Webs_basic_authHTTP basic authentication.
Warning. HTTP basic authentication should not be used:
That being said it remains useful as a lightweight protection mecanism for demo and testing web sites or to urgently lock down part of a website.
If you still decide to use it make sure that everything only ever happens over HTTPS.
References.
type error = [ | `Unknown_usernameThe provided username is unknown.
*)| `Wrong_passwordThe provided password is wrong.
*) ]The type for credentials check errors.
The type for usernames. Note that since all this is utterly broken the user name should not contain ':' (U+003A) characters.
The type for credentials check functions.
Warning. Make sure passwords are tested for equality in constant time and that they are stored hashed and salted.
val enticate :
check:check ->
realm:string ->
Webs.Http.Request.t ->
(username, Webs.Http.Response.t) Stdlib.resultenticate ~check ~realm request is:
Ok username if a basic authentication username and password is found in the Webs.Http.Headers.authorization header of request and they pass the check function.Error r with r an empty Webs.Http.Status.unauthorized_401 response with a challenge for realm realm if there is no Webs.Http.Headers.authorization header or if there was one but the credentials check failed. The exact condition is stored in Webs.Http.Response.explain r for your service log. If you add a body to this response, e.g. via Webs.Http.Response.map_errors, it may be shown by the browser when the user hits cancel on the password prompt.Error r with r an empty Webs.Http.Status.bad_request_400 response if there is a Webs.Http.Headers.authorization header but no basic authentication could parsed from it.