Token endpoint implementation for OAuth2/OIDC.
Token endpoint implementation for OAuth2/OIDC.
(authenticate-client params authorization-header client-store)Authenticates an OAuth2 client from request parameters or Basic auth header.
Resolves the client identity from params (:client_id / :client_secret)
or the authorization-header (HTTP Basic), looks the client up in
client-store, and verifies credentials. Returns the client config map on
success. Throws ex-info on missing, unknown, or mismatched credentials.
Authenticates an OAuth2 client from request parameters or Basic auth header. Resolves the client identity from `params` (`:client_id` / `:client_secret`) or the `authorization-header` (HTTP Basic), looks the client up in `client-store`, and verifies credentials. Returns the client config map on success. Throws `ex-info` on missing, unknown, or mismatched credentials.
(handle-authorization-code-grant {:keys [code redirect_uri code_verifier]}
client
provider-config
code-store
token-store
claims-provider)Handles authorization_code grant type.
Args: params: Token request parameters client: Authenticated client configuration provider-config: Provider configuration map code-store: AuthorizationCodeStore implementation token-store: TokenStore implementation claims-provider: ClaimsProvider implementation
Returns: Token response map
Handles authorization_code grant type. Args: params: Token request parameters client: Authenticated client configuration provider-config: Provider configuration map code-store: AuthorizationCodeStore implementation token-store: TokenStore implementation claims-provider: ClaimsProvider implementation Returns: Token response map
(handle-client-credentials-grant {:keys [scope resource]}
client
provider-config
token-store)Handles client_credentials grant type.
Args: params: Token request parameters client: Authenticated client configuration provider-config: Provider configuration map token-store: TokenStore implementation
Returns: Token response map
Handles client_credentials grant type. Args: params: Token request parameters client: Authenticated client configuration provider-config: Provider configuration map token-store: TokenStore implementation Returns: Token response map
(handle-refresh-token-grant {:keys [refresh_token scope resource]}
client
provider-config
token-store)Handles refresh_token grant type.
Args: params: Token request parameters client: Authenticated client configuration provider-config: Provider configuration map token-store: TokenStore implementation
Returns: Token response map
Handles refresh_token grant type. Args: params: Token request parameters client: Authenticated client configuration provider-config: Provider configuration map token-store: TokenStore implementation Returns: Token response map
(handle-token-request params
authorization-header
provider-config
client-store
code-store
token-store
claims-provider)Handles token endpoint requests.
Takes the parsed params map (as produced by Ring's wrap-params and
wrap-keyword-params middleware), the authorization-header for client
authentication, and the usual provider stores. Multi-value resource
parameters (RFC 8707) should already be present in params as a string or
vector — Ring's wrap-params handles this automatically for repeated form
fields. Validates the request, authenticates the client, and dispatches to
the appropriate grant handler. Returns a token response map. Throws ex-info
on validation or processing errors.
Handles token endpoint requests. Takes the parsed `params` map (as produced by Ring's `wrap-params` and `wrap-keyword-params` middleware), the `authorization-header` for client authentication, and the usual provider stores. Multi-value `resource` parameters (RFC 8707) should already be present in `params` as a string or vector — Ring's `wrap-params` handles this automatically for repeated form fields. Validates the request, authenticates the client, and dispatches to the appropriate grant handler. Returns a token response map. Throws `ex-info` on validation or processing errors.
(parse-basic-auth authorization-header)Parses an HTTP Basic Authorization header into client credentials.
Decodes the Base64-encoded client_id:client_secret pair from the header
value. Returns a map with :client-id and :client-secret keys, or nil
when the header is absent or not a Basic scheme.
Parses an HTTP Basic Authorization header into client credentials. Decodes the Base64-encoded `client_id:client_secret` pair from the header value. Returns a map with `:client-id` and `:client-secret` keys, or `nil` when the header is absent or not a Basic scheme.
(token-error-response error
error-description
&
{:keys [status] :or {status 400}})Creates an OAuth2 error response with cache-control headers per RFC 6749 §5.1.
Takes an error code string, an error-description string, and an optional
:status (defaults to 400). Returns a Ring response map with JSON body and
Cache-Control: no-store / Pragma: no-cache headers.
Creates an OAuth2 error response with cache-control headers per RFC 6749 §5.1. Takes an `error` code string, an `error-description` string, and an optional `:status` (defaults to 400). Returns a Ring response map with JSON body and `Cache-Control: no-store` / `Pragma: no-cache` headers.
(token-success-response token-map)Wraps a token response map as a Ring response with cache-control headers per RFC 6749 §5.1.
Takes a token-map (e.g. the result of handle-token-request) and returns
a Ring response with status 200, JSON body, and Cache-Control: no-store /
Pragma: no-cache headers.
Wraps a token response map as a Ring response with cache-control headers per RFC 6749 §5.1. Takes a `token-map` (e.g. the result of [[handle-token-request]]) and returns a Ring response with status 200, JSON body, and `Cache-Control: no-store` / `Pragma: no-cache` headers.
Malli schema for token request parameters.
Malli schema for token request parameters.
cljdoc builds & hosts documentation for Clojure/Script libraries
| Ctrl+k | Jump to recent docs |
| ← | Move to previous article |
| → | Move to next article |
| Ctrl+/ | Jump to the search field |