Chas,
Thanks for the great library and appreciate your taking the time to answer !
1) I have included the key/val - :allow-anon? false - in the
friend/authenticate options map, but I am still able to access all my urls
without any redirection.
2) I have also set the :openid-url "/openid". I am assuming friend creates
a compujure route for this internally. However when I post to the '/openid'
url I get a 404 error.
Below is my updated code -
(ns faiz.handler
(:use compojure.core)
(:require [compojure.handler :as handler]
[compojure.route :as route]
[ring.util.response :as resp]
[me.shenfeng.mustache :as mustache]
[cemerick.friend :as friend]
(cemerick.friend [workflows :as workflows]
[credentials :as creds]
[openid :as openid])))
(mustache/deftemplate index (slurp "public/index-async.html"))
(def index-data {:title "Invoize." :brand "Faiz" :links [{:url "#/students"
:text "Students"} {:url "#/thaalis" :text "Thaalis"}]})
(defroutes app-routes
(GET "/" [] (resp/redirect "/landing"))
(GET "/landing" [] (resp/file-response "landing.html" {:root "public"}))
(GET "/index" [] (index index-data))
(route/files "/" {:root "public"})
(route/not-found "Not Found"))
(def mock-app
(-> app-routes
(friend/authenticate
{:allow-anon? false
:login-uri? "/landing"
:workflows [(openid/workflow :openid-uri "/openid" :realm
"http://invoize.com";)]})))
(def app
(handler/site app-routes))
Thanks,
Murtaza
On Wednesday, December 19, 2012 3:37:27 PM UTC+5:30, Chas Emerick wrote:
>
> Murtaza,
>
> First, you need to either
>
> (a) :allow-anon? false in the configuration map you provide to
> friend/authenticate — it is true by default, or
> (b) Use an authorization guard (which can include friend/authenticated,
> which reuses the authorization mechanism to ensure that only authenticated
> users' requests can cause the enclosed code to be evaluated)
>
> Either option will redirect to whatever you have configured as :login-uri
> (default "/login").
>
> Also, openid-uri is not where the provider's URI goes; that's what
> configures the URI that the OpenId workflow is bound to e.g. for receiving
> the redirect from the provider after the user has authenticated with them.
> So, you'd want :openid-uri to be something like "/openid".
>
> It is generally the case that the OpenId workflow is initiated by the user
> by clicking on one of a couple of different buttons, or specifying their
> OpenId URL manually. This is what you would put on the /login page. You
> can see different takes on this this at http://www.clojureatlas.com/loginand
> http://stackoverflow.com/users/login.
>
> I suppose you *could* start the OpenId workflow automatically, but that
> might be a jarring experience for your users: because you can't control the
> presentation / branding of the OpenId provider's authentication flow,
> unauthenticated users may get confused, or think they've wandered into an
> attempt to obtain their e.g. Google credentials. However, I can see use
> cases for this — maybe when the users know a particular site always uses
> credentials from a particular site, or for internal apps where an OpenId
> SSO is ubiquitous and expected.
>
> FWIW, I'll add an example for that option (as well as the more common
> form-initiated style) to the set of example applications I'm slowly
> building for Friend:
>
> https://friend-demo.herokuapp.com/
>
> I haven't publicly announced that app/effort yet — mostly because I want
> to get a certain minimum number of example apps spiked out with non-hideous
> presentation before blowing the trumpets.
>
> Anyway, I hope the content above is helpful. Let me know if you have any
> other questions...
>
> Cheers,
>
> - Chas
>
> On Dec 19, 2012, at 2:59 AM, Murtaza Husain wrote:
>
> Hi,
>
> I am trying to setup my authentication using cemerick/friend. I would like
> to authenticate using openid with gmail.
>
> Below is the code that I have -
>
> (ns faiz.handler
> (:use compojure.core)
> (:require [compojure.handler :as handler]
> [compojure.route :as route]
> [ring.util.response :as resp]
> [me.shenfeng.mustache :as mustache]
> [cemerick.friend :as friend]
> (cemerick.friend [workflows :as workflows]
> [credentials :as creds]
> [openid :as openid])))
>
> (mustache/deftemplate index (slurp "public/index-async.html"))
>
> (def index-data {:title "Invoize." :brand "Faiz" :links [{:url
> "#/students" :text "Students"} {:url "#/thaalis" :text "Thaalis"}]})
>
>
>
>
> (defroutes app-routes
> (GET "/" [] (resp/redirect "/landing"))
> (GET "/landing" [] (resp/file-response "landing.html" {:root "public"}))
> (GET "/index" [] (index index-data))
> (route/files "/" {:root "public"})
> (route/not-found "Not Found"))
>
> (def mock-app
> (-> app-routes
> (friend/authenticate
> {:workflows [(openid/workflow :openid-uri "
> https://www.google.com/accounts/o8/id"; :realm "http://invoize.com";)]})))
>
> (def app
> (handler/site app-routes))
>
> My expectation is that when I try to access the "/index" or "/landing"
> url, it should not allow me as I am not authenticated and redirect to the
> openid-url,however this does not happen. How do I achieve it ?
>
> Thanks,
> Murtaza
>
>
> --
> You received this message because you are subscribed to the Google
> Groups "Clojure" group.
> To post to this group, send email to clo...@googlegroups.com <javascript:>
> Note that posts from new members are moderated - please be patient with
> your first post.
> To unsubscribe from this group, send email to
> clojure+u...@googlegroups.com <javascript:>
> For more options, visit this group at
> http://groups.google.com/group/clojure?hl=en
>
>
>
--
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient with your
first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
