co.gaiwan.oak.apis.assets
Static assets loaded from resources
Currently we're hard-coding specific asset routes. This isn't really scalable, but we shouldn't need many of them, and it means we don't end up serving things off the classpath or filesystem which we didn't intend to serve.
Static assets loaded from resources Currently we're hard-coding specific asset routes. This isn't really scalable, but we shouldn't need many of them, and it means we don't end up serving things off the classpath or filesystem which we didn't intend to serve.
co.gaiwan.oak.apis.auth
Authentication endpoints. Login, logout, etc.
Authentication endpoints. Login, logout, etc.
co.gaiwan.oak.apis.dashboard
Front page, some basic account management for the user
Front page, some basic account management for the user
co.gaiwan.oak.apis.jwks
JSON Web Key Set
Standard discoverable endpoint so third parties can validate our JWT tokens.
JSON Web Key Set Standard discoverable endpoint so third parties can validate our JWT tokens.
co.gaiwan.oak.apis.oauth
OAuth 2.1 authorization and token exchange
OAuth 2.1 authorization and token exchange
- authorize-response
- client-checks
- component
- error-html-response
- error-redirect-response
- error-response
- GET-authorization-server-metadata
- GET-authorize
- handle-authorization-code-grant
- handle-client-credentials-grant
- handle-refresh-token-grant
- identity-checks
- permission-dialog-response
- POST-exchange-token
- pre-client-checks
co.gaiwan.oak.apis.oidc
OpenID connect implementation
These are only the OIDC-specific endpoints like discovery or userinfo. Much of the OIDC logic lives inside the OAuth2 implemenation.
OpenID connect implementation These are only the OIDC-specific endpoints like discovery or userinfo. Much of the OIDC logic lives inside the OAuth2 implemenation.
co.gaiwan.oak.apis.proxy
reverse proxy to load resources from 3rd website
reverse proxy to load resources from 3rd website
co.gaiwan.oak.apis.totp
2FA endpoints.
- generate secret, store in session, show QR code
- user adds it to their authenticator app
- ask user for code from authenticator
- if code is valid, store secret as credential, remove from session
2FA endpoints. - generate secret, store in session, show QR code - user adds it to their authenticator app - ask user for code from authenticator - if code is valid, store secret as credential, remove from session
co.gaiwan.oak.app.admin-cli
Implementation of the oakadm CLI
Command line interface for various administrative tasks.
Implementation of the oakadm CLI Command line interface for various administrative tasks.
- -main
- commands
- create-jwk
- create-oauth-client
- create-token
- create-user
- db
- delete-oauth-client
- delete-user
- flags
- get-col
- init
- jwk-cols
- jwk-commands
- list-jwk
- list-oauth-clients
- list-users
- oauth-client-cols
- oauth-client-commands
- run-cmd
- show-config-cmd
- token-commands
- update-oauth-client
- update-user
- user-commands
- wrap-print-output
- wrap-stop-system
co.gaiwan.oak.app.config
Configuration and system setup, mostly wrappers around lambdaisland.config and makina.
Configuration and system setup, mostly wrappers around lambdaisland.config and makina.
co.gaiwan.oak.app.schema
Database schema
We automatically create missing tables/columns/indices when the database connection pool boots base on what's here.
Database schema We automatically create missing tables/columns/indices when the database connection pool boots base on what's here.
co.gaiwan.oak.domain.backup-code
Backup code that used together with 2FA
Backup code that used together with 2FA
co.gaiwan.oak.domain.credential
Store credentials, like password hashes, authenticator app codes, OTP codes, nonces for passwordless login, API keys, etc
Store credentials, like password hashes, authenticator app codes, OTP codes, nonces for passwordless login, API keys, etc
co.gaiwan.oak.domain.identifier
An identifier identifies an identity
Email, phone number, etc
An identifier identifies an identity Email, phone number, etc
co.gaiwan.oak.domain.identity
Identity entity, can be a human identity, or non-human identity
Identity entity, can be a human identity, or non-human identity
co.gaiwan.oak.domain.jwk
Domain layer for working with JWKs
Domain layer for working with JWKs
co.gaiwan.oak.domain.jwt
Utility functions for creating/handling JWTs and JWT claims.
Both access tokens and ID tokens.
