Servant based API for token based authorisation

Latest on Hackage:

This package is not currently in any snapshots. If you're interested in using it, we recommend adding it to Stackage Nightly. Doing so will make builds more reliable, and allow to host generated Haddocks.

BSD3 licensed by NCrashed
Maintained by


Build Status

The package provides abstract RESTful API for token based authorisation using servant. It contains only generic types and servant-swagger instances. You may be interested in server/client side implementations:

Also you can explore swagger documentation for the API and view markdown version of docs.


  • Bump versions to lts-12.9.

  • Push version bounds.

  • Push version bounds.

  • Add AuthSigninPostMethod to substitute security weak AuthSigninMethod.

  • Push bounds for aeson-

  • Add AuthFindUserByLogin endpoint.

  • Add AuthCheckPermissionsMethod endpoint.
  • Add AuthGetUserIdMethod endpoint.

  • Relax aeson version bound.

  • Sync release with servant-auth-token package.

  • Add flat-perm-symbols flag.

  • Fix overlaying bug with singe use code authorisation.

  • Add single use code authorisation.

  • Expose UnliftPermSymbol and PlainPerms.

  • Moving tokens to PermSymbol instead of Symbol to allow complex permission labels to be used.
  • Return Unit instead of ().

  • Remove reexports.

  • PagedList schema name now contains names of parameters.
comments powered byDisqus