(authenticated? request)
Inputs: [request :- RingRequest] Returns: s/Bool
Inputs: [request :- RingRequest] Returns: s/Bool
Authorize all request even with no Auth header.
Authorize all request even with no Auth header.
(check-jwt-expiry {:keys [jwt-max-lifetime-in-sec current-epoch
default-allowed-clock-skew-in-seconds]}
jwt)
Inputs: [{:keys [jwt-max-lifetime-in-sec current-epoch default-allowed-clock-skew-in-seconds]} :- Config jwt :- JWTClaims] Returns: (result-of s/Keyword)
Return a result with some error if the JWT do not respect time-related restrictions.
Inputs: [{:keys [jwt-max-lifetime-in-sec current-epoch default-allowed-clock-skew-in-seconds]} :- Config jwt :- JWTClaims] Returns: (result-of s/Keyword) Return a result with some error if the JWT do not respect time-related restrictions.
(decode token pubkey-fn pubkey-fn-arg-fn)
Inputs: [token :- s/Str pubkey-fn :- (s/=> s/Any) pubkey-fn-arg-fn :- (s/=> s/Any)] Returns: (result-of {:jwt JWTDecoded})
Given a JWT return an Auth hash-map
Inputs: [token :- s/Str pubkey-fn :- (s/=> s/Any) pubkey-fn-arg-fn :- (s/=> s/Any)] Returns: (result-of {:jwt JWTDecoded}) Given a JWT return an Auth hash-map
(forbid-no-jwt-header-strategy _handler)
Forbid all request with no Auth header
Forbid all request with no Auth header
(get-jwt req)
Inputs: [req] Returns: (result-of s/Str)
get the JWT from a ring request
Inputs: [req] Returns: (result-of s/Str) get the JWT from a ring request
(hr-duration t)
Inputs: [t :- s/Num] Returns: s/Str
Given a duration in ms, return a human readable string
Inputs: [t :- s/Num] Returns: s/Str Given a duration in ms, return a human readable string
(mk-wrap-authentication user-config)
Inputs: [user-config :- UserConfig]
A function building a middleware that will add some fields to the ring request:
To build the middleware the configuration is a map with the following fields:
pubkey-fn
Inputs: [user-config :- UserConfig] A function building a middleware that will add some fields to the ring request: - :jwt that will contain the jwt claims - :identity that will contain an object derived from the JWT claims - :jwt-error if something went wrong To build the middleware the configuration is a map with the following fields: - pubkey-path ; should contain a path to the public key to be used to verify JWT signature - pubkey-fn ; should contain a function that once called will return the public key - pubkey-fn-arg-fn ; should contain a function that will be called to modify the argument (the raw JWT) of `pubkey-fn` - is-revoked-fn ; should be a function that takes a decoded jwt and return a non nil value if the jwt is revoked - jwt-check-fn ; should be a function taking a raw JWT string, and a decoded JWT and returns a list of errors or nil if no error is found. - jwt-max-lifetime-in-sec ; maximal lifetime of a JWT in seconds (takes priority over :exp) - post-jwt-format-fn ; a function taking a JWT and returning a data structure representing the identity of a user
(mk-wrap-authorization user-config)
Inputs: [user-config :- UserConfig]
A function building a middleware taking care of the authorization logic.
It must be used in conjunction with mk-wrap-authentication
.
The configuration is map containing two handlers.
Inputs: [user-config :- UserConfig] A function building a middleware taking care of the authorization logic. It must be used in conjunction with `mk-wrap-authentication`. The configuration is map containing two handlers. - allow-unauthenticated-access? => set it to true to not block the request when no JWT is provided - error-handler => a function taking a JWT error (see Result) and returning a ring response. This function should generally just return a 401 (unauthorized).
we don't need to be more precise that saying this is an hash-map. The RingRequest schema is used as a documentation helper.
we don't need to be more precise that saying this is an hash-map. The RingRequest schema is used as a documentation helper.
(validate-jwt {:keys [jwt-check-fn] :as cfg} raw-jwt jwt)
Inputs: [{:keys [jwt-check-fn], :as cfg} :- Config raw-jwt :- s/Str jwt :- JWTClaims] Returns: (result-of s/Keyword)
Run both expiration and user checks, return a vec of errors or nothing
Inputs: [{:keys [jwt-check-fn], :as cfg} :- Config raw-jwt :- s/Str jwt :- JWTClaims] Returns: (result-of s/Keyword) Run both expiration and user checks, return a vec of errors or nothing
(wrap-jwt-auth-fn conf)
wrap a ring handler with JWT check both authentication and authorization mixed
wrap a ring handler with JWT check both authentication and authorization mixed
(wrap-jwt-auth-with-in-between-middleware-fn conf wrap-logs)
Wrap the JWT authentication, authorization and a middleware wrapper in the middle
The wrapper will have access to both:
This is a good place to put a log middlware that will log all requests
Wrap the JWT authentication, authorization and a middleware wrapper in the middle The wrapper will have access to both: - the request with JWT details added by the authentication layer - the response status returned by the authorization layer. This is a good place to put a log middlware that will log all requests
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close