Fork me on GitHub
#aws
<
2021-08-18
>
Ben Hammond16:08:52

Hi. I am trying to hook into AWS Cognito to exchange an authorization code for an id_token using #pedestal I have found that I can cobble something together using raw `org.eclipse.jetty.client.HttpClient` like this

(defn logged-in [request]
  (println "logged-in")
  (prn request)
  (let [cli (doto (HttpClient. (SslContextFactory$Client. true)) (.start))
        req (doto
            (.POST cli "")
              (.content (FormContentProvider.
                         (doto (Fields.)
                           (.add "grant_type" "authorization_code")
                           (.add "client_id" "*****")
                           (.add "code" (get-in request [:params :code]))
                           (.add "redirect_uri" ""))))
              )
        ^ContentResponse cr (.send req)
        ]
    (clojure.pprint/pprint cr)
    (println (.getContentAsString cr))
but this seems a bit ugly but I don't want to introduce a new `clj-http` library just to extract id_token; mostly I am using `com.cognitect.aws/api` libraries Is that a cognitect api library function that will exchange authorization codes for id_tokens (that I've not found)? Is there some more elegant way to run this code? I imagine it must be a fairly common thing to do... (cross-posted from #pedestal without waiting very long... hope that's ok)

ghadi18:08:57

cognitect aws-api only deals with AWS service APIs -- anything like oAuth is like an application level thing

ghadi18:08:57

(same thing interacting with ECR -- creating ECR repos is an amazon api, but using the docker registry that it created is an application thing)

dominicm19:08:07

@ben.hammond You could use the http client that cognitect/aws-api uses? https://github.com/cognitect-labs/aws-api/blob/master/deps.edn#L10 I'm not sure if the client was ever documented.

ghadi19:08:24

please don't use that

Ben Hammond19:08:49

I did consider it for 10 mins

Ben Hammond19:08:25

Jetty one or the new java one is fine

dominicm19:08:45

@ghadi What ever happened with the cognitect http-client? I vaguely recall hints that it would be open sourced at some point. Is that still the eventual plan?

alexmiller19:08:11

It is open source - the source is in the jar

dominicm19:08:39

Hmm, I thought it originally was licensed such that it wasn't open source. Are there plans to publish it as a project with documentation?

alexmiller20:08:29

it has always been open source afaik. I do not think there are any plans to publish it as a project (but not really my area)

alexmiller20:08:10

all versions on Maven central include source, and it's licensed Apache 2

ghadi20:08:30

What alex said. It's always been open-source, and has a narrow scope, not a general purpose http lib, like you'd want for aws api