Murtaza, First, you need to either
(a) :allow-anon? false in the configuration map you provide to friend/authenticate — it is true by default, or (b) Use an authorization guard (which can include friend/authenticated, which reuses the authorization mechanism to ensure that only authenticated users' requests can cause the enclosed code to be evaluated) Either option will redirect to whatever you have configured as :login-uri (default "/login"). Also, openid-uri is not where the provider's URI goes; that's what configures the URI that the OpenId workflow is bound to e.g. for receiving the redirect from the provider after the user has authenticated with them. So, you'd want :openid-uri to be something like "/openid". It is generally the case that the OpenId workflow is initiated by the user by clicking on one of a couple of different buttons, or specifying their OpenId URL manually. This is what you would put on the /login page. You can see different takes on this this at http://www.clojureatlas.com/login and http://stackoverflow.com/users/login. I suppose you *could* start the OpenId workflow automatically, but that might be a jarring experience for your users: because you can't control the presentation / branding of the OpenId provider's authentication flow, unauthenticated users may get confused, or think they've wandered into an attempt to obtain their e.g. Google credentials. However, I can see use cases for this — maybe when the users know a particular site always uses credentials from a particular site, or for internal apps where an OpenId SSO is ubiquitous and expected. FWIW, I'll add an example for that option (as well as the more common form-initiated style) to the set of example applications I'm slowly building for Friend: https://friend-demo.herokuapp.com/ I haven't publicly announced that app/effort yet — mostly because I want to get a certain minimum number of example apps spiked out with non-hideous presentation before blowing the trumpets. Anyway, I hope the content above is helpful. Let me know if you have any other questions... Cheers, - Chas On Dec 19, 2012, at 2:59 AM, Murtaza Husain wrote: > Hi, > > I am trying to setup my authentication using cemerick/friend. I would like to > authenticate using openid with gmail. > > Below is the code that I have - > > (ns faiz.handler > (:use compojure.core) > (:require [compojure.handler :as handler] > [compojure.route :as route] > [ring.util.response :as resp] > [me.shenfeng.mustache :as mustache] > [cemerick.friend :as friend] > (cemerick.friend [workflows :as workflows] > [credentials :as creds] > [openid :as openid]))) > > (mustache/deftemplate index (slurp "public/index-async.html")) > > (def index-data {:title "Invoize." :brand "Faiz" :links [{:url "#/students" > :text "Students"} {:url "#/thaalis" :text "Thaalis"}]}) > > > > > (defroutes app-routes > (GET "/" [] (resp/redirect "/landing")) > (GET "/landing" [] (resp/file-response "landing.html" {:root "public"})) > (GET "/index" [] (index index-data)) > (route/files "/" {:root "public"}) > (route/not-found "Not Found")) > > (def mock-app > (-> app-routes > (friend/authenticate > {:workflows [(openid/workflow :openid-uri > "https://www.google.com/accounts/o8/id"; :realm "http://invoize.com";)]}))) > > (def app > (handler/site app-routes)) > > My expectation is that when I try to access the "/index" or "/landing" url, > it should not allow me as I am not authenticated and redirect to the > openid-url,however this does not happen. How do I achieve it ? > > Thanks, > Murtaza > > > -- > You received this message because you are subscribed to the Google > Groups "Clojure" group. > To post to this group, send email to [email protected] > Note that posts from new members are moderated - please be patient with your > first post. > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/clojure?hl=en -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to [email protected] Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/clojure?hl=en
