Comments (4)
What does the redirect-uri do?
It's the URI that the authorization server uses to send the user back to the your app. In the OAuth 2.0 specification it's called the "redirection endpoint URI".
The URI is handled by the middleware itself, receiving the token and adding it to the session. When it's done, it redirects the user again to the landing URI.
It appears that each provider returns different data sets and that this library doesn't seem to handle the POST back to get the actual data I'm trying to access (email read only in my scenario).
No, but it should be straightforward. You need to add the token to a header on your POST request, like:
Authorization: Bearer <token>
How that's done depends on which HTTP client library you're using.
from ring-oauth2.
Thanks for the quick response. So is there no way to do processing inside the redirect-uri handler? It appears to just get auto-handled by ring-oauth2? I'm just trying to figure out where in my code I would do the POST back with the Bearer token. It seems a bit odd to me to do that in the landing-uri but that may just be because I think of a "landing" page to be where you want to redirect the user after all the oauth processing work is done vs having different landing-uri's for each provider that do POST's back to the provider and then render something to the browser.
e.g. this code never gets to the debug println statement
;; github oauth2
(defn oauth-github-launch [])
(defn oauth-github-callback [request]
(println "got here")
)
(defroutes github-oauth2-routes
(GET "/auth/github" []
(oauth-github-launch))
(GET "/auth/github/callback" request
(oauth-github-callback request)))
I have this in my middleware
(mount/defstate app
:start
(middleware/wrap-base
(routes
(-> #'home-routes
(wrap-routes middleware/wrap-csrf)
(wrap-routes middleware/wrap-formats))
(-> #'github-oauth2-routes
(wrap-routes middleware/wrap-csrf)
(wrap-routes middleware/wrap-formats)
(wrap-routes middleware/wrap-github-oauth2))
from ring-oauth2.
I'm just trying to figure out where in my code I would do the POST back with the Bearer token.
Put it in the handler for the landing URI.
There is an issue #10 which suggests adding a success handler that would be executed by the redirect URI, but aside from skipping a redirect the result would be the same as putting the logic in the landing URI instead.
from ring-oauth2.
OK cool. Many thanks!!
from ring-oauth2.
Related Issues (20)
- X-Forwarded-* headers are not used for resolving the URI HOT 1
- Help getting started with ring-oauth2 and Luminus HOT 2
- Scary error when forgetting `client_id` or `client_secret` HOT 1
- Internal Server Error/404 on callback from Youtube API HOT 1
- Enhancement: configure middleware for the internal POST calls HOT 2
- No reader function for tag object when using cookie store HOT 10
- cannot get the token HOT 4
- Is the example `ring-defaults` missing the actual handler in README.md? HOT 1
- Help: how to allow a local administrator to bypass? HOT 2
- Works when deployed to "/" but 404s when run with a context path HOT 2
- Logout Flow HOT 2
- refresh token functionality HOT 1
- Support for dynamic authorization URL params HOT 7
- 400 "No authorization code" on callback, even though I can see code in URL string HOT 4
- Requesting a new release with redirect handler support HOT 1
- clj-http now requires cheshire 5.9.0 HOT 1
- Middelware does not work with Facebook? HOT 1
- Supporting multiple profiles for the same provider? HOT 5
- Unclear error messages HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ring-oauth2.