar with
Whereas you would prefer for subsequent auth schemes to be tried anyhow, and only return a 401 error when all of them fail ? |
I very much like that the |
No, my implementation works the same way. If the first In this way, if you'd want more than one authentication to be present and tried, you'd have to use two But if you accept a JWT in the query parameters, a header or BasicAuth, it would just look like this and only one has to succeed: |
Note to self:
|
@Vlix do you need any help with this? |
I haven't spent time on this at all, so if you want to pick it up, or just give your own crack at it, please do :) |
An attempt at making a better Auth instance of
HasServer
.Also added an example of how this would make for easy adding of different auth procedures.
Any comments, critiques, etc. are very much welcome and appreciated.