weavejester/ring-oauth2 weavejester/ring-oauth2

  • Stars
    star
    134
  • Rank 262,410 (Top 6 %)
  • Language
    Clojure
  • Created almost 7 years ago
  • Updated 9 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
weavejester/ring-oauth2
github

weavejester

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

OAuth 2.0 client middleware for Ring

Ring-OAuth2

Build Status

Ring middleware that acts as a OAuth 2.0 client. This is used for authenticating and integrating with third party website, like Twitter, Facebook and GitHub.

Installation

To install, add the following to your project :dependencies:

[ring-oauth2 "0.2.0"]

Usage

The middleware function to use is ring.middleware.oauth2/wrap-oauth2. This takes a Ring handler, and a map of profiles as arguments. Each profile has a key to identify it, and a map of options that define how to authorize against a third-party service.

Here's an example that provides authentication with GitHub:

(require '[ring.middleware.oauth2 :refer [wrap-oauth2]])

(def handler
  (wrap-oauth2
   routes
   {:github
    {:authorize-uri    "https://github.com/login/oauth/authorize"
     :access-token-uri "https://github.com/login/oauth/access_token"
     :client-id        "abcabcabc"
     :client-secret    "xyzxyzxyzxyzxyz"
     :scopes           ["user:email"]
     :launch-uri       "/oauth2/github"
     :redirect-uri     "/oauth2/github/callback"
     :landing-uri      "/"}}))

The profile has a lot of options, and all have a necessary function. Let's go through them one by one.

The first two keys are the authorize and access token URIs:

  • :authorize-uri
  • :access-token-uri

These are URLs provided by the third-party website. If you look at the OAuth documentation for the site you're authenticating against, it should tell you which URLs to use.

Next is the client ID and secret:

  • :client-id
  • :client-secret

When you register your application with the third-party website, these two values should be provided to you. Note that these should not be kept in source control, especially the client secret!

Optionally you can define the scope or scopes of the access you want:

  • :scopes

These are used to ask the third-party website to provide access to certain information. In the previous example, we set the scopes to ["user:email"]; in other words, we want to be able to access the user's email address. Scopes are a vector of either strings or keywords, and are specific to the website you're authenticating against.

The next URIs are internal to your application:

  • :launch-uri
  • :redirect-uri
  • :landing-uri

The launch URI kicks off the authorization process. Your log-in link should point to this address, and it should be unique per profile.

The redirect URI provides the internal callback. It can be any relative URI as long as it is unique. It can also be an absolute URI like https://loadbalanced-url.com/oauth2/github/callback

The landing URI is where the middleware redirects the user when the authentication process is complete. This could just be back to the index page, or it could be to the user's account page. Or you can use the optional :redirect-handler key, which expects a Ring handler function. When :redirect-handler is configured, :landing-uri will be ignored.

  • :basic-auth?

This is an optional parameter, which defaults to false. If set to true, it includes the client-id and secret as a header Authorization: Basic base64(id:secret) as recommended by the specification.

Please note, you should enable cookies to be sent with cross-site requests, in order to make the callback request handling work correctly, eg:

(wrap-defaults handler (-> site-defaults (assoc-in [:session :cookie-attrs :same-site] :lax)))

Also, you must make sure that ring.middleware.params/wrap-params is enabled and runs before this middleware, as this library depends on the :query-params key to be present in the request.

Once the middleware is set up, navigating to the :launch-uri will kick off the authorization process. If it succeeds, then the user will be directed to the :landing-uri. Once the user is authenticated, a new key is added to every request:

  • :oauth2/access-tokens

This key contains a map that connects the profile keyword to it's corresponding access token. Using the earlier example of :github profile, the way you'd access the token would be as follows:

(-> request :oauth2/access-tokens :github)

The handler associated with the landing route can check for this token and complete authentication of the user.

Workflow diagram

The following image is a workflow diagram that describes the OAuth2 authorization process for Ring-OAuth2. It should give you an overview of how all the different URIs interact.

