(hmac-fn algo secret)
(jws-producer ->json-bytes algo secret)
Given a fn able to convert clj-data to JSON bytes,
an HMAC algorithm (:hs256,384,512), and a <secret> (a byte-array
or String whose length should be at least 256,384,512 / 8),
returns a fn taking arbitrary <claims> (a map), converting them
to proper JWT format, signing them, and returning the JWS data +
the full :token
in the metadata.
Given a fn able to convert clj-data to JSON bytes, an HMAC algorithm (:hs256,384,512), and a <secret> (a byte-array or String whose length should be at least 256,384,512 / 8), returns a fn taking arbitrary <claims> (a map), converting them to proper JWT format, signing them, and returning the JWS data + the full `:token` in the metadata.
(jws-reader <-json-bytes)
Given a fn able to convert JSON bytes to clj-data, returns
a function which 'reads' a JWS token (String) as a clj-map.
The full :token
is preserved in the metadata, alongside a
:verify
predicate, able to check the signature (given a secret).
Given a fn able to convert JSON bytes to clj-data, returns a function which 'reads' a JWS token (String) as a clj-map. The full `:token` is preserved in the metadata, alongside a `:verify` predicate, able to check the signature (given a secret).
(wrap-raw-body uri-pred)
Given a uri (per ring :uri
key) predicate (e.g. a set),
returns middleware which conditionally enhances the request
with a new key (:body-raw). Useful for webhook endpoints that
need to sign/verify the payload in order to verify its authenticity.
Must be called fairly early in the middleware chain (if not first).
Given a uri (per ring `:uri` key) predicate (e.g. a set), returns middleware which conditionally enhances the request with a new key (:body-raw). Useful for webhook endpoints that need to sign/verify the payload in order to verify its authenticity. Must be called fairly early in the middleware chain (if not first).
(wrap-with-signature-verification
{:keys [mac-algo hex-format sig-key secret sig-fn eq-fn]
:or
{sig-fn identity eq-fn = mac-algo "HmacSHA256" hex-format (HexFormat/of)}})
Given at least a :secret
(bytes/String) & sig-key
(header to look for the provided signature),
returns middleware that will perform payload signature verification before calling the handler.
Must be called after wrap-raw-body
, in order to get access to the :body-raw
key.
Options may include:
identity
)=
)HexFormat
instance (defaults to (HexFormat/of)
)Given at least a `:secret` (bytes/String) & `sig-key` (header to look for the provided signature), returns middleware that will perform payload signature verification before calling the handler. Must be called after `wrap-raw-body`, in order to get access to the `:body-raw` key. Options may include: - :mac-algo - the Mac algorithm to use (defaults to 'HmacSHA256') - :secret - a string or byte-array/sequence to use as the SecretKeySpec when signing (mandatory) - :sig-key - the request header name where the provided signature will be located (mandatory) - :sig-fn - a 1-arg fn transforming the provided signature (defaults to `identity`) - :eq-fn - a 2-arg fn to compare the provided VS calculated signatures (defaults to `=`) - :hex-format - a `HexFormat` instance (defaults to `(HexFormat/of)`)
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close