what, libraries and methods, are people using for authentication?

I know that buddy was used sucessfully with liberator, although it needs some glue code. In the end all you need to do is to implement the :authorized? decision to check for authorization and make sure the necessary headers are set in the response.

so it’s preferred over ring middleware?

not necessarily. You can take advantage of ring middleware within liberator. Say, some authentication middleware set’s a special request attribute :auth-middleware/authorized? you can inspect that value in authorized? and act accordingly.

ah, that makes total sense

If false, return false and maybe update the context to override the middleware response.

Or maybe you can just fallback to the middleware and rely on the fact it would return a 403 response

I’m also looking into friend, but it is not making any sense to me

Friend is very powerful but to my knowledge hard to integrate with liberator. If you can use it simply as a wrapper then fine. The liberator resources can ignore authentication all together and consider it handled.

oic

so if I chose friend, probably best to separate liberator resources from friend

This post is a little aged but in general still valid: http://sritchie.github.io/2014/01/17/api-authentication-with-liberator-and-friend/

Liberator at least didn’t change fundamentally in the last 3 years 😉

I’ve been reading that, and was concerned with the age of the post

heh, that’s true

thanks for your help @ordnungswidrig

you’re welcome 🙂