OAuth2 Workflow

Contributing

Please see CONTRIBUTING.md.

License

Copyright © 2021 James Reeves

Released under the MIT License.

More Repositories

1

compojure

A concise routing library for Ring/Clojure
Clojure
4,029
star
2

hiccup

Fast library for rendering HTML in Clojure
Clojure
2,571
star
3

integrant

Micro-framework for data-driven architecture
Clojure
1,195
star
4

cljfmt

A tool for formatting Clojure code
Clojure
1,080
star
5

environ

Library for managing environment variables in Clojure
Clojure
914
star
6

medley

A lightweight library of useful Clojure functions
Clojure
842
star
7

codox

Clojure documentation tool
Clojure
664
star
8

ragtime

Database-independent migration library
Clojure
603
star
9

lein-ring

Ring plugin for Leiningen
Clojure
500
star
10

hashp

A better "prn" for debugging
Clojure
433
star
11

eftest

Fast and pretty Clojure test runner
Clojure
420
star
12

clout

HTTP route-matching library for Clojure
Clojure
230
star
13

reagi

An FRP library for Clojure and ClojureScript
Clojure
230
star
14

ataraxy

A data-driven Ring routing and destructuring library
Clojure
207
star
15

crypto-password

Library for securely hashing passwords
Clojure
202
star
16

clj-aws-s3

S3 client library for Clojure
Clojure
198
star
17

reloaded.repl

REPL functions to support the reloaded workflow
Clojure
178
star
18

clojure-toolbox.com

Source to clojure-toolbox.com
CSS
176
star
19

clucy

Clojure interface to Lucene
Clojure
172
star
20

haslett

A lightweight WebSocket library for ClojureScript
Clojure
171
star
21

integrant-repl

Reloaded workflow functions for Integrant
Clojure
151
star
22

lein-beanstalk

Leiningen plugin for Amazon's Elastic Beanstalk service
Clojure
150
star
23

brutha

Simple ClojureScript interface to React
Clojure
139
star
24

progrock

A functional Clojure progress bar for the command line
Clojure
133
star
25

lein-auto

A Leiningen plugin that executes tasks when files are modifed
Clojure
132
star
26

ns-tracker

Library to keep track of changes to Clojure source files
Clojure
112
star
27

meta-merge

A standalone implementation of Leiningen's meta-merge function
Clojure
101
star
28

ring-mock

Library to create mock ring requests for unit tests
Clojure
86
star
29

ring-anti-forgery

Ring middleware to prevent CSRF attacks
Clojure
77
star
30

crypto-random

Clojure library for generating cryptographically secure random bytes and strings
Clojure
71
star
31

crouton

HTML parsing library for Clojure
Clojure
66
star
32

comb

Clojure templating library
Clojure
66
star
33

ittyon

Library to manage distributed state for games
Clojure
58
star
34

compojure-example

An example Compojure project
Clojure
57
star
35

hiccup-bootstrap

Twitter's bootstrap in Hiccup
Clojure
56
star
36

lein-generate

Leiningen plugin for generating source file templates
Clojure
54
star
37

ring-server

Clojure
51
star
38

valip

Validations library for Clojure 1.2
Clojure
51
star
39

euclidean

Fast, immutable math for 3D geometries in Clojure
Clojure
51
star
40

impi

ClojureScript library for using Pixi.js through immutable data
Clojure
50
star
41

rotary

DynamoDB API for Clojure
Clojure
47
star
42

flupot

ClojureScript functions for creating React elements
Clojure
45
star
43

re-rand

Clojure library to generate random strings from regular expressions
Clojure
43
star
44

ring-webjars

Ring middleware to serve assets from WebJars
Clojure
35
star
45

abrade

Clojure library for web scraping
Clojure
32
star
46

ring-jetty-component

A component for the standard Ring Jetty adapter
Clojure
32
star
47

intentions

Multimethods that combine rather than override inherited behavior
Clojure
31
star
48

tcp-server

Clojure TCP server library
Clojure
31
star
49

ring-refresh

A Clojure middleware library for Ring that automatically triggers a browser refresh
Clojure
30
star
50

