hi, any example on how to integrate wrap-oauth2 with reitit router and defaults middleware ? I'm trying to setup the boilerplate to use when building web-apps with reitit. I'm also currently using https://github.com/ferdinand-beyer/reitit-ring-defaults - but might drop them. I've figured out that I need to use wrap-oauth2 outside the router since it dynamically registers "routes" . But I can't use it with the defaults - unless I change them.
Maybe merge it with your other routers using reitit.ring/routes? Something like
(ring/ring-handler
normal-routes
(ring/routes
oauth-2-wrapped-thing
default-handler))You can just wrap your Ring handler in the middleware directly.
(def handler
(-> (ring/ring-handler your-routes)
(wrap-oauth2 oauth-options)))
I tried both approaches but none work since I am missing session and params parsing
I think I am beggining to understand how things work. I should be able to add the exact middleware and use the same session store - hopefully it does not blow in my face
too bad there are no examples on how to handle this in reitit - Clojure does need to catch up a bit on this front
I made progress. I have auth working. Thanks. I'm using declarative middleware for routes and wrap-defaults for oauth2. I am sharing the session store - memory store in this case.
(ring/ring-handler
(ring/router (routes) router-opts)
(ring/routes
(ring/create-resource-handler {:path "public"})
(ring/create-resource-handler {:path "swagger-ui"})
(ring/create-file-handler {:root download-dir :path "/data"})
(ring/create-file-handler {:path "/"})
(-> (ring/create-default-handler)
(wrap-oauth2 auth-profiles)
(wrap-defaults my-site-defaults)))
{:middleware ring-handler-middleware})You could also just use wrap-params and wrap-session instead of wrap-defaults, since you don't need any of the other middleware that wrap-defaults adds.
thanks, that is my plan - I just did not know if I needed any more middleware
I'm also surprised that just adding wrap-oauth2 to the :middleware key doesn't work. My understanding from the Reitit docs is that it wraps the handler.
"Top-level middleware, applied before any routing is done" the docs say, so adding wrap-oauth2 , along with the session and params middleware, to the top-level :middleware key, should also work.
I think it should - if I will add the params and session
it does work:
ring-handler-middleware [wrap-webjars
wrap-app-config
[wrap-session (:session my-site-defaults false)]
[wrap-params (get-in my-site-defaults [:params :urlencoded] false)]
[wrap-oauth2 auth-profiles]]
(ring/ring-handler
(ring/router (routes) router-opts)
(ring/routes
(ring/create-resource-handler {:path "public"})
(ring/create-resource-handler {:path "swagger-ui"})
(ring/create-file-handler {:root download-dir :path "/data"})
(ring/create-file-handler {:path "/"})
(ring/create-default-handler))
{:middleware ring-handler-middleware})thank you very much
I'll check out the token refresh PR now since I have 5 minute tokens and I need to refresh them 🙂