This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2021-08-18
Channels
- # announcements (5)
- # aws (14)
- # babashka (5)
- # beginners (39)
- # brompton (9)
- # chlorine-clover (10)
- # cider (2)
- # clj-kondo (107)
- # cljfx (2)
- # cljsrn (7)
- # clojure (40)
- # clojure-australia (2)
- # clojure-conj (5)
- # clojure-europe (11)
- # clojure-japan (2)
- # clojure-nl (3)
- # clojure-spec (1)
- # clojure-uk (6)
- # clojurescript (8)
- # cursive (20)
- # datahike (6)
- # degree9 (2)
- # deps-new (2)
- # development-containers (11)
- # fulcro (26)
- # jobs (1)
- # joker (1)
- # kaocha (1)
- # lambdaisland (1)
- # malli (6)
- # membrane (1)
- # nbb (1)
- # news-and-articles (2)
- # off-topic (3)
- # pedestal (23)
- # re-frame (19)
- # reagent (6)
- # sci (110)
- # shadow-cljs (7)
- # tools-deps (9)
- # xtdb (20)
Hi.
I am trying to hook into AWS Cognito to exchange an authorization code for an id_token
I have found that I can cobble something together using raw org.eclipse.jetty.client.HttpClient
like this
(defn logged-in [request]
(println "logged-in")
(prn request)
(let [cli (doto (HttpClient. (SslContextFactory$Client. true)) (.start))
req (doto
(.POST cli "")
(.content (FormContentProvider.
(doto (Fields.)
(.add "grant_type" "authorization_code")
(.add "client_id" "*****")
(.add "code" (get-in request [:params :code]))
(.add "redirect_uri" ""))))
)
^ContentResponse cr (.send req)
]
(clojure.pprint/pprint cr)
(println (.getContentAsString cr))
but this seems a bit ugly
but I don't want to introduce a new clj-http
library just to extract id_token;
mostly I am using com.cognitect.aws/api
libraries
Is that a cognitect api library function that will exchange authorization codes for id_tokens (that I've not found)?
Is there some more elegant way to run this code?
I imagine it must be a fairly common thing to do...I'm a bit confused, where are you getting the request
from in the above function? Are you going through APIGW?
I am running a pedestal instance on localhost:8080
eventually it will be running an a datomic ionic direct-http thingamy
or maybe a plain old ion lambda if that turns out more satisfactory
i do try to stay open-minded
a what?
what is that?
ultimately, once api calls are getting made, i plan to use the built in cognito checking
but I've only just got logging in working
you mean like https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-enable-cognito-user-pool.html
yes, that is my intention
its all done using Http Headers rather than cookies
Not with the REST API though, with the latest release we use the HTTP API, not the REST API. I'm thinking something like https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-jwt-authorizer.html
why does it use Headers rather than cookies? are cookies found to be insecure?
Which has an example of using cognito for the JWT authorizer. If you need more flexibility you can also use the previous access control mechanism which calls lambdas, AKA an ion.