Hey, so I got this kind of figured out. I'll post my results here, in the
hope that it helps someone; and for future reference.

Using *friend*, the library seems to assume that you will be using it for *
authentication* and *authorization*. I just need it for the
*authorization*bits, and had to dig into its internal data
assumptions. Please correct me
if I'm wrong in any of this.

I currently, use the raw f*riend/authorized?* function. It assumes you have
a user map that has these elements:

{
  :current *::i-assume-inserted-by-friends-authentication*
  :authentications {
    *::**i-assume-**inserted-by-friends-authentication* { :roles #{ ::admin
::user } }
  }

  :uname ...
  :etc ...
}


So now, if I call *(friend/authorized? ∈{ ::user } my-user-map)*, it will
yank out the :current :authentications, and loop on something like below.
>From this, you should get the result (::user) .

(for  [granted '(::user ::admin)
        required '(::user)
         :when (isa? granted required)
       ]
   granted
)



So the moral of the story seems to be: If you don't use friend's
authorization, when creating a new user, include a structure like below.
And I assume the :current entry is inserted on login. Then you can test if
a user is authorized, by passing in a set with one of those roles in
"thing".

{
  :current ::thing
  :authentications {
    ::thing { :roles #{ ::admin ::user } }
  }
}



HTH
Tim


On Wed, Feb 13, 2013 at 6:10 PM, Timothy Washington <twash...@gmail.com>wrote:

> Hi there,
>
> I have a webapp that's using Google's Gitkit 
> v1<https://developers.google.com/identity-toolkit/>implementation of an
> AccountChooser <http://accountchooser.com>.
>
> The pattern is that the Gitkit tool provides i) a button, then ii)
> functional completion of the authentication handshake between the user and
> their Identity Provider (IDP). From there, my existing code iii) implements
> a callbackHandler that takes the IDP response and iv) verifies it with
> another Google service. This is all to say that the user will be
> authenticated before they really begin to use the application proper.
>
> So now I take step iv's verify response and v) adds the user if nil and
> iv) puts that user has into a ring (w/ lib-noir) stateful-session
>
> Friend seems to assume that it will handle the authentication, as well as
> authorization. My question is, how can I use Friend to access that current
> user hash after it's been put in the ring/lib-noir stateful session? If if
> that's a no-no, where, in the previous workflow, can I use Friend to
> intercept Gitkit's ( or an accountchooser's ) callback function? Hope this
> was all clear. Any insights appreciated.
>
>
> Thanks in advance
>
> Tim Washington
> Interruptsoftware.ca
>
>

-- 
-- 
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient with your 
first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"Clojure" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to clojure+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


Reply via email to