hsoz: Iron, Hawk, Oz: Web auth protocols

This is a package candidate release! Here you can preview how this package release will appear once published to the main package index (which can be accomplished via the 'maintain' link below). Please note that once a package has been published to the main package index it cannot be undone! Please consult the package uploading documentation for more information.

[maintain] [Publish]

hsoz is a Haskell implementation of the Iron, Hawk, and Oz web authentication protocols. These protocols originate from the OAuth2 standardisation process, but are designed to be simpler to implement for the common case of web applications.

The top-level Network.Iron, Network.Hawk, Network.Oz modules contain further instructions on their usage. There are also some example server and client programs within the project git repository.


[Skip to Readme]

Properties

Versions 0.0.0.2, 0.0.0.3, 0.0.0.4, 0.0.1.0, 0.0.1.0
Change log None available
Dependencies aeson (>=1.0.2 && <1.1), attoparsec (>=0.13.1 && <0.14), base (>=4.7 && <5), bytestring (>=0.10.8 && <0.11), case-insensitive (>=1.2.0 && <1.3), containers (>=0.5.7 && <0.6), cryptonite (>=0.21 && <0.22), data-default (>=0.7.1 && <0.8), either (>=4.4.1 && <4.5), errors (>=2.1.3 && <2.2), exceptions (>=0.8.3 && <0.9), hashable (>=1.2.5 && <1.3), hsoz, http-client (>=0.5.5 && <0.6), http-conduit (>=2.2 && <2.3), http-types (>=0.9.1 && <0.10), lens (>=4.15.1 && <4.16), lucid, memory (>=0.14.1 && <0.15), mtl (>=2.2.1 && <2.3), network (>=2.6.3 && <2.7), optparse-applicative (>=0.12), scientific (>=0.3.4 && <0.4), scotty (>=0.11.0 && <0.12), text (>=1.2.2 && <1.3), time (>=1.6.0 && <1.7), transformers (>=0.5.2 && <0.6), unordered-containers (>=0.2.7 && <0.3), uri-bytestring (>=0.2.2 && <0.3), vault (>=0.3.0 && <0.4), wai (>=3.2.1 && <3.3), warp (>=3.2.11 && <3.3) [details]
License BSD-3-Clause
Copyright 2016 Rodney Lorrimar
Author Rodney Lorrimar
Maintainer Rodney Lorrimar <dev@rodney.id.au>
Category Web, Authentication
Home page https://github.com/rvl/hsoz
Bug tracker https://github.com/rvl/hsoz/issues
Source repo head: git clone https://github.com/rvl/hsoz
Uploaded by rvl at 2017-03-23T00:31:22Z

Modules

[Index]

Flags

Automatic Flags
NameDescriptionDefault
example

Build the example applications

Enabled

Use -f <flag> to enable a flag, or -f -<flag> to disable that flag. More info

Downloads

Maintainer's Corner

Package maintainers

For package maintainers and hackage trustees


Readme for hsoz-0.0.1.0

[back to package description]

Oz Haskell Implementation

Build Status Hackage

hsoz is a Haskell implementation of the Iron, Hawk, and Oz web authentication protocols. These protocols originate from the OAuth2 standardisation process, but are designed to be simpler to implement for the common case of web applications.

Introduction

In the words of their principal designer:

Iron is a cryptographic utility for sealing a JSON object using symmetric key encryption with message integrity verification. Or in other words, it lets you encrypt an object, send it around (in cookies, authentication credentials, etc.), then receive it back and decrypt it. The algorithm ensures that the message was not tampered with, and also provides a simple mechanism for password rotation.

Hawk is an HTTP authentication scheme using a message authentication code (MAC) algorithm to provide partial HTTP request cryptographic verification.

Oz is a web authorization protocol based on industry best practices. Oz combines the Hawk authentication protocol with the Iron encryption protocol to provide a simple to use and secure solution for granting and authenticating third-party access to an API on behalf of a user or an application.

Documentation

The Haddock documentation is on Hackage and at https://rodney.id.au/docs/hsoz/.

Example Usage

See the Network.Iron documentation, and the example directory of this repository.

Status

This is an in-progress experiment in implementing the protocol in Haskell.

Please note: until the example application is built, this library cannot be considered "battle-tested".

There is also an org-mode file: todo.org.

Development

I welcome collaborators, particularly anyone who would like to develop authentication plugins for frameworks such as Snap and Servant, or a manager for Wreq.

Building with Stack

stack build

Building with Nix

nix-shell -p cabal2nix --command "cabal2nix --shell . > default.nix"
nix-shell --command "cabal configure"
cabal build

Credits

This module is based on the Javascript code and documentation by Eran Hammer and others. A fair amount of Hammer's descriptive text has been incorporated into this documentation, as well as the cool logos.