Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Optionally use Context for Auth errors #1585

Open
jkarni opened this issue Apr 26, 2022 · 1 comment
Open

Optionally use Context for Auth errors #1585

jkarni opened this issue Apr 26, 2022 · 1 comment

Comments

@jkarni
Copy link
Member

jkarni commented Apr 26, 2022
edited
Loading

In the previous servant-auth repo, we had a PR for switching to errors based on the context (much like the rest of the servant ecosystem). throwAll is a bit of a hack (and currently doesn't work with other monads without a bit of extra work.)

@domenkozar pointed out that sometimes we want the authentication result in the handlers, rather than to fail. So I think a version of the PR above, but with a Strict/Lenient (or Required/Optional? Or another, auth-specific combinator?) option, could be good? Then Auth would become a type synonym for Auth' Lenient, and we'd retain backwards compatibility.
@jkarni
Copy link
Member Author

jkarni commented Apr 29, 2022

There's another reason this would be helpful. Which is that using throwAll means it's a handler error, and so all other checks operate before it. So you get e.g. a 400 error because the request body wasn't correctly decoded, rather than a 401/403 (thereby potentially leaking more information about the API than you'd like).

@arianvp arianvp mentioned this issue May 20, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jkarni