co.gaiwan.oak.lib.auth-middleware

Liking cljdoc? Tell your friends :D

Clojure only.

before-or-equal
get-session-auth
update-session-auth!
wrap-api-auth
wrap-auth-claims
wrap-basic-auth
wrap-open-auth
wrap-strong-auth

Middleware which populates the :identity key in the request based on Bearer token or session

These need to be added to the (group of) route(s) that need them. If they are routes end-users access in their browser, session-auth makes sense. If they are routes the relying party calls with a bearer token, then bearer-auth makes sense. Routes that don't need these should not have them.

Middleware which populates the :identity key in the request based on Bearer
token or session

These need to be added to the (group of) route(s) that need them. If they are
routes end-users access in their browser, session-auth makes sense. If they
are routes the relying party calls with a bearer token, then bearer-auth makes
sense. Routes that don't need these should not have them.

raw docstring

before-or-equal^clj

(before-or-equal t1 t2)

Return true if t1 <= t2

Return true if t1 <= t2

raw docstring

get-session-auth^clj

(get-session-auth session type)

update-session-auth!^clj

(update-session-auth! session auth)

wrap-api-auth^clj

(wrap-api-auth h)

Accept Authorization: Bearer style authentication.

Will verify that the token parses according to one of our JWK, and is not expired.

Accept Authorization: Bearer style authentication.

Will verify that the token parses according to one of our JWK, and is not expired.

raw docstring

wrap-auth-claims^clj

(wrap-auth-claims handler)

Consolidated authorization handler with step-up

Requires an :auth-claim key in the route metadata

:public - route is publicly accessible, identity is not resolved
:open - route is publicly accessible, identity is resolved
:basic - default level of access for web-based routes, require 2FA if configured, but allow password-auth if not
:strong - require a recent (< 5 min) second factor challenge, if not, performs a step-up
:api - authenticate via Authorization: Bearer, session is ignored

Consolidated authorization handler with step-up

Requires an `:auth-claim` key in the route metadata

- `:public` - route is publicly accessible, identity is not resolved
- `:open`   - route is publicly accessible, identity is resolved
- `:basic`  - default level of access for web-based routes, require 2FA if
              configured, but allow password-auth if not
- `:strong` - require a recent (< 5 min) second factor challenge, if not,
              performs a step-up
- `:api`    - authenticate via Authorization: Bearer, session is ignored

raw docstring

wrap-basic-auth^clj

(wrap-basic-auth h)

wrap-open-auth^clj

(wrap-open-auth h)

wrap-strong-auth^clj

(wrap-strong-auth h)

cljdoc builds & hosts documentation for Clojure/Script libraries

Keyboard shortcuts

`Ctrl`+`k`	Jump to recent docs
`←`	Move to previous article
`→`	Move to next article
`Ctrl`+`/`	Jump to the search field

Raise an issue Browse cljdoc source Chat on Slack

× close