Published: 20 Apr 2022
FPauth - user authentication for Dream
FPauth is an easy user authentication system for OCaml Dream web-framework.
The main idea behind the system is that user authentication is done via running sets of Strategies, and when one of them succeeds, user is considered to be authenticated. Authentication status is controlled by a middleware standing downstream of session middleware.
The system allows to:
Control authentication in web-session;
Get authentication status for each request via
Check user identity with strategies;
Use built-in strategies or custom ones;
Add all routes for authentication and strategies at once;
Add your own representations of authentication events or use built-in;
Use built-in handlers or write your own;
Extract params for authentication from requests.
Docs can be found here.
In order to start using FPauth, in your project you should:
Initialize the system with a model of user, which suffices
FPauth.Auth_sign.MODEL. Basically it requires functions which define, how to put and restore your users in session (
deserialize), how to find users from request params (
identificate) and which strategies can be applied to a user (
module Auth = FPauth.Make_Auth (User)
Initialize strategies you are going to use to verify users' identities. There are some strategies in
Passwordcan be used for password authentication, passwords are to be hashed with Argon2.
OTPis a time-based OTP strategy, it contains routes for setting the strategy up for an already authenticated user. Strategies can have additional requirements for your models, as well as need some other modules.
module Password = FPauth_strategies.Password.Make (User)
Session_managermiddleware after your session middleware;
let () = run
Insert FPauth routes into
Dream.routermiddleware. Here you specify strategies used in the authentication process, the way params are extracted, responses on main authentication events. You can also specify the scope for authentication routes;
@@ router [
Auth.Router.call [(module Password)] ~responses:(module Responses) ~extractor:extractor ~scope:"/authentication"
Strategies and Responses modules are passed as first-class objects which suffice
FPauth.Auth_sign.RESPONSES signatures correspondingly. Extractor is a function which meets
FPauth_responsesyou can find some default responses in JSON and HTML format;
FPauth.Static.Paramsyou can find some default extractors from JSON-requests' bodies, forms or from query;
Done! Your application can now authenticate users!
It is possible to customize many aspects of the system workflow.
You can install only the packages you actually need:
FPauth-corecontains Session_manager, Authenticator, Router, Variables, as well as Static module and signatures. These allow you to build your own workflow almost from the ground;
OTPstrategies. If you don't need them - you can choose not to have them 😉;
FPauth-responsescontains some default responses on main authentication events;
You can write your own Strategies, Responses and Params Extractors.