Authentication and authorization functions
Authentication and authorization functions
Creates token contents for a build, to be used by a build script.
Creates token contents for a build, to be used by a build script.
(config->keypair conf)
Loads private and public keys from the app config, returns a map that can be
used in the context :jwk
Loads private and public keys from the app config, returns a map that can be used in the context `:jwk`.
(customer-authorization h)
Middleware that verifies the identity token to check if the user or build has access to the given customer.
Middleware that verifies the identity token to check if the user or build has access to the given customer.
Default token expiration period, one day
Default token expiration period, one day
(expired? {:keys [exp]})
Returns true if token has expired
Returns true if token has expired
(generate-jwt req payload)
Signs a JWT using the keypair from the request context.
Signs a JWT using the keypair from the request context.
(generate-jwt-from-rt rt payload)
Generates a JWT from the private key in the runtime
Generates a JWT from the private key in the runtime
Generates a new RSA keypair
Generates a new RSA keypair
Generates a random secret key object
Generates a random secret key object
(hash-pw pw)
Creates SHA256 hash of password, returns hex encoded string
Creates SHA256 hash of password, returns hex encoded string
(make-jwk pub)
Creates a JWK object from a public key that can be exposed for external verification.
Creates a JWK object from a public key that can be exposed for external verification.
(parse-signature s)
Parses HMAC signature header, returns the algorithm and the signature.
Parses HMAC signature header, returns the algorithm and the signature.
(secure-ring-app app rt)
Wraps the ring handler so it verifies the JWT authorization header
Wraps the ring handler so it verifies the JWT authorization header
Creates token contents for a system admin, a user that has special privileges.
Creates token contents for a system admin, a user that has special privileges.
Retrieves current user id from request
Retrieves current user id from request
Creates token contents for an authenticated user
Creates token contents for an authenticated user
(valid-security? {:keys [secret payload x-hub-signature]})
Validates security header
Validates security header
(validate-hmac-security h
{:keys [get-secret header]
:or {header "x-hub-signature-256"}})
Middleware that validates the HMAC security header using a fn that retrieves the secret for the request.
Middleware that validates the HMAC security header using a fn that retrieves the secret for the request.
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close