This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2023-01-22
Channels
- # asami (31)
- # babashka (1)
- # beginners (29)
- # biff (32)
- # cider (6)
- # clojure (29)
- # clojure-europe (7)
- # clojurescript (16)
- # community-development (18)
- # core-typed (11)
- # emacs (8)
- # hyperfiddle (10)
- # lsp (26)
- # nbb (8)
- # off-topic (17)
- # other-languages (1)
- # pedestal (2)
- # reitit (6)
- # releases (1)
- # sci (2)
- # shadow-cljs (19)
I have a newbie pedestal question around sessions. I am bringing a new service up and followed the service example using the middlewares/session (using cookies for brevity .. will move this to a cache/db later).
(let [key (random/bytes 16)
_ (log/info :service-init {:session-key (.toString key)})
session-interceptor (middlewares/session {:store (cookie/cookie-store {:key key})})
common-interceptors [(body-params/body-params) http/html-body http/json-body]
routes #{;; public apis
["/login" :get [auth-login] :route-name :login]
;; authenticated APIs:
;;
["/login-user" :get [auth-login-user util/html-render session-interceptor welcome-interceptor] :route-name :login-user]
["/logout/" :get [auth-validate auth-logout] :route-name :logout]}
The auth-login-user is an interceptor that looks like this:
(interceptor/interceptor
{:name ::code-exchange
:enter (fn [{:keys [request session interceptors query-params path-params route] :as ctx}]
;; code exchange -> verify response -> verify token --> authenticated
;;
(let [response (perform-code-exchange {:request request
:code-path code-path
:grant-type token-exchange
:m2m-config m2m
:jwk-endpoint jwk-endpoint
:token-endpoint token-endpoint
:redirect-uri redirect-uri
:required? required?})
auth-token (-> response :body (json/decode keyword) :access_token)]
(-> ctx
(assoc-in [:response :session] (get-in [:request :session] ctx))
(assoc-in [:response :session :auth-token] auth-token))))})
The session doesn't exist in the ctx, but following the docs on middlewares/session to copy it over if it does.
Testing the login-user redirect I see a default cookie, but not one with the key provided. I also don't see any :session-key in the context map .. and associating a [:response :session] to the response map does not seem to add one. In fact, I'm not sure I understand how to get any modifications of the response map (for example, added something to the [:response :request :header] map) to show up on the client side. Is there some obvious thing I'm missing, or a more complete example that I can use?Found the problem in my html-render interceptor. I should change the namespace name to avoid thinking it's ring util when I'm tired I think. It was overwriting the response with the result from the html render.