Fork me on GitHub
#clojure-europe
<
2020-07-24
>
ordnungswidrig06:07:16

@synthomat that closest to it might be buddy. But authorization in the web is a huge collection of technologies, thus I think you need to look what serves your particular use case. I recommend anything which doesn't require you to handle passwords, iow. offload authentication and focus on authorization

synthomat06:07:45

yeah I’m using friend but that’s more authentication and a tiny bit authorization through roles, isn’t it?

synthomat06:07:00

I was referring to something where I can check authorization in handlers, services, etc… permissions, ABAC. I’m obviously coming from Java/Spring space and I was just wondering if something similar exists in clojure world (or whether there are other concepts)

synthomat06:07:39

but I guess I will just try out different things in my project and see what fits best 🙃

ordnungswidrig06:07:17

For authorization in the last projects I made good success with storing the identity and oles in the request context, eventually bind a dynvar and check access in the business logic.

ordnungswidrig06:07:09

When you want to be more declarative on the handler / route layer you can add required roles to your routes if that's supported by the route library of your choice.

borkdude06:07:56

yada has auth and roles built in - I'm using that for work

plexus08:07:10

I used friend when creating the lambda island site, but in hindsight should've used buddy. It's much better designed.

borkdude08:07:04

I remember reading the docs of friend in 2014 but it was pretty daunting to me

synthomat13:07:12

the API looks simple but it’s not really intuitive to me…

borkdude08:07:31

also, the author moved away from Clojure, so it's probably not maintained anymore

raymcdermott13:07:07

Morning

👋 2
synthomat14:07:38

oh apparently I was already half way through this talk