Hi, I'm new to Clojure and have little experience with api development. I'm looking for a way to implement REST api authentication. As far I understand, the best way to do this is using an authentication token. The goal is use this for mobile apps.
I would prefer to avoid sending the login data in each request, since this would mean I have to store the password in the app. This is unwanted. I have looked in the available options for authentication in Clojure, but no one seems to provide a complete method to do this. I started with Friend - thanks to help I got in this thread<https://groups.google.com/forum/#!topic/clojure/A4O0lWHtqVI> I was able to implement a service to login a user via JSON. I see the credentials function returns me an identity id - which so far I understand, is what the client would use to identify subsequent requests. I printed this identity, it looks like this: {:cemerick.friend/identity {:current user1, :authentications {user1 {:identity user1, :username user1}}}} I assume I can provide a custom function to generate a token instead and insert it in the headers of the response... Now I need to insert this in subsequent requests and check it using a new middleware? I came across this one<https://github.com/jstewart/ring-token-authentication> which would do this. Probably, since I'm using Friend, I could implement it as a workflow instead, which checks the headers, and if the token is correct passes control to the handler, otherwise returns an error (via JSON). This just looks very cumbersome to me and I wonder if I'm missing the "correct way" to do it, or isn't there a complete solution for REST authentication yet...? Also some things missing about my solution, like the TTL of this token, how I generate it, security aspects, etc... I would appreciate pointing me in the right direction, how this is typically done in Clojure, etc. Thanks in advance! -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
