I've digested openid and using it with google, should have a working example to share when I have a time to put it together over weekend.
I've got another common useage pattern I'd like to ask about: How do we accomplish automatic redirect to the "correct" page? Let's say user accesses /secret, isn't authenticated and gets redirected to /login by friend. once authenticated, how do we ensure we get redirected back to /secret? On Wednesday, October 24, 2012 10:12:01 AM UTC+1, Patrik Sundberg wrote: > > On Wednesday, October 24, 2012 3:10:52 AM UTC+1, David Della Costa wrote: > >> Patrik, Pierre, have you folks checked out the mock app that Chas >> created in the test directory? It's not going to give you everything >> you're looking for but make it can help. There is an implementation >> of the OpenID workflow in there, including a credential-fn example: >> >> >> https://github.com/cemerick/friend/blob/master/test/test_friend/mock_app.clj >> >> > Been digesting that and reading the OpenID workflow + the openid2java docs > to work out what inputs mean what. I'm not quite there yet but starting to > have some idea, will experiment today to get auth with Google Account up > and running. > > >> This may also help, regarding credential functions: >> >> >> https://github.com/cemerick/friend/blob/master/test/test_friend/credentials.clj >> >> >> I also highly recommend looking at the bcrypt-credential-fn in the >> credentials.clj lib, in the src of the project itself: >> >> >> https://github.com/cemerick/friend/blob/master/src/cemerick/friend/credentials.clj >> >> >> > The credentials I grok more easily than the workflow - or more > specifically the openid workflow. The form based auth workflow is a lot > easier for me to follow, no probs there. That I find the openid workflow > more obtuse probably means I don't get OpenID quite yet so will do some > standard reading there as well. > > >> This is the default credentials function used in the mock app above, >> so it should help illustrate some of the concepts. I've spent a lot >> of time poring over the code too, so feel free to ping me with >> questions too, I may be able to help. >> >> > IMHO the doc is really lacking and I have to say I was expecting more >> > guidance in the code itself. >> >> Yes, it's still hard to wrap your head around the docs. Friend >> scratches an itch I have, and I think it's going to be rather >> important if people are trying to web apps quickly in Clojure, so I'm >> going to keep working on it and see how much I can clean things up and >> make concepts more clear. And I know Chas is interested in this as >> well, from his past comments. Any help and pull requests are welcome. >> ;-) >> >> I'm working on some updates to everything I've been working on, I'll >> post updates to the list shortly (later this week probably, maybe even >> today). >> >> > Agreed. Happy to contribute a working google acc openid auth once I get > there. > > Patrik > > >> DD >> >> 2012/10/24 Pierre R <p.rade...@gmail.com>: >> > Thanks David for the extra doc. >> > >> > I have had a try with OpenID. Everything works kind of expected. >> > >> > I had a question about "302 redirection prior to authentication" that I >> > posted on github. >> > >> > Another question is how to link the concept of roles with the openid >> > credentials. >> > >> > IMHO the doc is really lacking and I have to say I was expecting more >> > guidance in the code itself. >> > >> > I guess a lot of stuff obvious to an experienced clojure developers are >> > still dark magic to me. >> > >> > In particular it is rather difficult to understand how to write a >> > crendential-fn and this link won't help you ;-) >> > https://github.com/cemerick/friend/blob/master/docs/credentials.md >> > >> > For "OpenId" I have blindly used the identity function without much >> > understanding ... >> > >> > I am using Friend to scratch a little auth server. Not sure it is the >> best >> > fit for that purpose. I will see. >> > >> > I hope Friend is going to be reviewed by an extended community of >> people >> > much more qualified than myself to talk about such matter. >> > >> > Still docs could be improved and I believe helps could come from pull >> > requests to suggest the addition of code comments there and there. >> > >> > If I dig far enough in the code, I would be pleased to help. >> > >> > Thanks for the hard work. >> > >> > Cheers, >> > >> > Le mardi 23 octobre 2012 17:50:25 UTC+2, Patrik Sundberg a écrit : >> >> >> >> These are great tutorials. Thanks for publishing. >> >> >> >> Right now I'm looking for something similar using the OpenID workflow. >> I >> >> see it's there but how I use to for example create a "sign in with >> google" >> >> setup is less clear to me. >> >> >> >> Has anyone got a good OpenID example out there somewhere? >> >> >> >> On Saturday, October 6, 2012 4:50:05 PM UTC+1, David Della Costa >> wrote: >> >>> >> >>> Hi folks, >> >>> >> >>> I've been pretty slack in communicating via the mailing list, but I >> >>> realized today that there is a lot of important dialogue going on >> here >> >>> so I have to make more of an effort to take part--I want to be a part >> of >> >>> this community! >> >>> >> >>> In any case, I've been using Friend a lot lately, since I come from >> >>> Ruby-on-Rails-land, and it addresses a lot of the pain points that >> >>> Devise does for me. >> >>> >> >>> But (as has been mentioned in other threads quite recently), >> >>> documentation is definitely the Clojure community's week point: it's >> >>> inconsistent, formatted inconsistently (Ring and Compojure, for >> example, >> >>> are wonderful exceptions), and updated erratically. When it's good, >> >>> it's great; but when it's not, it puts me off from using a library. >> For >> >>> example, I stayed away from Enlive for months before I realized what >> a >> >>> useful library it is--so I re-wrote the README to suit my tastes >> >>> (https://github.com/ddellacosta/enlive). >> >>> >> >>> I think Chas Emerick writes much better docs than much of what >> >>> accompanies most Clojure libraries, but he's quite an advanced >> Clojure >> >>> developer, and he's moving very fast--so as a newbie, I had >> difficulty >> >>> even with his relatively good docs for Friend. And I suspect you'll >> be >> >>> getting more and more folks from the web development world in the >> next >> >>> few years like me. So it will be good to have things from the >> >>> perspective of someone not just trying to grok the libraries that >> exist, >> >>> but also trying to understand how Clojure works, and how the >> eco-system >> >>> fits together. >> >>> >> >>> I've written some material on how to use Friend, including some >> OAuth2 >> >>> resources. I'd appreciate any feedback you can give, I'm pretty new >> to >> >>> Clojure (and Lisp in general). >> >>> >> >>> In any case: >> >>> >> >>> https://github.com/ddellacosta/friend-interactive-form-tutorial >> >>> https://github.com/ddellacosta/friend-oauth2-examples >> >>> https://github.com/ddellacosta/friend-oauth2 >> >>> >> >>> I have a bunch of other Clojure-related stuff on my github account >> too, >> >>> feedback is most welcome! >> >>> >> >>> Cheers, >> >>> DD >> > >> > -- >> > You received this message because you are subscribed to the Google >> > Groups "Clojure" group. >> > To post to this group, send email to clo...@googlegroups.com >> > Note that posts from new members are moderated - please be patient with >> your >> > first post. >> > To unsubscribe from this group, send email to >> > clojure+u...@googlegroups.com >> > For more options, visit this group at >> > http://groups.google.com/group/clojure?hl=en >> > -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en
