buddy-auth
buddy-auth copied to clipboard
funcool
Authentication and Authorization facilities for ring and ring based web applications.
Fixes issue https://github.com/funcool/buddy-auth/issues/86
It is a pretty common expectation that JWT's can be passed using the Bearer _token_ approach. It is also recommended and the main source of info for JWT: https://jwt.io It...
With Ring 3-arity contract, exceptions thrown in the same thread bubble back to the middleware. However, if any non-blocking IO was to happen between `wrap-authorization` and `throw-unauthorized`, those exceptions would...
Hi, According to [RFC 2617](https://tools.ietf.org/html/rfc2617#section-1.2), the authorization scheme should be case insensitive; thus, `Basic` and `basic` should both be valid. Here's the relevant part: ``` HTTP provides a simple challenge-response...
[RFC 7235 section 4.1. WWW-Authenticate](https://tools.ietf.org/html/rfc7235#section-4.1) specifies: > A server generating a 401 (Unauthorized) response MUST send a WWW-Authenticate header field containing at least one challenge. However, buddy.auth.backends.token/handle-unauthorized-default sends a 401...
In the [http-basic section](https://funcool.github.io/buddy-auth/latest/#http-basic) it says to add `(wrap-authentication)`, but it seems that `(wrap-authorization)` middleware is also needed. Without this middleware no 'basic auth' dialog is shown to enter the...
I'm having difficulty figuring out how all the middleware and options work together. There are three middleware: `wrap-access-rules`, `wrap-authentication`, `wrap-authorization`. How do these work together and which are necessary? It...
I'm using Buddy with Basic Auth and the `api-defaults` Ring middleware. The Unauthorized response gets a `Content-Type` of `octet-stream`. In a (Safari) browser, this results in an empty file being...
The README notes: ```NOTE: this project is in maintencance mode, and looking for a new maintainer. ``` What is maintenance mode? What are the criteria for choosing a new maintainer?...
