Fork me on GitHub

Im trying to add token based authentication to my fulcro app. I found some authentication related stuff in the docs and fulcro-template, but these are username/password/session based, but for my use case i need to pass a token on each request. Are there any examples of token based authentication out there?


So far, i’m using a a custom fulcro network on the client, that adds an authorization header with the token to each api request, but i’m not sure where I should check the token on the server


Hey Chris, I’m trying to do the same thing. How have you managed to do this client side? Because I thought it would be as simple as adding a custom request-middleware wrapper, but as that only receives the request, I don’t know how it can access the token it needs. (I’m sorry I don’t have an answer for your question, because we are using the fulcro easy server with the pre-hook for that).


The entire request should be in the env in the mutations and query handlers on the server already.


so if you’re sending it from the client, you can get it there


Should I wrap fulcro.server/server-read and fulcro.server/server-write of check it via a ring middleware (only for “/api”)?


yes, but i’m not using the easy server, and i’m not sure what the hooks can return. Could i just return a {:status 401 here?


Havrent tried it. There is also a . Not sure if its the best place but looks like wrap-api fn could be a place where to do the token check and return a 401 if it is invalid


@liesbeth @chrisblom The env includes the Ring request on the server, which includes the headers, etc.

👍 1

@U0CKQ19AQ thanks, i’ll try it there


How would you recommend adding the header on the client side?


So, you’re getting the information via redirects?


Since you need it for every request I’d probably build it into the client networking. The new fulcro-http-remote has a middleware feature for the client, and it’d probably be easiest to add it there at client startup. Implementation mainly depends on whether you have it before or after startup


If I had it only after startup, how would I get my request-middleware to know the token?


For example, you could put it in an atom, and make a top-level function you ^:export to js land (so that if you’re using an API, for example, it would be easy to make a callback from js to fill the atom)


(def token-atom (atom nil))
(defn ^:export install-token [t] (reset! token-atom t))


Ok, thanks! I will give that a shot 🙂