ring-jwt-middleware.core
authenticated?clj
(authenticated? request)Inputs: [request :- RingRequest] Returns: s/Bool
Inputs: [request :- RingRequest] Returns: s/Bool
authorize-no-jwt-header-strategyclj
Authorize all request even with no Auth header.
Authorize all request even with no Auth header.
check-jwt-expiryclj
(check-jwt-expiry {:keys [jwt-max-lifetime-in-sec current-epoch]} jwt)Inputs: [{:keys [jwt-max-lifetime-in-sec current-epoch]} :- Config jwt :- JWTClaims] Returns: (result-of s/Keyword)
Return a result with some error if the JWT do not respect time-related restrictions.
Inputs: [{:keys [jwt-max-lifetime-in-sec current-epoch]} :- Config jwt :- JWTClaims]
Returns: (result-of s/Keyword)
Return a result with some error if the JWT do not respect time-related restrictions.decodeclj
(decode token pubkey-fn)Inputs: [token :- s/Str pubkey-fn :- (s/=> s/Any)] Returns: (result-of {:jwt JWTClaims})
Given a JWT return an Auth hash-map
Inputs: [token :- s/Str pubkey-fn :- (s/=> s/Any)]
Returns: (result-of {:jwt JWTClaims})
Given a JWT return an Auth hash-mapforbid-no-jwt-header-strategyclj
(forbid-no-jwt-header-strategy _handler)Forbid all request with no Auth header
Forbid all request with no Auth header
get-jwtclj
(get-jwt req)Inputs: [req] Returns: (result-of s/Str)
get the JWT from a ring request
Inputs: [req] Returns: (result-of s/Str) get the JWT from a ring request
hr-durationclj
(hr-duration t)Inputs: [t :- s/Num] Returns: s/Str
Given a duration in ms, return a human readable string
Inputs: [t :- s/Num] Returns: s/Str Given a duration in ms, return a human readable string
mk-wrap-authenticationclj
(mk-wrap-authentication user-config)Inputs: [user-config :- UserConfig]
A function building a middleware that will add some fields to the ring request:
- :jwt that will contain the jwt claims
- :identity that will contain an object derived from the JWT claims
- :jwt-error if something went wrong
To build the middleware the configuration is a map with the following fields:
- pubkey-path ; should contain a path to the public key to be used to verify JWT signature
- pubkey-fn ; should contain a function that once called will return the public key
- is-revoked-fn ; should be a function that takes a decoded jwt and return true if the jwt is revoked
- jwt-check-fn ; should be a function taking a raw JWT string, and a decoded JWT and returns a list of errors or nil if no error is found.
- jwt-max-lifetime-in-sec ; maximal lifetime of a JWT in seconds (takes priority over :exp)
- post-jwt-format-fn ; a function taking a JWT and returning a data structure representing the identity of a user
Inputs: [user-config :- UserConfig] A function building a middleware that will add some fields to the ring request: - :jwt that will contain the jwt claims - :identity that will contain an object derived from the JWT claims - :jwt-error if something went wrong To build the middleware the configuration is a map with the following fields: - pubkey-path ; should contain a path to the public key to be used to verify JWT signature - pubkey-fn ; should contain a function that once called will return the public key - is-revoked-fn ; should be a function that takes a decoded jwt and return true if the jwt is revoked - jwt-check-fn ; should be a function taking a raw JWT string, and a decoded JWT and returns a list of errors or nil if no error is found. - jwt-max-lifetime-in-sec ; maximal lifetime of a JWT in seconds (takes priority over :exp) - post-jwt-format-fn ; a function taking a JWT and returning a data structure representing the identity of a user
mk-wrap-authorizationclj
(mk-wrap-authorization user-config)Inputs: [user-config :- UserConfig]
A function building a middleware taking care of the authorization logic.
It must be used in conjunction with mk-wrap-authentication.
The configuration is map containing two handlers.
- allow-unauthenticated-access? => set it to true to not block the request when no JWT is provided
- error-handler => a function taking a JWT error (see Result) and returning a ring response. This function should generally just return a 401 (unauthorized).
Inputs: [user-config :- UserConfig]
A function building a middleware taking care of the authorization logic.
It must be used in conjunction with `mk-wrap-authentication`.
The configuration is map containing two handlers.
- allow-unauthenticated-access? => set it to true to not block the request when no JWT is provided
- error-handler => a function taking a JWT error (see Result) and returning a ring response.
This function should generally just return a 401 (unauthorized).RingRequestclj
we don't need to be more precise that saying this is an hash-map. The RingRequest schema is used as a documentation helper.
we don't need to be more precise that saying this is an hash-map. The RingRequest schema is used as a documentation helper.
validate-jwtclj
(validate-jwt {:keys [jwt-check-fn] :as cfg} raw-jwt jwt)Inputs: [{:keys [jwt-check-fn], :as cfg} :- Config raw-jwt :- s/Str jwt :- JWTClaims] Returns: (result-of s/Keyword)
Run both expiration and user checks, return a vec of errors or nothing
Inputs: [{:keys [jwt-check-fn], :as cfg} :- Config raw-jwt :- s/Str jwt :- JWTClaims]
Returns: (result-of s/Keyword)
Run both expiration and user checks,
return a vec of errors or nothingwrap-jwt-auth-fnclj
(wrap-jwt-auth-fn conf)wrap a ring handler with JWT check both authentication and authorization mixed
wrap a ring handler with JWT check both authentication and authorization mixed
wrap-jwt-auth-with-in-between-middleware-fnclj
(wrap-jwt-auth-with-in-between-middleware-fn conf wrap-logs)Wrap the JWT authentication, authorization and a middleware wrapper in the middle
The wrapper will have access to both:
- the request with JWT details added by the authentication layer
- the response status returned by the authorization layer.
This is a good place to put a log middlware that will log all requests
Wrap the JWT authentication, authorization and a middleware wrapper in the middle The wrapper will have access to both: - the request with JWT details added by the authentication layer - the response status returned by the authorization layer. This is a good place to put a log middlware that will log all requests
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close