Liking cljdoc? Tell your friends :D

ring-jwt-middleware.core


authorize-no-jwt-header-strategyclj

Authorize all request even with no Auth header.

Authorize all request even with no Auth header.
sourceraw docstring

check-jwt-expiryclj

(check-jwt-expiry jwt jwt-max-lifetime-in-sec)

Return a string if JWT expiration check fails, nil otherwise

Return a string if JWT expiration check fails, nil otherwise
sourceraw docstring

decodeclj

(decode token pubkey-fn log-fn)

Given a JWT return an Auth hash-map

Given a JWT return an Auth hash-map
sourceraw docstring

default-error-handlerclj

(default-error-handler error-msg infos)

Return an unauthorized HTTP response and log the error along debug infos

Return an `unauthorized` HTTP response
and log the error along debug infos
sourceraw docstring

default-jwt-lifetime-in-secclj

source

default-structured-logclj

(default-structured-log msg infos)
source

forbid-no-jwt-header-strategyclj

(forbid-no-jwt-header-strategy handler)

Forbid all request with no Auth header

Forbid all request with no Auth header
sourceraw docstring

gen-uuidclj

(gen-uuid)
source

get-jwtclj

(get-jwt req)

get the JWT from a ring request

get the JWT from a ring request
sourceraw docstring

hr-durationclj

(hr-duration t)

Given a duration in ms, return a human readable string

Given a duration in ms,
return a human readable string
sourceraw docstring

jwt->oauth-idsclj

(jwt->oauth-ids prefix jwt)

can be used as post-jwt-format-fn

This is an example function that given a JWT whose claims looks like:

  • :sub
  • "<prefix>/scopes"
  • "<prefix>/org/id"
  • "<prefix>/oauth/client/id"

It is a generic format about what an access-token should provide:

  • user-id, client-id, scopes
  • org-id

mainly transform a list of <prefix>/foo/bar/baz value into a deep nested map. For example:

(sut/jwt->oauth-ids "http://example.com/claims" {:sub "user-id" "http://example.com/claims/scopes" ["scope1" "scope2"] "http://example.com/claims/user/id" "user-id" "http://example.com/claims/user/name" "John Doe" "http://example.com/claims/user/email" "john.doe@dev.null" "http://example.com/claims/user/idp/id" "iroh" "http://example.com/claims/user/idp/name" "Visibility" "http://example.com/claims/org/id" "org-id" "http://example.com/claims/org/name" "ACME Inc." "http://example.com/claims/oauth/client/id" "client-id" "http://example.com/claims/oauth/kind" "code"})

=> {:user {:idp {:name "Visibility" :id "iroh"}, :name "John Doe", :email "john.doe@dev.null", :id "user-id"} :oauth {:kind "code" :client {:id "client-id"}}, :org {:name "ACME Inc." :id "org-id"}, :scopes #{"scope1" "scope2"}}

can be used as post-jwt-format-fn

This is an example function that given a JWT whose claims looks like:

- :sub
- "<prefix>/scopes"
- "<prefix>/org/id"
- "<prefix>/oauth/client/id"

It is a generic format about what an access-token should provide:

- user-id, client-id, scopes
- org-id

mainly transform a list of <prefix>/foo/bar/baz value into a deep nested map.
For example:

(sut/jwt->oauth-ids
        "http://example.com/claims"
        {:sub "user-id"
         "http://example.com/claims/scopes" ["scope1" "scope2"]
         "http://example.com/claims/user/id" "user-id"
         "http://example.com/claims/user/name" "John Doe"
         "http://example.com/claims/user/email" "john.doe@dev.null"
         "http://example.com/claims/user/idp/id" "iroh"
         "http://example.com/claims/user/idp/name" "Visibility"
         "http://example.com/claims/org/id" "org-id"
         "http://example.com/claims/org/name" "ACME Inc."
         "http://example.com/claims/oauth/client/id" "client-id"
         "http://example.com/claims/oauth/kind" "code"})

=> {:user {:idp {:name "Visibility"
                 :id "iroh"},
           :name "John Doe",
           :email "john.doe@dev.null",
           :id "user-id"}
    :oauth {:kind "code"
            :client {:id "client-id"}},
    :org   {:name "ACME Inc."
            :id "org-id"},
    :scopes #{"scope1" "scope2"}}
sourceraw docstring

jwt->user-idclj

(jwt->user-id jwt)

can be used as post-jwt-format-fn

can be used as post-jwt-format-fn
sourceraw docstring

jwt-expiry-msclj

(jwt-expiry-ms jwt-created jwt-max-lifetime-in-sec)

Given a JWT and a lifetime, calculate when it expired

Given a JWT and a lifetime,
calculate when it expired
sourceraw docstring

no-revocation-strategyclj

source

validate-jwtclj

(validate-jwt jwt jwt-max-lifetime-in-sec log-fn)
(validate-jwt jwt jwt-max-lifetime-in-sec jwt-check-fn log-fn)

Run both expiration and user checks, return a vec of errors or nothing

Run both expiration and user checks,
return a vec of errors or nothing
sourceraw docstring

wrap-jwt-auth-fnclj

(wrap-jwt-auth-fn {:keys [pubkey-path pubkey-fn is-revoked-fn jwt-check-fn
                          jwt-max-lifetime-in-sec post-jwt-format-fn
                          no-jwt-handler error-handler structured-log-fn]
                   :or {jwt-max-lifetime-in-sec default-jwt-lifetime-in-sec
                        is-revoked-fn no-revocation-strategy
                        post-jwt-format-fn jwt->user-id
                        no-jwt-handler forbid-no-jwt-header-strategy
                        structured-log-fn default-structured-log}})

wrap a ring handler with JWT check

wrap a ring handler with JWT check
sourceraw docstring

cljdoc is a website building & hosting documentation for Clojure/Script libraries

× close