Module Webs_basic_auth

HTTP basic authentication.

Warning. HTTP basic authentication should not be used:

That being said it remains useful as a lightweight protection mecanism for demo and testing web sites or to urgently lock down part of a website.

If you still decide to use it make sure that everything only ever happens over HTTPS.


Credentials checks

type error = [
  1. | `Unknown_username

    The provided username is unknown.

  2. | `Wrong_password

    The provided password is wrong.


The type for credentials check errors.

type username = string

The type for usernames. Note that since all this is utterly broken the user name should not contain ':' (U+003A) characters.

type password = string

The type for password.

type check = username:username -> password:password -> (unit, error) Stdlib.result

The type for credentials check functions.

Warning. Make sure passwords are tested for equality in constant time and that they are stored hashed and salted.

Authenticate requests

val enticate : check:check -> realm:string -> Webs.Http.Request.t -> (username, Webs.Http.Response.t) Stdlib.result

enticate ~check ~realm request is: