Liking cljdoc? Tell your friends :D

dev.gethop.buddy-auth.jwt-oidc.impl.core


backoff-msclj

Retry policy back-off configuration (specified in milliseconds

Retry policy back-off configuration (specified in milliseconds
sourceraw docstring

create-pubkey-cacheclj

(create-pubkey-cache pubkeys-expire-in)

Create a cache for JWK public keys. pubkeys-expire-in is the TTL for the entries of the cache, expressed in seconds

Create a cache for JWK public keys.
`pubkeys-expire-in` is the TTL for the entries of the cache,
expressed in seconds
sourceraw docstring

create-token-cacheclj

(create-token-cache max-cached-tokens)

Create a cache for validated tokens. The cache is limited in size to max-cached-tokens, and uses a LRU eviction strategy when the limit is reached. Individually, each token is evicted when its time to live (TTL), expressed in milli-seconds, is reached.

Create a cache for validated tokens.
The cache is limited in size to `max-cached-tokens`, and uses a LRU
eviction strategy when the limit is reached. Individually, each
token is evicted when its time to live (TTL), expressed in
milli-seconds, is reached.
sourceraw docstring

failed-validation-ttlclj

TTL for failed token validations, expressed in milli-seconds

TTL for failed token validations, expressed in milli-seconds
sourceraw docstring

get-jwksclj

(get-jwks {:keys [pubkey-cache jwks-uri well-known-url] :as context})

Get the public keys from the JWKS.

The JWKS can be retrieved either from the well-known-url OpenID Connect Provider configuration, or from a specific jwks-uri. Uses pubkey-cache for caching results. Uses timeout and retries configuration as specified in connection-policy for the connection.

Returns a collection with the public keys or nil if the JWKS content is not available, or doesn't contain valid public keys.

Get the public keys from the JWKS.

The JWKS can be retrieved either from the `well-known-url` OpenID
Connect Provider configuration, or from a specific `jwks-uri`. Uses
`pubkey-cache` for caching results. Uses timeout and retries
configuration as specified in `connection-policy` for the
connection.

Returns a collection with the public keys or `nil` if the JWKS
content is not available, or doesn't contain valid public keys.
sourceraw docstring

get-jwks-from-jwks-uriclj

(get-jwks-from-jwks-uri {:keys [logger connection-policy] :as _context}
                        jwks-uri)

Get the public keys from the JSON Web Key Set at jwks-uri. Uses timeout and retries configuration as specified in connection-policy for the connection.

Returns a collection with the public keys extracted from the JWKS, or nil if it can't retrieve them. Logs to logger any relevant issues that may prevent the key set from being retrieved.

Get the public keys from the JSON Web Key Set at `jwks-uri`.
Uses timeout and retries configuration as specified in
`connection-policy` for the connection.

Returns a collection with the public keys extracted from the JWKS,
or `nil` if it can't retrieve them. Logs to `logger` any relevant
issues that may prevent the key set from being retrieved.
sourceraw docstring

get-jwks-from-well-knownclj

(get-jwks-from-well-known {:keys [logger connection-policy] :as context}
                          well-known-url)

Get the public keys from the OIDC Provider JWKS, using the ".well-known" URL. Retrieves the configuration from well-know-url, from there the JWKS URI, and from that URI the actual JWKS. Uses connection-policy for time-outs and retries, and logs success or failure to logger. Returns a collection with the public keys or nil if the JWKS content is not available, or doesn't contain valid public keys.

Get the public keys from the OIDC Provider JWKS, using the ".well-known" URL.
Retrieves the configuration from `well-know-url`, from there the
JWKS URI, and from that URI the actual JWKS. Uses
`connection-policy` for time-outs and retries, and logs success or
failure to `logger`.
Returns a collection with the public keys or `nil` if the JWKS
content is not available, or doesn't contain valid public keys.
sourceraw docstring

get-urlclj

(get-url url logger {:keys [timeout retries] :as connection-policy})

Retrieve given url. Uses timeout and retries configuration as specified in connection-policy for the connection and follows redirects. Logs to logger any relevant issues that may prevent the url from being retrieved.

Returns nil if the connection cannot be stablished, the content cannot be retrieved or the status response is not 2xx.

Retrieve given `url`.
Uses timeout and retries configuration as specified in
`connection-policy` for the connection and follows redirects. Logs to
`logger` any relevant issues that may prevent the url from being
retrieved.

