This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2021-03-10
Channels
- # announcements (1)
- # asami (44)
- # babashka (62)
- # beginners (84)
- # calva (42)
- # cider (5)
- # clj-kondo (32)
- # cljs-dev (8)
- # clojure (61)
- # clojure-australia (3)
- # clojure-berlin (1)
- # clojure-europe (12)
- # clojure-japan (3)
- # clojure-nl (4)
- # clojure-serbia (5)
- # clojure-spec (1)
- # clojure-uk (9)
- # clojurescript (31)
- # community-development (21)
- # conjure (5)
- # cursive (17)
- # datomic (14)
- # emacs (10)
- # etaoin (1)
- # figwheel-main (1)
- # fulcro (9)
- # garden (5)
- # graalvm (16)
- # helix (7)
- # honeysql (13)
- # jackdaw (25)
- # jobs (2)
- # lsp (21)
- # malli (25)
- # missionary (2)
- # mount (3)
- # off-topic (12)
- # practicalli (3)
- # re-frame (43)
- # reagent (45)
- # reitit (36)
- # releases (6)
- # remote-jobs (2)
- # reveal (28)
- # rewrite-clj (7)
- # shadow-cljs (45)
- # slack-help (4)
- # spacemacs (5)
- # sql (23)
- # startup-in-a-month (7)
- # tools-deps (59)
- # vim (26)
Hey all! Been a bit quiet recently hasn't it? I've been busy on some user authentication/password management/security stuff for the past few days. Much though I enjoy streaming the code development process, I think that broadcasting EVERY single line of code is ... uh ... a really bad idea 😅 So I'm going to be working on that for the rest of the week probably. I might get a stream or two in, but otherwise I'll be laboring in the shadows for a little while :male-detective:
I have a repo here that may be of use as a reference to you: https://github.com/bpringe/auth-template. It's session based auth, not token, but some of it may still be useful if you're using token auth.
Ooh damn, I will definitely reference that! Thanks @U9A1RLFNV
And after some ego swallowing and a couple hours of research, I've decided on session auth after all. Seems easier and safer, and only requires a little refactoring on my end to make it possible to do with http-only cookies
You're welcome. Yeah if it's a simple app for the browser then session auth fits the bill I think.
Nice touch with the timing attack mitigation btw: https://github.com/bpringe/auth-template/blob/master/src/auth_template/email.clj#L44