Liking cljdoc? Tell your friends :D

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

0.1.0 - 2026-04-13

Added

  • Strategy-based authentication: wrap-authenticate middleware tries strategies in order, first {:authenticated data} wins
  • Bearer token strategy: Extracts Authorization: Bearer header, hashes token (SHA-256), delegates verification to injected lookup function
  • Session strategy: Reads identity from Ring session for authenticated subsequent requests
  • OAuth2/OIDC login flow: wrap-oauth2 wraps ring-oauth2 with landing page interception and session creation
  • OIDC id_token decoding: decode-id-token utility for extracting JWT claims without signature verification
  • Magic link login flow: wrap-magic-link with HMAC-signed tokens, storage-backed single-use nonces, and constant-time comparison
  • Token utilities: generate-token (prefixed, URL-safe), hash-token (SHA-256), token-active? (expiry + revocation check)
  • SensitiveToken record: Custom print-method/print-dup/toString to prevent secret leakage in REPL and logs
  • Session helpers: POST-only logout-handler, session-timeout-handler with redirect hint
  • Role-based authorization: has-role? predicate on identity data
  • Config validation: Malli schemas for all middleware configs with validate-config for startup validation
  • Integration tests: Full flow tests for OAuth2+bearer, OAuth2-only, bearer-only, and magic-link scenarios

Can you improve this documentation?Edit on GitHub

cljdoc builds & hosts documentation for Clojure/Script libraries

Keyboard shortcuts
Ctrl+kJump to recent docs
Move to previous article
Move to next article
Ctrl+/Jump to the search field
Raise an issueBrowse cljdoc sourceChat on Slack
× close