Returns `nil` if the connection cannot be stablished, the
content cannot be retrieved or the status response is not 2xx.
sourceraw docstring

initial-delayclj

Initial delay for retries, specified in milliseconds.

Initial delay for retries, specified in milliseconds.
sourceraw docstring

max-delayclj

Maximun delay for a connection retry, specified in milliseconds. We are using truncated binary exponential backoff, with max-delay as the ceiling for the retry delay.

Maximun delay for a connection retry, specified in milliseconds. We
are using truncated binary exponential backoff, with `max-delay` as
the ceiling for the retry delay.
sourceraw docstring

symmetric-key-typesclj

See https://tools.ietf.org/html/rfc7518#section-6.4 for details
sourceraw docstring

symmetric-signature-algsclj

See https://tools.ietf.org/html/rfc7518#section-3.1 and https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms for details. jws/decode-header returns the standard algorithm names as lower-case keywords, so specify them here as such.

See https://tools.ietf.org/html/rfc7518#section-3.1 and
https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms
for details. `jws/decode-header` returns the standard algorithm
names as lower-case keywords, so specify them here as such.
sourceraw docstring

validate-tokenclj

(validate-token {:keys [logger] :as context} token)

Validate OpenID Connect ID token, caching results to speed up recurrent validations. Returns the :sub claim from the token, or nil if the token is invalid. context is a map with at least the following keys:

:pubkey-cache A clojure.core.cache compatible instance, to cache the public keys of the Issuer. :token-cache A clojure.core.cache compatible instance, to cache token validation results. :claims A map with the claims that the token must satisfy. At least the following keys must exist: :iss Case-sensitive URL for the Issuer Identifier. :aud Audience(s) the ID Token is intended for. :logger A logger compatible with Duct/logger protocol. Any relevant issues that may prevent tokens from begin validated are sent to this logger. :connection-policiy Optional: A policy for timeouts and retries when trying to retrieve the JWKS signing keys. :jwks-uri Optional: The URL of the config (OpenID Connect Provider) JSON Web Key Set document. :well-known-url Optional: The URL of the OpenID Connect Provider where Discovery document is available at.

Validate OpenID Connect ID `token`, caching results to speed up recurrent validations.
Returns the `:sub` claim from the token, or `nil` if the token is
invalid. `context` is a map with at least the following keys:

:pubkey-cache A `clojure.core.cache` compatible instance, to cache the public keys
            of the Issuer.
:token-cache A `clojure.core.cache` compatible instance, to cache token validation results.
:claims A map with the claims that the token must satisfy. At least
        the following keys must exist:
           :iss Case-sensitive URL for the Issuer Identifier.
           :aud Audience(s) the ID Token is intended for.
:logger A logger compatible with Duct/logger protocol. Any relevant
        issues that may prevent tokens from begin validated are sent to
        this logger.
:connection-policiy Optional: A policy for timeouts and retries when
        trying to retrieve the JWKS signing keys.
:jwks-uri Optional: The URL of the config (OpenID Connect Provider)
        JSON Web Key Set document.
:well-known-url Optional: The URL of the OpenID Connect Provider
        where Discovery document is available at.
sourceraw docstring

validate-token*clj

(validate-token* token pubkeys claims logger)

Validate an OpenId Connect ID token against the token issuer. pubkeys is a collection of public keys that can have signed the token. The claims map should contain at least the following keys:

:iss Case-sensitive URL for the Issuer Identifier. :aud Audience(s) the ID Token is intended for.

A map is returned with the following keys:

:sub The identity (subject) extracted from the token if valid. Otherwise, nil.

:exp The expiry time (exp) extracted from the token if valid, as a number representing the number of seconds from 1970-01-01T00:00:00Z as measured in UTC. Otherwise, nil.

Validate an OpenId Connect ID `token` against the token issuer.
`pubkeys` is a collection of public keys that can have signed the
token. The `claims` map should contain at least the following
keys:

  :iss Case-sensitive URL for the Issuer Identifier.
  :aud Audience(s) the ID Token is intended for.

A map is returned with the following keys:

  :sub The identity (subject) extracted from the token if valid. Otherwise, `nil`.

  :exp The expiry time (exp) extracted from the token if valid, as a number
       representing the number of seconds from 1970-01-01T00:00:00Z as
       measured in UTC. Otherwise, `nil`.
sourceraw docstring

cljdoc is a website building & hosting documentation for Clojure/Script libraries

× close