I’m currently writing a rest API using yesod. Everything was going pretty smoothly until I hit authentication. For better or worse, everyone at my company loves Google, and so one of the requirements for our app is that we can sign into this app via our Google accounts.
I’ve been reading on yesod-auth and also found yesod-auth-oauth2, but all of the documentation seems to be coming from the perspective that yesod is controlling both the frontend and the backend. This isn’t the case for my app. In my case, yesod is purely a backend rest API and the frontend is actually written in flutter.
Anyways from all the researching I’ve done, it seems like the basic idea is that I need to run the oauth process on the frontend to get a jwt, and then pass that as a header to the backend and validate it there. Assuming this is the right approach, is yesod-auth the appropriate tool to do this? Or perhaps I need to add it in as a wai middleware. Or am I way off base here?
Thanks for the help!