Fork me on GitHub

Hi, is there a good example for verifying a JWT token from another service, not signing one with/for a buddy backend? Thanks in advance.


@juliobarros it's quite simple - (along with requires

[buddy.auth.middleware :refer [wrap-authentication]]
   [buddy.auth.backends.token :as auth-token]


well … I’m not sure I fully understand this but … I’m exploring using cognito. They give you a set of keys and you have to match the right one (if understand it correctly) so/and I’m not sure I want to use the standard auth middleware but rather verify it myself.


@juliobarros the wrap-authentication handler will verify the JWT signature and make the token assertions available in your request context as a map... you are then free to do any further validation you want


Thanks for trying to help me out. I think I need to explore this further. I don’t believe I have the secret (or it is not a constant) at the time I create the middleware … so I need to do something more flexible. Perhaps I should look at the middleware code to see how it is doing the verification.


if you don't have the secret at middleware creation then i'd create a new auth backend using the existing one as a starting point, and adding in a secret-source or something


I think what I need is more in line with JWK/JWKS which Is not supported yet but there is a PR