Rewrite documentation

[domenkozar]

outline

• overview
• readme
• user guide
  • xsrf options
    • document same-site as sane default
    • CSRF: document how double submit protection works #97 document we're using double-submit protection
    • CSRF gets reset too often causing race condition in browser #71 document ajax with double-submit has a racing condition
    • Extensible CSRF handling #55 show that double-submit can be turned off and show what alternatives we support from https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
  • cookies
  • basicauth
  • JWT tokens
  • Authorization versus Authentication #73 authorization
  • How to use with a session store #132 mention that key used for JWT means that we'll be able to decrypt cookies so it should be persistet
  • How to implement new authorization schemes #119 new authorization schemes?

closes

• Form login #15 integrate this PR
• Document how this package relates to Servant.API.Experimental.Auth and servant's BasicAuth #2 upstream servant-auth into servant
• Prepare to be official #64 prepare to be official once Document how this package relates to Servant.API.Experimental.Auth and servant's BasicAuth #2 is done
• Add example of POSTing to /login #43 add example POSTing to /login

[vlatkoB]

Maybe a few words about differences between servant-auth, servant-auth-server and servant-client. Just started reading about auth in servant and am a little confused which to focus on.

[alpmestan]

It's similar to servant vs servant-server vs servant-client:

• servant-auth has the combinators to use in API types and some related types/functions/etc
• servant-auth-server has the server interpretation of those combinators and related types/functions/etc
• servant-auth-server has the client interpretation of those combinators and related types/functions/etc