(access-token->client-id access-token
{:keys [server-id public-key
access-token-ttl-seconds]})Validate access-token and return client from claims.
Throws exception if access token is invalid.
Validate `access-token` and return client from claims. Throws exception if access token is invalid.
(mk-access-token {:keys [client-id server-id private-key
access-token-ttl-seconds]})Create a signed access token.
The token is signed with private-key and will expire in
ttl-seconds.
Warning: the access token is not encrypted; all data in claims is
directly readable from the access token. Do not store private data
in claims.
Create a signed access token. The token is signed with `private-key` and will expire in `ttl-seconds`. Warning: the access token is not encrypted; all data in `claims` is directly readable from the access token. Do not store private data in `claims`.
(wrap-access-token f
{:keys [invalid-token-response]
:or {invalid-token-response {:status status/unauthorized
:body "Invalid access token"}}
:as opts})Middleware to set client-id from access-token.
Fetches access token as bearer token from authorization header.
Sets :client-id on request if a valid access token is passed. If
no bearer token is passed, passes request as is.
If access token is invalid, return "401 Unauthorized" response,
configurable in opts as invalid-token-response.
Middleware to set client-id from access-token. Fetches access token as bearer token from authorization header. Sets `:client-id` on request if a valid access token is passed. If no bearer token is passed, passes request as is. If access token is invalid, return "401 Unauthorized" response, configurable in `opts` as `invalid-token-response`.
cljdoc builds & hosts documentation for Clojure/Script libraries
| Ctrl+k | Jump to recent docs |
| ← | Move to previous article |
| → | Move to next article |
| Ctrl+/ | Jump to the search field |