I am using Yesod to build a purely REST backend for an Angular based application. This application will be hosted separately with a CDN and will need to connect to the Yesod api as well as a few others. Is there a way to have Yesod accept a Bearer token instead of using a cookie session for authentication?
We do something similar in www.fpcomplete.com. You can do this by overriding the maybeAuthId
method in the YesodAuth
typeclass to check for the Bearer token. For fpcomplete.com, we check for an authorization request header, which looks something like:
req <- waiRequest
mUserId <-
case lookup "authorization" (requestHeaders req) of
Nothing -> doNormalAuthentication
Just authHeader -> checkAuthHeader
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With