Safe Haskell	None
Language	Haskell2010

JwtMiddleware

Contents

Requests
Responses
Middleware

Description

This module provides functionality for verifying the JSON Web Tokens in a wai setting.

Synopsis

data AuthError
- = TokenError TokenError
- | OperationNotAllowed
data AuthResult
- = AuthRejected AuthError
- | AuthAccepted
isRequestAuthorized :: RequestHeaders -> Query -> POSIXTime -> Maybe Signer -> Path -> AccessMode -> AuthResult
getRequestClaim :: RequestHeaders -> Query -> POSIXTime -> Maybe Signer -> Either TokenError IcepeakClaim
findTokenBytes :: RequestHeaders -> Query -> Maybe ByteString
headerToken :: RequestHeaders -> Maybe ByteString
queryToken :: Query -> Maybe ByteString
errorResponseBody :: AuthError -> ByteString
jwtMiddleware :: Maybe Signer -> Application -> Application

Documentation

data AuthError Source #

Defines the kinds of errors that cause authorization to fail.

Constructors

TokenError TokenError	Authorization was denied due to an invalid token.
OperationNotAllowed	Authorization was denied because the operation is not allowed by the token.

Instances

Instances details

ToJSON AuthError Source #
Instance details Defined in JwtMiddleware Methods toJSON :: AuthError -> Value # toEncoding :: AuthError -> Encoding # toJSONList :: [AuthError] -> Value # toEncodingList :: [AuthError] -> Encoding #

data AuthResult Source #

Result of checking authorization

Constructors

AuthRejected AuthError	Authorization was denied because of the specified reason
AuthAccepted	Authorization was successful

Requests

isRequestAuthorized :: RequestHeaders -> Query -> POSIXTime -> Maybe Signer -> Path -> AccessMode -> AuthResult Source #

Check whether accessing the given path with the given mode is authorized by the token supplied in the request headers or query string (which may not be present, then failing the check).

getRequestClaim :: RequestHeaders -> Query -> POSIXTime -> Maybe Signer -> Either TokenError IcepeakClaim Source #

Extract the JWT claim from the request.

findTokenBytes :: RequestHeaders -> Query -> Maybe ByteString Source #

Lookup a token, first in the Authorization header of the request, then falling back to the access_token query parameter.

headerToken :: RequestHeaders -> Maybe ByteString Source #

Look up a token from the Authorization header. Header should be in the format Bearer token.

queryToken :: Query -> Maybe ByteString Source #

Look up a token from the access_token query parameter

Responses

errorResponseBody :: AuthError -> ByteString Source #

Generate a 401 Unauthorized response for a given authorization error.

Middleware

jwtMiddleware :: Maybe Signer -> Application -> Application Source #