Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Yesod Sessionless Authentication

I am using Yesod to build a purely REST backend for an Angular based application. This application will be hosted separately with a CDN and will need to connect to the Yesod api as well as a few others. Is there a way to have Yesod accept a Bearer token instead of using a cookie session for authentication?

like image 364
Andrew Rademacher Avatar asked Apr 08 '14 22:04

Andrew Rademacher


1 Answers

We do something similar in www.fpcomplete.com. You can do this by overriding the maybeAuthId method in the YesodAuth typeclass to check for the Bearer token. For fpcomplete.com, we check for an authorization request header, which looks something like:

req <- waiRequest
mUserId <-
    case lookup "authorization" (requestHeaders req) of
        Nothing -> doNormalAuthentication
        Just authHeader -> checkAuthHeader
like image 138
Michael Snoyman Avatar answered Oct 25 '22 13:10

Michael Snoyman