All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
b-social/liberator-mixin
.liberator.mixin
:routes
to :router
in liberator.mixin.hal
and
liberator.mixin.hypermedia
to reflect upstream changes in hype
.liberator.mixin.core
and the specific mixins moved respectively to:
liberator.mixin.authorisation
liberator.mixin.context
liberator.mixin.hal
liberator.mixin.hypermedia
liberator.mixin.json
liberator.mixin.logging
liberator.mixin.validation
liberator-mixin.hal
namespace now includes a
with-method-not-allowed-handler
mixin for correctly handling method not
allowed responses as a HAL resource.with-hal-mixin
mixin now includes the with-exception-handler
,
with-unauthorized-handler
, with-forbidden-handler
and
with-method-not-allowed-handler
mixins.with-jwt-scopes
mixin now allows specifying whether a token is required
on the request via the :token-required?
configuration option.with-bearer-token
now allows the :token-type
configuration option to be a
seq of accepted token types, with nil
representing there being no token type
identifier in the header value. All :token-type
s are attempted when parsing
a token header.liberator-mixin.hal
namespace now includes a with-unauthorized-handler
mixin for correctly handling unauthorized responses as a HAL resource.with-jwt-scopes
mixin has been added in
liberator-mixin.authorisation.unverified
allowing the scopes claim to be
extracted to context but not verified.with-bearer-token
mixin now allows the header to look in for a token
to be specified via the :token-header-name
configuration option, which
defaults to "Authorization".:token-required?
configuration option now allows a map of methods to
booleans to be used, such that requiring a token can be opted out of for
certain methods.:token-missing
configuration option for with-token-authorization
has been removed in favour of a new :token-required?
configuration option,
which when false will allow requests to proceed even if there is no token
on the request.malformed?
and allowed?
decisions for liberator have now been used
rather than manually constructing responses within
liberator-mixin.authorisation
.with-handle-unauthorized-token
mixin has been renamed to
with-www-authenticate-header
.:as-response
rather than overriding
:handle-unauthorized
.ScopeValidator
now allows required scopes to be specified by request
method.with-access-token
mixin has been renamed to with-bearer-token
.with-jws-access-token
mixin has been renamed to
with-token-authorization
.with-www-authenticate
mixin has been renamed to
with-handle-unauthorized-token
.:token-missing
configuration option has been added for use by
with-token-authorization
allowing the action to perform in the case of a
missing token to be customises, defaulting to responding with an unauthorized
response.liberator-mixin.hal
namespace now includes a with-forbidden-handler
mixin for correctly handling forbidden responses as a HAL resource.No observable change.
with-jws-access-token
mixin now allows a seq of ClaimValidator
instances to be provided via the :token-validators
configuration option
making the claim validator more general purpose and extensible and less
opinionated.scope-validator
function has been replaced with a ScopeValidator
type,
implementing ClaimValidator
which can be used in the aforementioned
:token-validators
seq.with-logger
mixin has been introduced in the liberator-mixin.logging
namespace, allowing a logger
to be set on the context for use by other
mixins.WWW-Authenticate
header was incorrectly reporting the underlying error.
This has now been resolved.with-www-authenticate
mixin now allows an :error-body
to be set on
the context, used as the body of the error response.with-jws-access-token-mixin
has been added that sets up all parts of JWS
access token management.with-access-token
mixin has been pulled out of with-jws-access-token
so that extracting and parsing the token can be performed independently
without further verification.:token-key
option used by with-jws-access-token
now accepts a function
in addition to a value, which is called with context
in order to retrieve
the token key.liberator-mixin.jws-authorisation
namespace has been renamed to
liberator-mixin.authorisation
.with-jws-authorisation
mixin has been renamed to
with-jws-access-token
.with-jws-unauthorised
mixin has been renamed to with-www-authenticate
.with-jws-access-token
has moved from mixin construction
time to runtime by adding :token-type
, :token-options
, :token-key
,
:token-claims
and :token-parser
configuration options to the liberator
handler map.scope-validator
function has been added to liberator-mixin.authorisation
returning a claim validator to be used in the :token-claims
configuration
option.with-jws-authorisation
mixin required the token type in the
authorization header (e.g., "Bearer") to match specific casing. Now, the check
is case-insensitive.with-jws-unauthorised
has been tidied up to
use a standard error format.with-jws-unauthorised-as-json
has been renamed to with-jws-unauthorised
and no longer returns a JSON error body in the case of an authorisation
failure, to comply with the JWT RFC.with-jws-unauthorised-as-json
mixin was
invalid due to a typo. This has now been resolved.with-jws-unauthorised-as-json
mixin was not correctly rendering error
responses due to a missing representation media type. This has now been
resolved.with-jws-unauthorised-as-json
mixin now includes an OpenID conformant
error header on the response in the case of a JWS authorisation failure.with-jws-unauthorised-as-json
mixin has been added to the
liberator-mixin.jws-authorisation
namespace allowing a JWS authorisation
failure to produce a descriptive JSON error response.liberator-mixin.jws-authorisation
namespace has been introduced with a
with-jws-authorisation
mixin which allows verifying a JWS token on the
request, including verifying the contents of the scope claim.liberator-mixin.context
has now been partially documented.liberator-mixin.hal
, liberator-mixin.hypermedia
and
liberator-mixin.json
has been improved.jason
and camel-snake-kebab
dependencies have been upgraded.liberator-mixin.context
has now been documented.liberator-mixin.context/with-attributes-in-context
mixin has been
introduced, allowing multiple attributes to be added to context at once.liberator-mixin.core
has now been documented.liberator-mixin.core/merge-decisions
and liberator-mixin.core/merge-resource-definitions
now have increased test
coverage.left
is false
,
no merge would take place during
liberator-mixin.core/merge-resource-definitions
.liberator-mixin.validation
mixin now allows nil
validators, so that
the validator can be something like (by-method :post (validator))
in a
resource that supports both GET and POST requests.FnBackedValidator
and factory function have been added to simplify
building Validator
instances from existing functions.liberator-mixin.validation
mixin now validates all known, validatable
methods by default.jason
has been upgraded to the latest version.jason
which provides default support
for time types.liberator-mixin.hypermedia
have been replaced
by hype
, which now supersedes them in capability.slurp
ing body before attempting JSON parse.jason
has been upgraded to a version that fixes a bug in the library.hal
and json
mixins now use jason
for JSON encoding and decoding
instead of cheshire
.allowed-methods
,
available-media-types
etc can now be merged.json->map
and map->json
are now public.Unreleased.
No observable change.
liberator-mixin
.No observable change.
Released without CHANGELOG.md.
Can you improve this documentation? These fine people already did:
Toby Clemson, Alex Parlett, Jonas Svalin, Paul Hutchin, Samuel Fekete, Ina Tsetsova, jimmythompson & Tristram OatenEdit on GitHub
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close