Hi guys once more !, anyone has tried the cookie auth settings specified in doc https://github.com/juxt/yada/blob/master/manuscript/100_security.md#cookie-authentication I'm trying now but i got schema validation error this is my code

:access-control {:scheme :cookie
                                                                      :cookie "MY_COOKIE"
                                                                      :verify (fn [cookie]
                                                                                (println "cookie: " cookie)
                                                                                true)}

to a resource-model schema
   {:resource-model
    {:id "Hello World!\n",
     :produces "application/json",
     :methods
     {:get
      {:response
       #function[ch.deepimpact.tamara.system/eval95110$fn--95111]}},
     :access-control
     {:scheme :cookie,
      :cookie "MY_COOKIE",
      :verify
      #function[ch.deepimpact.tamara.system/eval95110$fn--95113]}},
    :error {:access-control {(not (namespace :cookie)) invalid-key}}}

😕 I'm in the process to upgrade my project to use current yada version [yada "1.1.0-20160228.233732-31"]

@tangrammer You might want to look at dev/src/yada/dev/security.cljfor a working example. A key part of getting this to work is that you need to write a method that implements verify for :cookie

That is verify as defined in yada.security

thanks @fahey but I'm providing the verify fn too ^ and anyway this code doesn't explain the doc issue

@tangrammer: That's the thing though, verify can't just be a fn. You have to use defmethod. Here is a snippet from my own setup:

(defmethod verify :cookie
  [ctx  {:keys [verify]}]
  (let [the-cookie (get-in ctx [:cookies "session"])]
    (when-let [user (and the-cookie
			 (mylib/check-user-cookie the-cookie))]
      ;; etc
)))

and that is while requiring [yada.security :refer [verify]]

@fahey: thanks!, now I got the idea and the code running

+