compojure-template

Compojure project template for Leiningen
Clojure
27
star
51

suspendable

A Clojure library to add suspend and resume methods to Component
Clojure
27
star
52

ring-serve

Ring development web server
Clojure
25
star
53

decorate

Clojure macros for decorating functions
Clojure
24
star
54

fact

Unit testing library for Clojure (no longer in active dev)
Clojure
23
star
55

crypto-equality

A small Clojure library for securely comparing strings or byte arrays
Clojure
23
star
56

resauce

Clojure library for handling JVM resources
Clojure
23
star
57

dotfiles

My configuration files
Emacs Lisp
21
star
58

inquest

A library for non-invasive monitoring in Clojure
Clojure
20
star
59

evaljs

Evaluate Javascript code and libraries in Clojure
Clojure
20
star
60

fish-git

Git completions and functions for the Fish Shell
18
star
61

snowball-stemmer

Snowball Stemmer for Clojure
Java
17
star
62

hop

An experimental declarative build tool for Clojure
Clojure
16
star
63

build

Clojure
15
star
64

coercer

Library to convert Clojure data into different types
Clojure
14
star
65

whorl

Generate unique fingerprints for Clojure data structures
Clojure
14
star
66

flupot-pixi

A ClojureScript wrapper around react-pixi
Clojure
13
star
67

clojure-over-ajax

Ajax Clojure REPL based on why's Try Ruby
JavaScript
13
star
68

websocket-example

Small example Ring/Aleph project for demonstrating websockets
Clojure
12
star
69

ring-json-response

Ring responses in JSON
Clojure
11
star
70

duct-hikaricp-component

Clojure component for managing a HikariCP connection pool
Clojure
10
star
71

crumpets

Clojure library for dealing with color
Clojure
9
star
72

clojure-dbm

Clojure interface to key-value databases
Clojure
9
star
73

hanami

A Clojure utility library for Heroku web applications
Clojure
9
star
74

strowger

A ClojureScript library for managing DOM events
Clojure
9
star
75

crypto-keystore

Clojure library for dealing with Java keystores
Clojure
8
star
76

substream

Stream subclassing in Clojure
Clojure
7
star
77

clj-daemon

Clojure daemon to avoid JVM startup time
Clojure
7
star
78

ring-reload-modified

Ring middleware that automatically reloads modifed source files
Clojure
7
star
79

duct-ragtime-component

Clojure component for managing migrations with Ragtime
Clojure
5
star
80

ring-honeybadger

Ring middleware for sending errors to HoneyBadger
Clojure
4
star
81

imprimatur

Data visualization library for ClojureScript and React
Clojure
4
star
82

hassium

Another Clojure MongoDB library
Clojure
4
star
83

contributing

Contributor's Guide
4
star
84

lein-template

Clojure
4
star
85

delegance

A Clojure library for remote evaluation
Clojure
3
star
86

po

A command-line tool for organizing project-specific scripts
Go
3
star
87

lein-version-script

A Leiningen plugin to set the project version from a shell script
Clojure
3
star
88

capra

An extensible package manager for Clojure
Clojure
3
star
89

eclair

Clojure
3
star
90

wrepl

Web-based Clojure REPL
Clojure
2
star
91

pocketses

Personal Wiki template that uses Gollum
CSS
2
star
92

clj-less

LESS interpreter for Clojure (http://lesscss.org)
Clojure
2
star
93

dewdrop

Web UI framework
2
star
94

ubitcoin

Bitcoin GUI for Ubuntu
Python
2
star
95

clojure-sandbox

Miscellaneous Clojure libraries that needed a home
Clojure
2
star
96

capra-server

RESTful package server
Clojure
1
star
97

delegance-aws

Library to integrate Delegance with Amazon Web Services
Clojure
1
star
98

weavejester.github.com

JavaScript
1
star
99

dojo-poetry

Code for Clojure Dojo 2012-08-28
Clojure
1
star
100

databstract

1
star