Liking cljdoc? Tell your friends :D


Gatekeeper is a collection of Ring middleware and handlers for authenticating and forwarding requests.


Clojars Project


Note: Version 2018.02.21 switched to access tokens, rather than id tokens. Upgrading without changing the client(s) to provide the right token will break authentication. More info here.


(ns myapp.core
  (:require [ring-gatekeeper.core :as auth])

(def app (-> root-handler
             (auth/authenticate [(MyAuthenticator.) (.MyOtherAuthenticator)])))

The authentication middleware is responsible for authenticating requests. It accepts a sequence of authenticators that the actual authentication is delegated to. The authenticators are called in order until one is found that can handle the request.

Requests are authenticated with an authentication token, which is extracted from the following locations, in order of preference:

  • the Bearer token from (get-in request [:headers "authorization"])
  • the "token" query parameter from (get-in request [:params "token"]) (you may need to use the wrap-params middleware for this to work)

If a user can be authenticated, the user information is set on the 'X-User' header. If no matching authenticators are found, or the authenticator reports that the request is not authorized, the request is passed through with no user. Any 'X-User' headers on the original request will be stripped.


Authenticators provide an interface to 3rd party authentication services.


Authenticates the user's token and adds the user's information from Auth0.

(ns myapp.core
  (:require [ring-gatekeeper.authenticators.auth0 :as auth0]))

(def my-authenticator (auth0/new-authenticator {:can-handle-request-fn (constantly true)
                                                :client-id "client-id"
                                                :client-secret "client-secret"
                                                :subdomain "subdomain"}))


  • can-handle-request-fn: Determines if the authenticator can handle a particular request
  • client-id: Auth0 client id
  • client-secret: Auth0 client secret
  • subdomain: Auth0 subdomain
  • cache: Cache for storing user info
  • auth0-url: URL to Auth0 endpoint (with trailing slash); useful for mocking Auth0 to speed up tests


Caches are used by various authenticators to improve performance.


(ns myapp.core
  (:require [ring-gatekeeper.cache.redis :as redis])

(def redis-conn {:pool {} :spec {:host "" :port 6379}})
(def auth-cache (redis/new-cache redis-conn {:key-prefix "user-info:"
                                             :expire-sec 2400}))


  • key-prefix: Prefix added on keys to prevent collisions
  • expire-sec: How long key should stay in the cache


This modifications in this fork are licensed as follows:

Copyright © 2017 OkLetsPlay

Distributed under the BSD 3-Clause License.

The original ring-gatekeeper was developed by Funding Circle and is licensed as follows:

Copyright © 2015 Funding Circle

Distributed under the BSD 3-Clause License.

Can you improve this documentation?Edit on GitHub

cljdoc is a website building & hosting documentation for Clojure/Script libraries

× close