Hello everyone regarding web-security and clojure would anyone be able to provide me with links and references to up to date documentation and learning materials you would recommend for modern clojure web-app. Specifically around user management (public account creation - login and api for logged in users) Currently I'm making a personal project which has a login system and I'm trying to learn and compare different methods of logins and finding it difficult to evaluate different Clojure / java systems realistically and I think I need a nudge to the right direction. Would you be able to provide me with learning materials about the topic or tool recommendations? For those curious the personal project is a sort of a event scheduler web-app. You can find the (non-functional) repo here: https://github.com/tommi-martin/when
I'm kind of in the same boat. Currently looking at buddy / friend for handling auth
I plan to deploy Keycloak or kanidm as IdP - focus on OpenId Connect
I'll probably deploy buddy aswell to my personal project, just to get it rolling again. But i was worried by this disclaimer in the repo for buddy auth : https://github.com/funcool/buddy-auth > NOTE: this project is in maintencance mode, and looking for a new maintainer. This coupled with the last commits being 4 years ago kinda made me wonder if I want to build anything ontop of that.
should work ok
if you opt for openid connect / oauth, you can also check out https://lambdaisland.com/episodes/passwordless-authentication-ring-oauth2
I believe they work together
one thing that you can consider in websecurity is CSP (Content Security Policy), that helps to keep all resources secure, mainly script injections that all the users have without knowing. Yes, they have lots of 🙂