Coder Social home page Coder Social logo

clj-auth's Introduction

clj-auth

An exmaple of using Clojure and ClojureScript to implement a JWT based authentication and authorisation system for a web application.

Purpose

A very basic repository demonstrating an implementation of a JWT based authentication solution using Clojure and ClojureScript. This is more an example application rather than a library. However, it seems that 90% of what is required to implement a JWT based authentication and authorisation solution already exists with existing Clojure and ClojureScript libraries. What is really going on here is just some glue or scaffolding to put it all together. As such, this is probably a reasonable example of what you need to do in your own applications to add an authentication and application layer.

The main goal here is to have a basic reference implementation for a JWT based authentication and authorisation solution which I can use in applications I implement using Clojure and ClojureScript. The reality is that while most applications I have implemented have a requirement for authentication and authorisation, I typically re-implement this functionality every time. My life would become significantly better if I could just grab a reference implementation to add to my applications and be done with it. An additional benefit is it would also provide consistency across the applications I develop and maintain. In simple terms, I’m implementing an authn/authz module to myh toolbox which I can add to applications I develop in a consistent and standardised manner.

Secondary Goal

One of the things I love most about Clojure/ClojureScript is the preference towards composing your stack from individual libraries rather than simply using an existing framework where you primarily just fill in various templates and write basic boilerplate code. I like the composition approach because it tends to mean I understand both the technology and the libraries being used and when things go wrong or need to be extewnded/chagned, I have full control. The downside of this approach is that initially, it can be extremely daunting when deciding what libraries to use. THis is partly due to not having deep familiarityh with the various libraries. In many cases, you cannot fully understand the benefits of one library over another until you have used it to solve some real problems. Often, you find yourself in the uncomfortable position of wondering if you have made the right choice or spending too much time swapping libraries in and out and failing to make real progress on the actual problem you want to solve.

A secondary goal for this repository is to provide an environment for experimenting with various Clojure and ClojureScript libraries. The authn/authz space provides a fairly well defined set of requirements which also tend to touch much of the functionality you would typically encounter in a web based application. As such, it likely provides a good application for evaluating various libraries and techniques. This means this repository will evolve over time. While the overall functionality the repository implements may not change, how that functionality is implemented and associated dependencies will change.

Requirements

The basic functionality I would expect to see in a basic auth module would include

  • Secure
    • OWASP aware/compliant.
    • Appropriate hashing and signing support
    • Secure token generation, forgery protection and validation
  • Account/Identity registration
    • Unique identity key
    • Email address
    • Username (optional)
    • Display name(s) (optional)
  • Basic authentication services
    • Single factor password based authentication
      • Minimum password length enforcement.
      • Support/encourage pass pharases over passwords
    • 2FA support (optional)
      • Security Key
      • Authy (or similar)
  • Secure forgotten password service
    • Support initial password setting
  • Secure change password service
  • Account/identity Deletion service
  • Aauthorisation/Role support

Technology Stack

As this repository is also a test bed for experimenting and testing various Clojure and ClojureScript libraries, the technology and libraries being used is likely to evolve over time. Once all core functionality has been implemented with the initial technology stack, a tag will be added to the repository which will identify that completed version. This also means that the head of the repository will frequently represent a work in progress state of teh repository rather than a stable working implementation of the key functionality. Use at your own risk!

Initial Version

Initially, this repository will be based on the following libraries. In general, these libraries have been chosen either because they are well known and provide a basic generic service of low interest (e.g. Jetty adaptor) or because they look interesting and I want ot get some hands on experience with them (e.g. reitit, integrant) or because they are currently the best supported library providing specific functionality with few or no altgernatives (e.g. buddy).

Integrant
Used to manage the startup, reloading and halting of the system.
Ring’s Jetty Adaptor
Provides the basic http server functionality.
Reitit Router
Basic Clojure and ClojureScript data driven routing
Timbre Logging
A pure Clojure/ClojureScript logging framework
Next JDBC
Clojure JDBC library. Using Postgresql as the back end database
C3P0 Connection Pooling
Database connection pooling

= Honey SQL :: SQL as Clojure data structures

Migratus
Database migration support
Buddy
Security library used for hashing and signing etc.
Shadow CLJS
ClojureScript support

clj-auth's People

Contributors

theophilusx avatar

Stargazers

 avatar

Watchers

 avatar  avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.