What software is recommended for authentication using the Happstack web dev kit?
https://stackoverflow.com/questions/7225935
-
15-01-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Last week three of us spent two days trying to build a simple web application using Happstack. One of our concerns is authentication, and it appears there was once a Happstack.Auth package that looks really good. Unfortunately the original project seems to have been abandoned, and although there has been a fork, we could not get the fork to build.
What alternatives do people recommend for doing authentication in Happstack?
Is happstack-auth viable?
Solution
You might consider happstack-authenticate as an alternative,
darcs get http://src.seereason.com/happstack-authenticate/
happstack-authenticate builds on top of authenticate and pwstore to provide:
- standard username/password authentication
- openid authentication
- facebook connect
The code is designed so that it can be used with multiple different templating solutions. Though, at the moment, there is only HSP templates.
It is not on hackage yet, but will be. I expect it to become the de facto happstack authentication solution.
You can see it is action here:
The source code includes a demo directory with a self contained example.
The code works -- though there are some features that still need to be added. For example, if you get redirected to a login page, you should ultimately be forwarded back to the original page you were trying to access after you are logged in.
The biggest shortcoming at the moment is documentation. That will be addressed.
You will notice that happstack-authenticate uses web-routes for type-safe urls and acid-state for storing authentication information. However, those design choices do not have to leak into the rest of your application.
What template solution are you using? I would be interested in adding support for additional systems.
-- jeremy
p.s. If you look at the code, it may seem a bit more complex than expected. That is because it is designed to allow for:
multiple authentication methods for a single profile
For example, you could link multiple openid accounts to the same profile. Perhaps because you are afraid that you might lose access to your primary openid account. Or maybe you want everyone on your team to login using a shared account. (For example, on a site like twitter, you might want multiple people to be able to post tweets through the company account).
multiple profiles for a single authentication method
On a site a like twitter, you might have multiple accounts. For example, I have twitter accounts for, myself, my photography, my music, happstack, seereason, and more. Instead of having a separate authentication for each account, it would be nice to have a single authentication, and then pick which 'profile' I want to be.
sites using happstack-authenticate do not have to support these options, of course.
