1.5 KiB
New IROH-Auth APIs
- tags
- Cisco FT SecureX Simplified Registration Cisco
- source
- https://github.com/advthreat/iroh/issues/6076
Implement a new IROH-Auth API
With https://github.com/advthreat/iroh/pull/6247 you can now put a specific JWT middleware configuration for a Web API.
So here we just need to provide a new specific function to check JWT to
accept the new UserIdentity-level JWTs.
So have a function inspired by iroh-web.core/check-jwt-fields, see:
https://github.com/advthreat/iroh/blob/master/lib/iroh-web/src/iroh_web/core.clj#L138
The main differences should be:
Filter on the correct oauth/kind
Have a .../user-identity/... instead of .../user/...
Etc…
Then create new proto-Web API using this new configuration for the JWT.
(web/defwebservice-with-params iroh-auth-spa-api []
{,,,
:options {:jwt-middleware-option-patch
{:jwt-check-fn user-identity-jwt-check-fn}}}
The first endpoint should be GET /iroh/iroh-auth-apis/whoami
whose only goal would be to display a user-friendly JSON of the identity
field of the ring request.
(GET "/whoami" req
,,,
(ok (:identity req)))From there we will have successfully built an IROH-Auth level session.