Fork me on GitHub
#fulcro
<
2018-04-30
>
chrisblom09:04:18

Im trying to add token based authentication to my fulcro app. I found some authentication related stuff in the docs and fulcro-template, but these are username/password/session based, but for my use case i need to pass a token on each request. Are there any examples of token based authentication out there?

chrisblom09:04:05

So far, i’m using a a custom fulcro network on the client, that adds an authorization header with the token to each api request, but i’m not sure where I should check the token on the server

liesbeth14:04:03

Hey Chris, I’m trying to do the same thing. How have you managed to do this client side? Because I thought it would be as simple as adding a custom request-middleware wrapper, but as that only receives the request, I don’t know how it can access the token it needs. (I’m sorry I don’t have an answer for your question, because we are using the fulcro easy server with the pre-hook for that).

tony.kay15:04:01

The entire request should be in the env in the mutations and query handlers on the server already.

tony.kay15:04:18

so if you’re sending it from the client, you can get it there

chrisblom09:04:05

Should I wrap fulcro.server/server-read and fulcro.server/server-write of check it via a ring middleware (only for “/api”)?

chrisblom09:04:23

yes, but i’m not using the easy server, and i’m not sure what the hooks can return. Could i just return a {:status 401 here?

claudiu09:04:54

Havrent tried it. There is also a http://book.fulcrologic.com/#_adding_to_the_ring_stack . Not sure if its the best place but looks like wrap-api fn could be a place where to do the token check and return a 401 if it is invalid

tony.kay15:04:58

@liesbeth @chrisblom http://book.fulcrologic.com/#_doing_the_parsing_yourself The env includes the Ring request on the server, which includes the headers, etc.

👍 1
chrisblom15:04:03

@U0CKQ19AQ thanks, i’ll try it there

liesbeth15:04:03

How would you recommend adding the header on the client side?

tony.kay15:04:34

So, you’re getting the information via redirects?

tony.kay15:04:29

Since you need it for every request I’d probably build it into the client networking. The new fulcro-http-remote has a middleware feature for the client, and it’d probably be easiest to add it there at client startup. Implementation mainly depends on whether you have it before or after startup

liesbeth15:04:22

If I had it only after startup, how would I get my request-middleware to know the token?

tony.kay15:04:23

For example, you could put it in an atom, and make a top-level function you ^:export to js land (so that if you’re using an API, for example, it would be easy to make a callback from js to fill the atom)

tony.kay15:04:51

(def token-atom (atom nil))
(defn ^:export install-token [t] (reset! token-atom t))

liesbeth15:04:07

Ok, thanks! I will give that a shot 🙂