ring-jwt-middleware.core

Liking cljdoc? Tell your friends :D

Clojure only.

authorize-no-jwt-header-strategy
check-jwt-expiry
decode
default-error-handler
default-jwt-lifetime-in-sec
default-structured-log
forbid-no-jwt-header-strategy
gen-uuid
get-jwt
hr-duration
jwt->oauth-ids
jwt->user-id
jwt-expiry-ms
no-revocation-strategy
validate-jwt
wrap-jwt-auth-fn

authorize-no-jwt-header-strategy^clj

Authorize all request even with no Auth header.

Authorize all request even with no Auth header.

source raw docstring

check-jwt-expiry^clj

(check-jwt-expiry jwt jwt-max-lifetime-in-sec)

Return a string if JWT expiration check fails, nil otherwise

Return a string if JWT expiration check fails, nil otherwise

source raw docstring

decode^clj

(decode token pubkey-fn log-fn)

Given a JWT return an Auth hash-map

Given a JWT return an Auth hash-map

source raw docstring

default-error-handler^clj

(default-error-handler error-msg infos)

Return an unauthorized HTTP response and log the error along debug infos

Return an `unauthorized` HTTP response
and log the error along debug infos

source raw docstring

default-jwt-lifetime-in-sec^clj

source

default-structured-log^clj

(default-structured-log msg infos)

source

forbid-no-jwt-header-strategy^clj

(forbid-no-jwt-header-strategy handler)

Forbid all request with no Auth header

Forbid all request with no Auth header

source raw docstring

gen-uuid^clj

(gen-uuid)

source

get-jwt^clj

(get-jwt req)

get the JWT from a ring request

get the JWT from a ring request

source raw docstring

hr-duration^clj

(hr-duration t)

Given a duration in ms, return a human readable string

Given a duration in ms,
return a human readable string

source raw docstring

jwt->oauth-ids^clj

(jwt->oauth-ids prefix jwt)

can be used as post-jwt-format-fn

This is an example function that given a JWT whose claims looks like:

:sub
"<prefix>/scopes"
"<prefix>/org/id"
"<prefix>/oauth/client/id"

It is a generic format about what an access-token should provide:

user-id, client-id, scopes
org-id

mainly transform a list of <prefix>/foo/bar/baz value into a deep nested map. For example:

=> {:user {:idp {:name "Visibility" :id "iroh"}, :name "John Doe", :email "john.doe@dev.null", :id "user-id"} :oauth {:kind "code" :client {:id "client-id"}}, :org {:name "ACME Inc." :id "org-id"}, :scopes #{"scope1" "scope2"}}

can be used as post-jwt-format-fn

This is an example function that given a JWT whose claims looks like:

- :sub
- "<prefix>/scopes"
- "<prefix>/org/id"
- "<prefix>/oauth/client/id"

It is a generic format about what an access-token should provide:

- user-id, client-id, scopes
- org-id

mainly transform a list of <prefix>/foo/bar/baz value into a deep nested map.
For example:

(sut/jwt->oauth-ids
        "http://example.com/claims"
        {:sub "user-id"
         "http://example.com/claims/scopes" ["scope1" "scope2"]
         "http://example.com/claims/user/id" "user-id"
         "http://example.com/claims/user/name" "John Doe"
         "http://example.com/claims/user/email" "john.doe@dev.null"
         "http://example.com/claims/user/idp/id" "iroh"
         "http://example.com/claims/user/idp/name" "Visibility"
         "http://example.com/claims/org/id" "org-id"
         "http://example.com/claims/org/name" "ACME Inc."
         "http://example.com/claims/oauth/client/id" "client-id"
         "http://example.com/claims/oauth/kind" "code"})

=> {:user {:idp {:name "Visibility"
                 :id "iroh"},
           :name "John Doe",
           :email "john.doe@dev.null",
           :id "user-id"}
    :oauth {:kind "code"
            :client {:id "client-id"}},
    :org   {:name "ACME Inc."
            :id "org-id"},
    :scopes #{"scope1" "scope2"}}

source raw docstring

jwt->user-id^clj

(jwt->user-id jwt)

can be used as post-jwt-format-fn

can be used as post-jwt-format-fn

source raw docstring

jwt-expiry-ms^clj

(jwt-expiry-ms jwt-created jwt-max-lifetime-in-sec)

Given a JWT and a lifetime, calculate when it expired

Given a JWT and a lifetime,
calculate when it expired

source raw docstring

no-revocation-strategy^clj

source

validate-jwt^clj

(validate-jwt raw-jwt jwt jwt-max-lifetime-in-sec log-fn)

(validate-jwt raw-jwt jwt jwt-max-lifetime-in-sec jwt-check-fn log-fn)

Run both expiration and user checks, return a vec of errors or nothing

Run both expiration and user checks,
return a vec of errors or nothing

source raw docstring

wrap-jwt-auth-fn^clj

(wrap-jwt-auth-fn {:keys [pubkey-path pubkey-fn is-revoked-fn jwt-check-fn
                          jwt-max-lifetime-in-sec post-jwt-format-fn
                          no-jwt-handler error-handler structured-log-fn]
                   :or {jwt-max-lifetime-in-sec default-jwt-lifetime-in-sec
                        is-revoked-fn no-revocation-strategy
                        post-jwt-format-fn jwt->user-id
                        no-jwt-handler forbid-no-jwt-header-strategy
                        structured-log-fn default-structured-log}})

wrap a ring handler with JWT check

wrap a ring handler with JWT check

source raw docstring

cljdoc is a website building & hosting documentation for Clojure/Script libraries

Keyboard shortcuts Report a problem cljdoc on GitHub

× close