Fixed:

• Moved HTTP bearer and basic auth helpers to vapor/http package. (#54)
• req.unauthenticate(...) now correctly destroys session. (#52)

Auth 2.0 is here 🎉 👤 Authentication and Authorization framework for Fluent (Authorization coming soon).

The Auth API Template has also been updated:

vapor new Hello --template=auth-template

Docs: https://docs.vapor.codes/3.0/auth/getting-started/

API Docs: https://api.vapor.codes/auth/latest/Authentication

Fixed:

• Updated to latest Fluent RCs.

Fixed:

• Token authentication middleware no longer throws if not authenticated. (#42)
• Fixed an issue where UserIDType typealias was required. (#41)

New:

• Added GuardAuthenticationMiddleware. Authentication middlewares will no longer fail if they cannot authenticate a user. This allows the package's middlewares to be composed together to do multiple authentication types on a single route.

Use Authenticatable.guardAuthMiddleware() to restore this error throwing behavior.

let protected = router.grouped(
    User.basicAuthMiddleware(...),
    User.guardAuthMiddleware()
)
protected.get("test") { req in
    return "This route is protected"
}

note: calling requireAuthenticated will always throw an error if User is not authed, regardless of the presence of GuardAuthenticationMiddleware.

Fixed:

• Authenticatable protocols have had Model requirements removed. Free conformance still applies where Model conformance exists.
• Crypto module is now being exported by default.

Milestone: 2.0.0-rc.4