| Safe Haskell | None | 
|---|---|
| Language | Haskell2010 | 
JwtMiddleware
Contents
Description
This module provides functionality for verifying the JSON Web Tokens in a wai setting.
Synopsis
- data AuthError
- data AuthResult
- isRequestAuthorized :: RequestHeaders -> Query -> POSIXTime -> Maybe Signer -> Path -> AccessMode -> AuthResult
- getRequestClaim :: RequestHeaders -> Query -> POSIXTime -> Maybe Signer -> Either TokenError IcepeakClaim
- findTokenBytes :: RequestHeaders -> Query -> Maybe ByteString
- headerToken :: RequestHeaders -> Maybe ByteString
- queryToken :: Query -> Maybe ByteString
- errorResponseBody :: AuthError -> ByteString
- jwtMiddleware :: Maybe Signer -> Application -> Application
Documentation
Defines the kinds of errors that cause authorization to fail.
Constructors
| TokenError TokenError | Authorization was denied due to an invalid token. | 
| OperationNotAllowed | Authorization was denied because the operation is not allowed by the token. | 
data AuthResult Source #
Result of checking authorization
Constructors
| AuthRejected AuthError | Authorization was denied because of the specified reason | 
| AuthAccepted | Authorization was successful | 
Requests
isRequestAuthorized :: RequestHeaders -> Query -> POSIXTime -> Maybe Signer -> Path -> AccessMode -> AuthResult Source #
Check whether accessing the given path with the given mode is authorized by the token supplied in the request headers or query string (which may not be present, then failing the check).
getRequestClaim :: RequestHeaders -> Query -> POSIXTime -> Maybe Signer -> Either TokenError IcepeakClaim Source #
Extract the JWT claim from the request.
findTokenBytes :: RequestHeaders -> Query -> Maybe ByteString Source #
Lookup a token, first in the Authorization header of the request, then
 falling back to the access_token query parameter.
headerToken :: RequestHeaders -> Maybe ByteString Source #
Look up a token from the Authorization header.
 Header should be in the format Bearer token.
queryToken :: Query -> Maybe ByteString Source #
Look up a token from the access_token query parameter
Responses
errorResponseBody :: AuthError -> ByteString Source #
Generate a 401 Unauthorized response for a given authorization error.
Middleware
jwtMiddleware :: Maybe Signer -> Application -> Application Source #