HasOpenApi for BasicAuth

[gromakovsky]

BasicAuth is defined in the servant package, so I think it makes sense to have instance HasOpenApi sub => HasOpenApi (BasicAuth realm a :> sub) in servant-openapi3.

There is an old issue about it in servant-swagger: haskell-servant/servant-swagger#34. The last comment there recommends using servant-auth instead, but BasicAuth still exists in servant and is not deprecated, so I think this instance should be useful for some projects. I actually ported this implementation and got something like

instance HasOpenApi sub => HasOpenApi (BasicAuth realm a :> sub) where
  toOpenApi _ = toOpenApi @sub Proxy
    & OpenApi.security <>~ securityRequirements
    & OpenApi.components . OpenApi.securitySchemes <>~ securitySchemes
    where
      oneRequirement req = [OpenApi.SecurityRequirement req]
      securityRequirements =
        oneRequirement $ InsOrd.fromList [("BasicAuth", [])]
      securitySchemes = InsOrd.fromList [("BasicAuth", securityScheme)]
      securityScheme =
        OpenApi.SecurityScheme (OpenApi.SecuritySchemeHttp OpenApi.HttpSchemeBasic) Nothing

which looks in line with https://swagger.io/docs/specification/authentication/basic-authentication/.

So now I can make a PR with this instance, but before doing that I'd like to check whether it's actually needed 🙂

[maksbotan]

Hi!

I don't mind having this instance in the package. I don't see a lot of sense in it though. Does anyone in the wild use BasicAuth provided by servant?

Feel free to make a PR if you think it should be there, I'll gladly accept it :)

[gdeest]

We are also receiving requests on the servant side ( haskell-servant/servant#1505 ), so I think there is a need for these instances (and servant-openapi3 definitely looks like the right place).