This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2023-12-28
Channels
- # beginners (2)
- # calva (8)
- # capetown (1)
- # clojure (28)
- # clojure-europe (6)
- # clojure-norway (82)
- # clojure-sweden (1)
- # clojuredesign-podcast (5)
- # clojurescript (26)
- # core-async (3)
- # cryogen (7)
- # datahike (30)
- # datomic (10)
- # figwheel-main (8)
- # honeysql (8)
- # hyperfiddle (15)
- # jobs-discuss (6)
- # lsp (6)
- # matrix (6)
- # off-topic (12)
- # overtone (1)
- # polylith (6)
- # portal (6)
- # releases (1)
- # shadow-cljs (9)
- # sql (1)
- # xtdb (5)
Hi, I have a question about storing login credentials. https://stackoverflow.com/questions/77711194/best-practice-for-storing-login-credentials-in-clojurescript is stack overflow link. Do you have any suggestions?
clearly you need to store them on the clientside, you need to not leak client info but keep it in localstorage
what can you keep that won't let others mess with an account? you can "sign every request" and check the signing, you can use the JWT approach and send a "header, payload, checksum" where the header has an algorithm for writing the checksum specified. then you only accept the payload if the checksum matches what you think it should -- because then you know the data wasn't tampered with
People are so averse to answering simple questions with confident answers, I don't get it, someone who actually has this problem should answer 😂
I think the real question is, "How do have a persistent session in Electric" (as stated in the top comment). The serious production answer is that there are many different ways you might want to do this with varying implications, and most require backend integration at the http server level. The quick and dirty answer is I think what Vincent said – you can use localstorage
We're upgrading to Ring 1.11 soon which just got websocket support; this will allow us to drop the jetty boilerplate and do everything using the typical Clojure approaches
After we do this, we'd like to add a better auth strategy to the starter app (perhaps even with Auth0 or something like that so that you get single sign on out of the box). No promises for when we do this
Users are welcome to contribute this, none of this requires any Electric internals knowledge
I store a session ID in local storage and then check that id on the server. Roughly:
(e/client
(let [id (read-from-local-storage)]
(e/server (when (is-authenticated id))
(do-something))))
PR's or even demo repos welcome, if you decide to work on this I'd be happy to do a zoom call
I am not very experienced with auth0, but I will make an attempt at the beginning of January to make it work.
ok let’s definitely zoom i have an old auth0 integration lying around from hyperfiddle-2020 that at least has all the java and jwt code bits you’ll need