Utility functions for creating/handling JWTs and JWT claims. Both access tokens and ID tokens.
co.gaiwan.oak.domain.oauth-authorization
Authorizations that have been granted through OAuth
Authorizations that have been granted through OAuth
co.gaiwan.oak.domain.oauth-client
Domain layer for oauth-client entities
Domain layer for oauth-client entities
co.gaiwan.oak.domain.oauth-code
Codes that can be exchanged in an oauth flow
Codes that can be exchanged in an oauth flow
co.gaiwan.oak.domain.refresh-token
Refresh tokens for OAuth flow
Refresh tokens for OAuth flow
co.gaiwan.oak.html.forms
Form components
Form components
co.gaiwan.oak.html.graphics
SVGs
SVGs
co.gaiwan.oak.html.tokens
- --accent-color
- --action-primary
- --bg-call-to-action
- --bg-call-to-action-dark
- --bg-call-to-action-hover
- --bg-call-to-action-light
- --bg-interactive
- --bg-panel
- --bg-surface
- --black
- --blue-0
- --blue-1
- --blue-10
- --blue-11
- --blue-12
- --blue-2
- --blue-3
- --blue-4
- --blue-5
- --blue-6
- --blue-7
- --blue-8
- --blue-9
- --border-call-to-action
- --border-input
- --border-panel
- --border-subtle
- --button-border
- --button-color
- --button-color-dark
- --button-color-hover
- --button-color-light
- --font-system-ui
- --gray-0
- --gray-1
- --gray-10
- --gray-11
- --gray-12
- --gray-2
- --gray-3
- --gray-4
- --gray-5
- --gray-6
- --gray-7
- --gray-8
- --gray-9
- --oak-green-0
- --oak-green-00
- --oak-green-1
- --oak-green-10
- --oak-green-11
- --oak-green-12
- --oak-green-13
- --oak-green-2
- --oak-green-3
- --oak-green-4
- --oak-green-5
- --oak-green-6
- --oak-green-7
- --oak-green-8
- --oak-green-9
- --radius-1
- --radius-2
- --radius-3
- --radius-4
- --radius-5
- --radius-6
- --red-0
- --red-1
- --red-10
- --red-11
- --red-12
- --red-2
- --red-3
- --red-4
- --red-5
- --red-6
- --red-7
- --red-8
- --red-9
- --shadow-1
- --shadow-2
- --shadow-3
- --shadow-4
- --shadow-5
- --shadow-6-inner
- --shadow-color
- --shadow-color-strong
- --size-00
- --size-000
- --size-1
- --size-10
- --size-11
- --size-12
- --size-13
- --size-14
- --size-15
- --size-2
- --size-3
- --size-4
- --size-5
- --size-6
- --size-7
- --size-8
- --size-9
- --size-fluid-1
- --size-fluid-10
- --size-fluid-11
- --size-fluid-12
- --size-fluid-13
- --size-fluid-14
- --size-fluid-15
- --size-fluid-2
- --size-fluid-3
- --size-fluid-4
- --size-fluid-5
- --size-fluid-6
- --size-fluid-7
- --size-fluid-8
- --size-fluid-9
- --status-error
- --status-info
- --status-success
- --status-warning
- --text-button
- --text-call-to-action
- --text-heading
- --text-inverted
- --text-panel
- --text-subtle
- --text-surface
- --white
- --yellow-0
- --yellow-1
- --yellow-10
- --yellow-11
- --yellow-12
- --yellow-2
- --yellow-3
- --yellow-4
- --yellow-5
- --yellow-6
- --yellow-7
- --yellow-8
- --yellow-9
- dark-mode-tokens
- prop-default-val
co.gaiwan.oak.html.widgets
Generic components
Generic components
co.gaiwan.oak.lib.auth-middleware
Middleware which populates the :identity key in the request based on Bearer token or session
These need to be added to the (group of) route(s) that need them. If they are routes end-users access in their browser, session-auth makes sense. If they are routes the relying party calls with a bearer token, then bearer-auth makes sense. Routes that don't need these should not have them.
Middleware which populates the :identity key in the request based on Bearer token or session These need to be added to the (group of) route(s) that need them. If they are routes end-users access in their browser, session-auth makes sense. If they are routes the relying party calls with a bearer token, then bearer-auth makes sense. Routes that don't need these should not have them.
co.gaiwan.oak.lib.automatic-schema
Automatic database schema evolution utilities
Automatic database schema evolution utilities
co.gaiwan.oak.lib.cli-error-mw
lambdaisland/cli middleware for convenient and pretty error handling
lambdaisland/cli middleware for convenient and pretty error handling
co.gaiwan.oak.lib.db
Convenience functions for next.jdbc/honeysql
Default to returning kebab-cased qualified maps.
Convenience functions for next.jdbc/honeysql Default to returning kebab-cased qualified maps.
co.gaiwan.oak.lib.email
Handle (outgoing) email
Handle (outgoing) email
co.gaiwan.oak.lib.hato-charred
Monkey patch Hato to read/write JSON using Charred
Monkey patch Hato to read/write JSON using Charred
No vars found in this namespace.
co.gaiwan.oak.lib.password4j
Wrapper around password4j that can detect the hash type based on the Modular Crypt Format (MCF) prefix.
Pepper and other settings can be configured through Password4j's own mechanisms,
-J-Dpsw4j.configuration=/my/path/to/password4j.properties
Wrapper around password4j that can detect the hash type based on the Modular Crypt Format (MCF) prefix. Pepper and other settings can be configured through Password4j's own mechanisms, `-J-Dpsw4j.configuration=/my/path/to/password4j.properties`
co.gaiwan.oak.lib.pg-jsonb
PostgreSQL JSONB type handling for next.jdbc
PostgreSQL JSONB type handling for next.jdbc
co.gaiwan.oak.lib.ring-csp
Middleware that sets a CSP policy.
