Hey, so I got this kind of figured out. I'll post my results here, in the
hope that it helps someone; and for future reference.
Using *friend*, the library seems to assume that you will be using it for *
authentication* and *authorization*. I just need it for the
*authorization*bits, and had to dig into its internal data
assumptions. Please correct me
if I'm wrong in any of this.
I currently, use the raw f*riend/authorized?* function. It assumes you have
a user map that has these elements:
{
:current *::i-assume-inserted-by-friends-authentication*
:authentications {
*::**i-assume-**inserted-by-friends-authentication* { :roles #{ ::admin
::user } }
}
:uname ...
:etc ...
}
So now, if I call *(friend/authorized? ∈{ ::user } my-user-map)*, it will
yank out the :current :authentications, and loop on something like below.
>From this, you should get the result (::user) .
(for [granted '(::user ::admin)
required '(::user)
:when (isa? granted required)
]
granted
)
So the moral of the story seems to be: If you don't use friend's
authorization, when creating a new user, include a structure like below.
And I assume the :current entry is inserted on login. Then you can test if
a user is authorized, by passing in a set with one of those roles in
"thing".
{
:current ::thing
:authentications {
::thing { :roles #{ ::admin ::user } }
}
}
HTH
Tim
On Wed, Feb 13, 2013 at 6:10 PM, Timothy Washington <twash...@gmail.com>wrote:
> Hi there,
>
> I have a webapp that's using Google's Gitkit
> v1<https://developers.google.com/identity-toolkit/>implementation of an
> AccountChooser <http://accountchooser.com>.
>
> The pattern is that the Gitkit tool provides i) a button, then ii)
> functional completion of the authentication handshake between the user and
> their Identity Provider (IDP). From there, my existing code iii) implements
> a callbackHandler that takes the IDP response and iv) verifies it with
> another Google service. This is all to say that the user will be
> authenticated before they really begin to use the application proper.
>
> So now I take step iv's verify response and v) adds the user if nil and
> iv) puts that user has into a ring (w/ lib-noir) stateful-session
>
> Friend seems to assume that it will handle the authentication, as well as
> authorization. My question is, how can I use Friend to access that current
> user hash after it's been put in the ring/lib-noir stateful session? If if
> that's a no-no, where, in the previous workflow, can I use Friend to
> intercept Gitkit's ( or an accountchooser's ) callback function? Hope this
> was all clear. Any insights appreciated.
>
>
> Thanks in advance
>
> Tim Washington
> Interruptsoftware.ca
>
>
--
--
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient with your
first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
---
You received this message because you are subscribed to the Google Groups
"Clojure" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to clojure+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
