Yesod Sessionless Authentication

https://stackoverflow.com/questions/22949684

authentication
haskell
basic-authentication
yesod
bearer-token

30-06-2023
|

Question

I am using Yesod to build a purely REST backend for an Angular based application. This application will be hosted separately with a CDN and will need to connect to the Yesod api as well as a few others. Is there a way to have Yesod accept a Bearer token instead of using a cookie session for authentication?

Solution

We do something similar in www.fpcomplete.com. You can do this by overriding the maybeAuthId method in the YesodAuth typeclass to check for the Bearer token. For fpcomplete.com, we check for an authorization request header, which looks something like:

req <- waiRequest
mUserId <-
    case lookup "authorization" (requestHeaders req) of
        Nothing -> doNormalAuthentication
        Just authHeader -> checkAuthHeader

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow