Good morning!

@synthomat that closest to it might be buddy. But authorization in the web is a huge collection of technologies, thus I think you need to look what serves your particular use case. I recommend anything which doesn't require you to handle passwords, iow. offload authentication and focus on authorization

yeah I’m using friend but that’s more authentication and a tiny bit authorization through roles, isn’t it?

I was referring to something where I can check authorization in handlers, services, etc… permissions, ABAC. I’m obviously coming from Java/Spring space and I was just wondering if something similar exists in clojure world (or whether there are other concepts)

but I guess I will just try out different things in my project and see what fits best 🙃

For authorization in the last projects I made good success with storing the identity and oles in the request context, eventually bind a dynvar and check access in the business logic.

When you want to be more declarative on the handler / route layer you can add required roles to your routes if that's supported by the route library of your choice.

yada has auth and roles built in - I'm using that for work

thanks 🙂

I used friend when creating the lambda island site, but in hindsight should've used buddy. It's much better designed.

I remember reading the docs of friend in 2014 but it was pretty daunting to me

also, the author moved away from Clojure, so it's probably not maintained anymore

Morning

@synthomat a little bit of authentication and libraries by the author of yada: https://www.youtube.com/watch?time_continue=1161&v=gMYQ1vDy7d0&feature=emb_logo

Thank you!

oh apparently I was already half way through this talk