Example for how to use servant-auth-cookie #40
Comments
|
Hello, The template looks good and simple. I will link it in I see, you use a persistent server key, which is fine, except it's hardcoded into the server code. Since you have a database, I would recomend you to fetch it from there -- this will make it easier to change the key. And if you want to go further (e.g. change the key on the fly), you might want to implement a keyset that stores its keys in the database. This is harder than simple fetching from a DB, but closer to a real world example (in discussion on issue #26 there was mentioned such method). You can look at example in this repository ( |
|
@zohl, awesome, thank you! Thanks for the suggestions - I will keep it as-is for the moment, I believe it is an easy exercise to read the key out of a database or fetch it from an environment variable (which would be my favorite solution in a prod environment). I noticed (actually after I published the initial version of my starter app) that there seems to be some consensus among core developers around making servant-auth the default auth framework, while at the same time Servant.Server.Experimental.Auth will be deprecated. I'd be curious to hear your ideas about the future of servant-auth-cookie. |
|
I haven't followed news around The future of Otherwise, I believe there will be some API, so this project can be migrated to it. As long as it possible, I'll maintain it. |
Thank you for servant-auth-cookie! I just published a runnable template app which is the result of my own tinkering, featuring servant-auth-cookie: https://github.com/sboehler/servant-starter-app
Feel free to link it in the docs if you think it might be useful for other people. And of course, if you have suggestions on how to improve it, I'd happy to receive your comments.
The text was updated successfully, but these errors were encountered: