Safe Haskell	None
Language	Haskell2010

LuminescentDreams.Orizentic

Contents

Orphan instances

Description

Core functions for Orizentic - - The most conceptually confusing part of this is the relationship between the a Token, an unverified JWT, a verified JWT, and a claims set. - - A Token is a broad concept, and there is no particular data structure in this system that corresponds. - - Colloquially, however, a Token is synoymous with a JWT. JWTs can be either unverified or verified. An unverified JWT is anything that has been recieved from any outside source but whose signature has not yet been checked. a verified JWT has had the signature checked, at least as JWT implements it. In this application, however, the process of checking the JWT signature also involves checking that the JWT is known to the application and that it has not expired. - - A ClaimsSet is an attribute of a JWT that is available for reading whether the JWT has been signed or whether the signature is valid. This describes all of the interesting parts of what the token is good for and who it should belong to. - - JWTs and their signatures typically get encoded into a Base64 format for transmission across the internet. JWT provides the encodeSigned and decode functions to handle this process. This library provides encodeToken to do the conversion with a somewhat nicer API. - - Many operations in this library involve creating and managing claims sets. Additional functions are utilities for converting those claims sets both to and from JWT and fully encoded formats. -

Synopsis

Documentation

newtype ResourceName Source #

ResourceName is application-defined for however the resources in the application should be named

Constructors

ResourceName Text

Instances

Eq ResourceName Source #
Methods (==) :: ResourceName -> ResourceName -> Bool # (/=) :: ResourceName -> ResourceName -> Bool #
Show ResourceName Source #
Methods showsPrec :: Int -> ResourceName -> ShowS # show :: ResourceName -> String # showList :: [ResourceName] -> ShowS #

newtype Permissions Source #

Permissions are application-defined descriptions of what can be done with the named resource

Constructors

Permissions [Text]

Instances

Show Permissions Source #
Methods showsPrec :: Int -> Permissions -> ShowS # show :: Permissions -> String # showList :: [Permissions] -> ShowS #

newtype Issuer Source #

Issuers are typically informative, but should generally describe who or what created the token

Constructors

Issuer Text

Instances

Show Issuer Source #
Methods showsPrec :: Int -> Issuer -> ShowS # show :: Issuer -> String # showList :: [Issuer] -> ShowS #

newtype TTL Source #

Time to live is the number of seconds until a token expires

Constructors

TTL NominalDiffTime

Instances

Show TTL Source #
Methods showsPrec :: Int -> TTL -> ShowS # show :: TTL -> String # showList :: [TTL] -> ShowS #

newtype Username Source #

Username, or Audience in JWT terms, should describe who or what is supposed to be using this token

Constructors

Username Text

Instances

Show Username Source #
Methods showsPrec :: Int -> Username -> ShowS # show :: Username -> String # showList :: [Username] -> ShowS #

data OrizenticCtx Source #

Constructors

OrizenticCtx Secret ClaimsStore

Instances

HasOrizenticCtx OrizenticCtx Source #
Methods hasOrizenticCtx :: OrizenticCtx -> OrizenticCtx Source #

class HasOrizenticCtx ctx where Source #

Minimal complete definition

hasOrizenticCtx

Methods

hasOrizenticCtx :: ctx -> OrizenticCtx Source #

Instances

HasOrizenticCtx OrizenticCtx Source #
Methods hasOrizenticCtx :: OrizenticCtx -> OrizenticCtx Source #

newOrizenticCtx :: MonadIO m => Secret -> [JWTClaimsSet] -> m OrizenticCtx Source #

Create a new OrizenticCtx that will use a particular JWT secret and set of claims. -

validateToken :: OrizenticM m r => JWT UnverifiedJWT -> m (Maybe (JWT VerifiedJWT)) Source #

Validate a token by checking its signature, that it is not expired, and that it is still present in the database. Return Nothing if any check fails, but return a verified JWT if it all succeeds. This function requires IO because it checks both the current database state and the current time.

checkAuthorizations :: (ResourceName -> Permissions -> Bool) -> JWT VerifiedJWT -> Bool Source #

Given a verified JWT, pass the resource name and permissions to a user-defined function. The function should return true if the caller should be granted access to the resource and falls, otherwise. That result will be passed back to the caller.

createClaims :: OrizenticM m r => Issuer -> Maybe TTL -> ResourceName -> Username -> Permissions -> m JWTClaimsSet Source #

Create a new JWTClaimsSet. This will create the claims (a tedious process with JWT) and add it to the database. It will also calculate and set the expiration time if a TTL is provided.

revokeClaims :: OrizenticM m r => JWTClaimsSet -> m () Source #

Remove a claims set from the database so that all additional validation checks fail.

revokeByUUID :: OrizenticM m r => Text -> m () Source #

Revoke a ClaimsSet given its UUID, which is set in the jti claim.

replaceClaims :: OrizenticM m r => [JWTClaimsSet] -> m () Source #

Replace the entire list of claims currently in memory. This is typically used when reloading a claims set from disk.

listClaims :: OrizenticM m r => m [JWTClaimsSet] Source #

Return all of the ClaimsSets currently in the database.

findClaims :: OrizenticM m r => Text -> m (Maybe JWTClaimsSet) Source #

Find a ClaimsSet by UUID

encodeClaims :: OrizenticM m r => JWTClaimsSet -> m Text Source #

Encode a ClaimsSet using this context's secret.

hasPermission :: Permissions -> Text -> Bool Source #

permissions :: JWTClaimsSet -> Permissions Source #

Orphan instances

Eq (JWT VerifiedJWT) Source #
Methods (==) :: JWT VerifiedJWT -> JWT VerifiedJWT -> Bool # (/=) :: JWT VerifiedJWT -> JWT VerifiedJWT -> Bool #