Optional authentication

[felixSchl]

Hey, thank you for this library and the example code. I have a use-case I cannot figure out how to go about. Some of my routes work both for authenticated and unauthenticated requests. Naturally, I'd like a Maybe Session. I saw getSession is pretty much what I am after, but if I don't throw a 403 at the AuthHandler level, all my other routes have to take a missing session into account and I have to sprinkle the 403 logic everywhere. If I want to keep throwing 403s at the AuthHandler level, I cannot seem to figure out how to pull the session out of other requests. I assume I need something akin to AuthProtect that calls a different auth handler function. Reading this back, it seems this might be a issue (or question) better situated in servant-auth servant, so feel free to close it if you think so, too.

[zohl]

Hello!

You're right, it can be achieved with two auth-handlers, one for cookie/err403 cases and one for cookie/no-cookie cases, that returns Maybe Session. However, at the moment it's not possible to reuse library's code for another handler.

I'll be thinking, in which way to tweak the library to make it possible.