(jws-producer ->json-bytes algo secret)Given a fn able to convert clj-data to JSON bytes,
an HMAC algorithm (:hs256,384,512), and a <secret> (a byte-array
or String whose length should be at least 256,384,512 / 8),
returns a fn taking arbitrary <claims> (a map), converting them
to proper JWT format, signing them, and returning the JWS data +
the full :token in the metadata.
Given a fn able to convert clj-data to JSON bytes, an HMAC algorithm (:hs256,384,512), and a <secret> (a byte-array or String whose length should be at least 256,384,512 / 8), returns a fn taking arbitrary <claims> (a map), converting them to proper JWT format, signing them, and returning the JWS data + the full `:token` in the metadata.
(jws-reader <-json-bytes)Given a fn able to convert JSON bytes to clj-data, returns
a function which 'reads' a JWS token (String) as a clj-map.
The full :token is preserved in the metadata, alongside a
:verify predicate, able to check the signature (given a secret).
Given a fn able to convert JSON bytes to clj-data, returns a function which 'reads' a JWS token (String) as a clj-map. The full `:token` is preserved in the metadata, alongside a `:verify` predicate, able to check the signature (given a secret).
(wrap-raw-body uri-pred)Given a uri (per ring :uri key) predicate (e.g. a set),
returns middleware which conditionally enhances the request
with a new key (:body-raw). Useful for webhook endpoints that
need to sign/verify the payload in order to verify its authenticity.
Must be called fairly early in the middleware chain (if not first).
Given a uri (per ring `:uri` key) predicate (e.g. a set), returns middleware which conditionally enhances the request with a new key (:body-raw). Useful for webhook endpoints that need to sign/verify the payload in order to verify its authenticity. Must be called fairly early in the middleware chain (if not first).
(wrap-with-signature-verification {:keys [mac-algo hex-format sig-key secret
secret-fn sig-fn eq-fn body-raw-fn
wrong-signature-ret]
:or {sig-fn identity
body-raw-fn identity
eq-fn =
mac-algo "HmacSHA256"
wrong-signature-ret wrong-signature-resp
hex-format (HexFormat/of)}})Given at least a :secret (bytes/String) & sig-key (header to look for the provided signature),
returns middleware that will perform payload signature verification before calling the handler.
Must be called after wrap-raw-body, in order to get access to the :body-raw key.
Options may include:
identity)=)HexFormat instance (defaults to (HexFormat/of))Given at least a `:secret` (bytes/String) & `sig-key` (header to look for the provided signature), returns middleware that will perform payload signature verification before calling the handler. Must be called after `wrap-raw-body`, in order to get access to the `:body-raw` key. Options may include: - :mac-algo - the Mac algorithm to use (defaults to 'HmacSHA256') - :secret - a string/byte-array/sequence to use as the SecretKeySpec when signing (mandatory) - :secret-fn - a function of the req that will return the secret (string or bytes) - :body-raw-fn - a function transforming the raw bytes of the incoming request (e.g. prepending/appending extra stuff) - :sig-key - the request header name where the provided signature will be located (mandatory) - :sig-fn - a 1-arg fn transforming the provided signature (defaults to `identity`) - :eq-fn - a 2-arg fn to compare the provided VS calculated signatures (defaults to `=`) - :hex-format - a `HexFormat` instance (defaults to `(HexFormat/of)`)
cljdoc builds & hosts documentation for Clojure/Script libraries
| Ctrl+k | Jump to recent docs |
| ← | Move to previous article |
| → | Move to next article |
| Ctrl+/ | Jump to the search field |