Ok, I was confused, the solution for this is just to use a session - if the authentication is done using a cookie the server is basically stateless, which would comply to REST.
I implemented cookie store session following this tutorial: http://vijaykiran.com/2012/02/web-application-development-with-clojure-part-5/ woks well so far! Am Dienstag, 13. Mai 2014 14:18:32 UTC+2 schrieb Ivan Schuetz: > > Hi, > > I'm new to Clojure and have little experience with api development. I'm > looking for a way to implement REST api authentication. As far I > understand, the best way to do this is using an authentication token. The > goal is use this for mobile apps. > > I would prefer to avoid sending the login data in each request, since this > would mean I have to store the password in the app. This is unwanted. > > > I have looked in the available options for authentication in Clojure, but > no one seems to provide a complete method to do this. I started with Friend > - thanks to help I got in this > thread<https://groups.google.com/forum/#!topic/clojure/A4O0lWHtqVI> I > was able to implement a service to login a user via JSON. I see the > credentials function returns me an identity id - which so far I understand, > is what the client would use to identify subsequent requests. I printed > this identity, it looks like this: > > {:cemerick.friend/identity {:current user1, :authentications {user1 > {:identity user1, :username user1}}}} > > I assume I can provide a custom function to generate a token instead and > insert it in the headers of the response... > > Now I need to insert this in subsequent requests and check it using a new > middleware? I came across this > one<https://github.com/jstewart/ring-token-authentication> which > would do this. Probably, since I'm using Friend, I could implement it as a > workflow instead, which checks the headers, and if the token is correct > passes control to the handler, otherwise returns an error (via JSON). > > > This just looks very cumbersome to me and I wonder if I'm missing the > "correct way" to do it, or isn't there a complete solution for REST > authentication yet...? Also some things missing about my solution, like the > TTL of this token, how I generate it, security aspects, etc... > > I would appreciate pointing me in the right direction, how this is > typically done in Clojure, etc. > > > Thanks in advance! > -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
