Friend with JWT
77 views
Skip to first unread message
Jonathon McKitrick
Apr 20, 2015, 4:02:53 PM4/20/15
to cloju...@googlegroups.com
I have a SPA with a simple form-based login. After being authenticated, the client requests a JWT token from a Friend-protected route. That token is then included in all subsequent web requests for the app. A custom workflow is used to authenticate XHTTP requests which verifies existence of the token.
I'm having issues managing the connection between the form-based login and the custom JWT workflow. I've traced one issue down to when the web page has been authorized by Friend because the user has logged in, but for some reason the JWT authentication is bouncing to an html login page. Obviously, this does not work for a JSON web request.
Here's the JWT workflow. I can provide any other code on request:
(defn workflow-jwt-signed
[& {:keys [credential-fn] :as jwt-config}]
(fn [{{:strs [authorization]} :headers :as request}]
(when (and authorization (re-matches #"\s*Bearer\s+(.+)" authorization))
(println "Found auth" authorization)
(if-let [claims (try (-> (re-matches #"\s*Bearer\s+(.+)" authorization)
second
pts/get-jwt-token-from-string
(get-in [:claims]))
(catch Exception e
(println
"Invalid Authorization header for JWT auth: "
authorization)
#_(.printStackTrace e)))]
(if-let [user-record ((cemerick.friend.util/gets
:credential-fn jwt-config
(::friend/auth-config request))
^{::friend/workflow :jwt}
claims)]
(workflows/make-auth user-record
{::friend/redirect-on-auth? false
::friend/ensure-session true})
(http-jwt-deny request))
{:status 400
:body "Malformed Authorization header for JWT authentication."}))))
thanks in advance for any help
I'm having issues managing the connection between the form-based login and the custom JWT workflow. I've traced one issue down to when the web page has been authorized by Friend because the user has logged in, but for some reason the JWT authentication is bouncing to an html login page. Obviously, this does not work for a JSON web request.
Here's the JWT workflow. I can provide any other code on request:
(defn workflow-jwt-signed
[& {:keys [credential-fn] :as jwt-config}]
(fn [{{:strs [authorization]} :headers :as request}]
(when (and authorization (re-matches #"\s*Bearer\s+(.+)" authorization))
(println "Found auth" authorization)
(if-let [claims (try (-> (re-matches #"\s*Bearer\s+(.+)" authorization)
second
pts/get-jwt-token-from-string
(get-in [:claims]))
(catch Exception e
(println
"Invalid Authorization header for JWT auth: "
authorization)
#_(.printStackTrace e)))]
(if-let [user-record ((cemerick.friend.util/gets
:credential-fn jwt-config
(::friend/auth-config request))
^{::friend/workflow :jwt}
claims)]
(workflows/make-auth user-record
{::friend/redirect-on-auth? false
::friend/ensure-session true})
(http-jwt-deny request))
{:status 400
:body "Malformed Authorization header for JWT authentication."}))))
thanks in advance for any help
Reply all
Reply to author
Forward
0 new messages