Hey, so I got this kind of figured out. I'll post my results here, in the hope that it helps someone; and for future reference.
Using *friend*, the library seems to assume that you will be using it for * authentication* and *authorization*. I just need it for the *authorization*bits, and had to dig into its internal data assumptions. Please correct me if I'm wrong in any of this. I currently, use the raw f*riend/authorized?* function. It assumes you have a user map that has these elements: { :current *::i-assume-inserted-by-friends-authentication* :authentications { *::**i-assume-**inserted-by-friends-authentication* { :roles #{ ::admin ::user } } } :uname ... :etc ... } So now, if I call *(friend/authorized? ∈{ ::user } my-user-map)*, it will yank out the :current :authentications, and loop on something like below. >From this, you should get the result (::user) . (for [granted '(::user ::admin) required '(::user) :when (isa? granted required) ] granted ) So the moral of the story seems to be: If you don't use friend's authorization, when creating a new user, include a structure like below. And I assume the :current entry is inserted on login. Then you can test if a user is authorized, by passing in a set with one of those roles in "thing". { :current ::thing :authentications { ::thing { :roles #{ ::admin ::user } } } } HTH Tim On Wed, Feb 13, 2013 at 6:10 PM, Timothy Washington <twash...@gmail.com>wrote: > Hi there, > > I have a webapp that's using Google's Gitkit > v1<https://developers.google.com/identity-toolkit/>implementation of an > AccountChooser <http://accountchooser.com>. > > The pattern is that the Gitkit tool provides i) a button, then ii) > functional completion of the authentication handshake between the user and > their Identity Provider (IDP). From there, my existing code iii) implements > a callbackHandler that takes the IDP response and iv) verifies it with > another Google service. This is all to say that the user will be > authenticated before they really begin to use the application proper. > > So now I take step iv's verify response and v) adds the user if nil and > iv) puts that user has into a ring (w/ lib-noir) stateful-session > > Friend seems to assume that it will handle the authentication, as well as > authorization. My question is, how can I use Friend to access that current > user hash after it's been put in the ring/lib-noir stateful session? If if > that's a no-no, where, in the previous workflow, can I use Friend to > intercept Gitkit's ( or an accountchooser's ) callback function? Hope this > was all clear. Any insights appreciated. > > > Thanks in advance > > Tim Washington > Interruptsoftware.ca > > -- -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.