Hi all, I’m trying to implement my own verify authorization, and I can make it work fine until I need to go to the db to authorize against the request. I can’t figure out how to inject a datomic conn via the multi method approach that follows:

(defmethod yada.security/verify :my/custom-static
  [ctx scheme]
  {:user "alice"
   :roles #{:user}})

I tried to make the following work without implementing the multimethod, but I’ve hit a lot of problems:

(defn produce [env]
  (yada/resource
   {:access-control {:authorization {:methods {:post :user}}
                     :verify (fn [ctx] (do something with env here))}

The defmethod approach makes it pretty hard to inject the connection via a component. Perhaps I should be injecting it into the context first?

Yes. Use an interceptor to do that. We do that quite a lot.

I feel this is a common pattern that needs a better answer than 'just hack the interceptor chain'.

(In yada parlance, I think you're talking about authentication rather than authorization, in case anyone here is confused.)

OK, great. I wasn’t so sure if that was the right place as I hadn’t seen exactly that case come up in posts. Thanks for the response - it should be easy enough from here then.

Do I have to prepend the interceptor per route if I use yada with bidi, or can I have one overall interceptor that will inject the connection?

When I add an interceptor to my resource it seems to break everything. It’s as if it’s using only the interceptor I added. Do I have to set the interceptor chain for the resource before I add to it?

:interceptor-chain yada/default-interceptor-chain