Authorize all request even with no Auth header.
Authorize all request even with no Auth header.
(check-jwt-expiry jwt jwt-max-lifetime-in-sec)
Return a string if JWT expiration check fails, nil otherwise
Return a string if JWT expiration check fails, nil otherwise
(decode token pubkey-fn log-fn)
Given a JWT return an Auth hash-map
Given a JWT return an Auth hash-map
(default-error-handler error-msg infos)
Return an unauthorized
HTTP response
and log the error along debug infos
Return an `unauthorized` HTTP response and log the error along debug infos
(forbid-no-jwt-header-strategy handler)
Forbid all request with no Auth header
Forbid all request with no Auth header
(get-jwt req)
get the JWT from a ring request
get the JWT from a ring request
(hr-duration t)
Given a duration in ms, return a human readable string
Given a duration in ms, return a human readable string
(jwt->oauth-ids prefix jwt)
can be used as post-jwt-format-fn
This is an example function that given a JWT whose claims looks like:
It is a generic format about what an access-token should provide:
mainly transform a list of <prefix>/foo/bar/baz value into a deep nested map. For example:
(sut/jwt->oauth-ids "http://example.com/claims" {:sub "user-id" "http://example.com/claims/scopes" ["scope1" "scope2"] "http://example.com/claims/user/id" "user-id" "http://example.com/claims/user/name" "John Doe" "http://example.com/claims/user/email" "john.doe@dev.null" "http://example.com/claims/user/idp/id" "iroh" "http://example.com/claims/user/idp/name" "Visibility" "http://example.com/claims/org/id" "org-id" "http://example.com/claims/org/name" "ACME Inc." "http://example.com/claims/oauth/client/id" "client-id" "http://example.com/claims/oauth/kind" "code"})
=> {:user {:idp {:name "Visibility" :id "iroh"}, :name "John Doe", :email "john.doe@dev.null", :id "user-id"} :oauth {:kind "code" :client {:id "client-id"}}, :org {:name "ACME Inc." :id "org-id"}, :scopes #{"scope1" "scope2"}}
can be used as post-jwt-format-fn This is an example function that given a JWT whose claims looks like: - :sub - "<prefix>/scopes" - "<prefix>/org/id" - "<prefix>/oauth/client/id" It is a generic format about what an access-token should provide: - user-id, client-id, scopes - org-id mainly transform a list of <prefix>/foo/bar/baz value into a deep nested map. For example: (sut/jwt->oauth-ids "http://example.com/claims" {:sub "user-id" "http://example.com/claims/scopes" ["scope1" "scope2"] "http://example.com/claims/user/id" "user-id" "http://example.com/claims/user/name" "John Doe" "http://example.com/claims/user/email" "john.doe@dev.null" "http://example.com/claims/user/idp/id" "iroh" "http://example.com/claims/user/idp/name" "Visibility" "http://example.com/claims/org/id" "org-id" "http://example.com/claims/org/name" "ACME Inc." "http://example.com/claims/oauth/client/id" "client-id" "http://example.com/claims/oauth/kind" "code"}) => {:user {:idp {:name "Visibility" :id "iroh"}, :name "John Doe", :email "john.doe@dev.null", :id "user-id"} :oauth {:kind "code" :client {:id "client-id"}}, :org {:name "ACME Inc." :id "org-id"}, :scopes #{"scope1" "scope2"}}
(jwt->user-id jwt)
can be used as post-jwt-format-fn
can be used as post-jwt-format-fn
(jwt-expiry-ms jwt-created jwt-max-lifetime-in-sec)
Given a JWT and a lifetime, calculate when it expired
Given a JWT and a lifetime, calculate when it expired
(validate-jwt jwt jwt-max-lifetime-in-sec log-fn)
(validate-jwt jwt jwt-max-lifetime-in-sec jwt-check-fn log-fn)
Run both expiration and user checks, return a vec of errors or nothing
Run both expiration and user checks, return a vec of errors or nothing
(wrap-jwt-auth-fn {:keys [pubkey-path pubkey-fn is-revoked-fn jwt-check-fn
jwt-max-lifetime-in-sec post-jwt-format-fn
no-jwt-handler error-handler structured-log-fn]
:or {jwt-max-lifetime-in-sec default-jwt-lifetime-in-sec
is-revoked-fn no-revocation-strategy
post-jwt-format-fn jwt->user-id
no-jwt-handler forbid-no-jwt-header-strategy
structured-log-fn default-structured-log}})
wrap a ring handler with JWT check
wrap a ring handler with JWT check
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close