This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2020-04-27
Channels
- # aws (19)
- # babashka (47)
- # beginners (111)
- # boot (3)
- # bristol-clojurians (3)
- # chlorine-clover (2)
- # cider (13)
- # cljs-dev (8)
- # clojure (143)
- # clojure-europe (11)
- # clojure-germany (10)
- # clojure-italy (3)
- # clojure-losangeles (1)
- # clojure-nl (1)
- # clojure-spec (6)
- # clojure-survey (3)
- # clojure-uk (42)
- # clojurescript (229)
- # conjure (131)
- # cursive (21)
- # data-science (18)
- # datomic (4)
- # emacs (21)
- # events (2)
- # figwheel-main (12)
- # fulcro (18)
- # graalvm (1)
- # hoplon (40)
- # jobs (1)
- # joker (17)
- # kaocha (1)
- # lambdaisland (1)
- # off-topic (19)
- # rdf (7)
- # re-frame (31)
- # reagent (26)
- # reitit (20)
- # rum (4)
- # shadow-cljs (106)
- # sql (17)
- # testing (5)
- # vim (2)
I’m using Cognito. It was nasty to set up but (as you say) is good to keep everything with one vendor. I eventually set it up using CDK
I plan to move to Keycloak in the future though: better features and docs all around. Can still run that on AWS
There's library named `keycloak-clojure` to wrap the Keycloak Java Adapter https://github.com/jgrodziski/keycloak-clojure
How much feasible is setting up Keycloak for a single developer? vs using sessions and PostgreSQL tables for user's email/username, roles, hashed password and permissions? Using Buddy and Permissions (https://github.com/tuhlmann/permissions) for this purpose. I'm asking from the perspective of operational cost, complexity, barriers versus benefit.
I've not used keycloak with clojure before, but i've used it with a python webapp
i liked not having to worry about sessions, and getting to offload a lot of the security stuff to gatekeeper
How did you setup keycloak? is it feasible to do it on same machine on DO droplet on which app installed (with postgresql for app data)?
actually the nice part is more gatekeeper than keycloak! not sure if AWS has a similar setup, but the idea behind gatekeeper is that it takes client traffic like a reverse proxy, and only forwards it upstream if it passes validation
i set it up on another VM
if you set it up on the same machine, you'll have to deal with routing the client requests between keycloak and your app
the client will need to be redirected to keycloak, that's the way OAuth works
so request would go like nginx -> keycloak -> keycloak gatekeeper -> clojure app
nope, it'll be something like
nginx -> keycloak
|
V
gatekeeper -> clojure app
happen to be working on this recently: https://github.com/ackerleytng/keycloak-quickstarts/tree/latest/app-authz-uma-photoz#scripted-quickstart
this isn't the python app, it's a quickstart that keycloak provided
i modified it to work in docker and added further instructions to make it a quicker quickstart
I used caddy to route between keycloak and the java app (this one doesn't use gatekeeper)
not sure if this is such a good idea for a production service though