Skip to content

Re-implement cookie auth#248

Open
grav wants to merge 1 commit intojuxt:masterfrom
grav:master
Open

Re-implement cookie auth#248
grav wants to merge 1 commit intojuxt:masterfrom
grav:master

Conversation

@grav
Copy link
Copy Markdown
Contributor

@grav grav commented Nov 16, 2018

The docs say to create a resource with something like

{:access-control
            {:scheme        :cookie
             :cookie        "my-cookie-name"
             :verify (fn [cookie])}}

but that fails schema validation. Also, cookie validation is currently commented out.

This method re-implements cookie auth by looking for the cookie name in the "default" realm under :authorization -> :cookie.

Usage example:

{:access-control
                          {:scheme :cookie
                           :verify (fn [cookie]
                                     {:roles (when (= cookie "karen_wolf")
                                               #{:user})})
                           :authorization {:methods {:get :user}
                                           :cookie "brand"}}
                          :methods {:get {:produces #{"text/plain"}
                                          :response (fn [_ctx]
                                                      "I love cookies!")}}}

It does not support other realms apart from default, and it uses destructuring maybe a bit excessively ;-)

@grav
Re-implement cookie auth
55c06d1 
Re-implement cookie auth by looking for the cookie name in the "default" realm under the `:cookie` key
@boxxxie
Copy link
Copy Markdown
Contributor

boxxxie commented Sep 9, 2019

is this part of yada now? (i was able to use cookies with verify without issue)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@grav @boxxxie