CSP policy is configured through :http/csp-policy. The special value nonce
is replaced with nonce-<per-request-generated-nonce>, which can be accessed
through *csp-nonce*
Middleware that sets a CSP policy. CSP policy is configured through `:http/csp-policy`. The special value `nonce` is replaced with `nonce-<per-request-generated-nonce>`, which can be accessed through `*csp-nonce*`
co.gaiwan.oak.lib.totp
A library generate, verify time-based one time passwords for Multi-Factor Authentication.
A library generate, verify time-based one time passwords for Multi-Factor Authentication.
co.gaiwan.oak.system.database
PostgreSQL connection pool + JSONB setup
PostgreSQL connection pool + JSONB setup
co.gaiwan.oak.system.handler
HTTP handler, Ring-based
HTTP handler, Ring-based
co.gaiwan.oak.system.memory-store
Memory-based session store, used for testing
Memory-based session store, used for testing
co.gaiwan.oak.system.middleware
Global middleware, executes before reitit matches the request
Global middleware, executes before reitit matches the request
co.gaiwan.oak.system.router
HTTP router and middleware setup
HTTP router and middleware setup
co.gaiwan.oak.system.security-providers
Allow adding Java security providers through configuration
E.g. you might want to set BouncyCastle as the default, for FIPS Compliance.
Config keys: :java.security.provider/prepend /
:java.security.provider/append. Both take a collection of strings, which are
either a class name (assuming a zero-arg constructor), or
className/methodName, assuming a zero-arg static method for
initialization (e.g. Conscrypt)
Allow adding Java security providers through configuration E.g. you might want to set BouncyCastle as the default, for FIPS Compliance. Config keys: `:java.security.provider/prepend` / `:java.security.provider/append`. Both take a collection of strings, which are either a class name (assuming a zero-arg constructor), or className/methodName, assuming a zero-arg static method for initialization (e.g. Conscrypt)
co.gaiwan.oak.util.base64
Convert between base64 and byte-arrays
Regular and URL varieties
Convert between base64 and byte-arrays Regular and URL varieties
co.gaiwan.oak.util.bigint
Unopinioted BigInteger helpers
Unopinioted BigInteger helpers
co.gaiwan.oak.util.hash
Generic hashing utilities
Generic hashing utilities
co.gaiwan.oak.util.jose
A data-driven wrapper around nimbus-jose-jwt for Clojure.
Works with string-string maps.
A data-driven wrapper around nimbus-jose-jwt for Clojure. Works with string-string maps.
co.gaiwan.oak.util.log
Provides a structured, key-value logging interface on top of Log4j2. Inspired by pedestal.log and lambdaisland.glogi.
Usage: (require '[co.gaiwan.oak.util.log :as log])
(log/info :app/starting {:port 8080 :env :prod}) (try (/ 1 0) (catch Exception e (log/error :db/query-failed :query "SELECT * FROM users" :exception e)))
Built to work with structured output, in particular JsonLayout
Provides a structured, key-value logging interface on top of Log4j2.
Inspired by pedestal.log and lambdaisland.glogi.
Usage:
(require '[co.gaiwan.oak.util.log :as log])
(log/info :app/starting {:port 8080 :env :prod})
(try
(/ 1 0)
(catch Exception e
(log/error :db/query-failed :query "SELECT * FROM users" :exception e)))
Built to work with structured output, in particular JsonLayout co.gaiwan.oak.util.random
Generate (secure) random things
Generate (secure) random things
co.gaiwan.oak.util.routing
Helpers related to the reitit router/routing
Helpers related to the reitit router/routing
co.gaiwan.oak.util.uuid
UUID conversion functions
UUID conversion functions
co.gaiwan.oauth-tester
OAuth server implementation tester
Command line interface for testing OAuth server implementations.
OAuth server implementation tester Command line interface for testing OAuth server implementations.
co.gaiwan.oauth-tester.impl
OAuth tester tool implementation
OAuth tester tool implementation
- all-checks
- authorization-endpoint-rejects-implicit-grant
- authorization-endpoint-rejects-invalid-client-id
- authorization-endpoint-rejects-non-matching-redirect-uri
- authorization-endpoint-rejects-redirect-uri-with-suffix
- authorization-endpoint-requires-client-id
- authorization-endpoint-requires-redirect-uri
- fetch
- fetch-rfc8414-metadata
- run-check
- run-full-suite
- token-endpoint-supports-client-credentials-grant
- validate-bad-client-id-response
- validate-bad-redirect-uri-response
cljdoc builds & hosts documentation for Clojure/Script libraries
| Ctrl+k | Jump to recent docs |
| ← | Move to previous article |
| → | Move to next article |
| Ctrl+/ | Jump to the search field |