propan / geheimtur Goto Github PK

If the client is making CORS requests to a pedestal server, the preflight OPTIONS request will not include credentials, so the guard interceptor will cause it to be refused.

In the fetch-token function, ring-codec/form-decode is used to parse the response. While this works with Github, I had issues setting up integration with Google whose token response payload is json.

There are two ways that this can be handled:

1. Use different token response parse fn's based on the token response Content-Type
2. Allow the user to provide a token-response-parse-fn in the provider config

I'd prefer the former over the later. Pedestal already includes Cheshire so we can use it to parse json responses.

What are your thoughts? I'd be happy to work on a pull request.

I think default-form-reader should be identity. Thoughts?

this doesn't seem to be actively maintained and wondering if this is secure like the friend library?

1. Love this project. :)
2. It would be super helpful to understand what changes (especially breaking changes) were introduced from version to version without needing to view the Git log / read all of the code to find out.

For instance, I am still running version 0.2.1 and would like to be on the latest stable release, but have to do some log surfing to figure out if/how the changes might affect my application. Again, thank you for releasing this project. Cheers!

I have a logo proposal for you. I want to be a contributor. What do you say?

Application error

An error occurred in the application and your page could not be served. If you are the application owner, check your logs for details. You can do this from the Heroku CLI with the command
heroku logs --tail

when a user accesses a resource restricted via basic auth, the return code should be 401 and not 403, so that the browser asks for the credentials again.

I was thinking that sometimes it would be usful to have access to the request information when writing a credentials function.

For example I was playing around with the idea of attaching a datomic db instance into the request. Then I would want to do the user lookup based on that db instance.

Hi!

While using geheimtur, I encountered a problem, where my app cannot login new users after a day of uptime. I've discovered that in our company keys are rotated daily, and my app was using outdated one.

I see in the code of geheimtur.impl.oauth2/authenticate-handler handler is created and is bound to the value it reads from providers map.

Could you please consider adding an option to give providers-fn that will provide value in runtime or some similar functionality?

And of course, thank you for the excellent library.

First off, thanks for your great work on this!

We've run into a problem while implementing a Google provider, namely that Geheimtur doesn't allow the addition of extra query params to initial auth requests in geheimtur.impl.oauth2/authenticate-handler. This is a bit of a dealbreaker with providers like Google that (annoyingly) use extra params to control requested access. For instance, the access_type param controls whether or not a refresh token will be available (see "Step 2").

This could be alleviated pretty easily by adding a key to the provider map with a map value which would be converted to additional query params.