:PROPERTIES:
:ID:       2c317dbe-4fca-444b-b0bc-f9174522e106
:END:
#+TITLE: New IROH-Auth APIs
#+Author: Yann Esposito
#+Date: [2022-02-08]
- tags :: [[id:1208f09c-d37d-4e6b-9110-151f3c6b7d34][Cisco FT SecureX Simplified Registration]] [[id:91f33b35-6e4e-4213-b214-972ee20722df][Cisco]]
- source :: https://github.com/advthreat/iroh/issues/6076

* Implement a new IROH-Auth API

With https://github.com/advthreat/iroh/pull/6247 you can now put a specific
JWT middleware configuration for a Web API.

So here we just need to provide a new specific function to check JWT to
accept the new UserIdentity-level JWTs.
So have a function inspired by ~iroh-web.core/check-jwt-fields~, see:
https://github.com/advthreat/iroh/blob/master/lib/iroh-web/src/iroh_web/core.clj#L138

The main differences should be:

Filter on the correct ~oauth/kind~
Have a ~.../user-identity/...~ instead of ~.../user/...~
Etc…

Then create new proto-Web API using this new configuration for the JWT.

#+begin_src clojure
(web/defwebservice-with-params iroh-auth-spa-api []
   {,,,
    :options {:jwt-middleware-option-patch
               {:jwt-check-fn user-identity-jwt-check-fn}}}
#+end_src

The first endpoint should be ~GET /iroh/iroh-auth-apis/whoami~
whose only goal would be to display a user-friendly JSON of the ~identity~
field of the ring request.

#+begin_src clojure
(GET "/whoami" req
  ,,,
  (ok (:identity req)))
#+end_src

From there we will have successfully built an IROH-Auth level session.