Example authentication flow demo build

[azureus89]

@VikramShawFL add an example build in xtnt-micro - cljs where when you have the auth service running on local machine you can sign up, sign in ... no need for sign out yet this is not a demo: http://randomlurker.eu/clojurescript/re-frame/2017/05/22/re-frame-auth0-authentication.html

sharing because i will refer to a few implementation details in there

first, are we doing JWS or JWE?

[VikramShawFL]

We need to use JWS for signed token if we want to implement an authentication system.

[VikramShawFL]

Can you send me a demo link to implement sign up and sign in function. Also in xtnt-micro, do I need to implement all the function whatever I did in xtnt-auth project.

[azureus89]

dont have a demo link, we have to do it ourselves

first step form for signup with username password you can create using the css framework in place @ParikshithMohan can run you through it create a function to write that into db etc ... like with the demo username/password in the current auth framework

so in cljs

1. create form (@ParikshithMohan can show you framework)
2. create function to submit to running auth server
3. have auth server create a username, password, role etc for the user, like its doing with demo user

lets do that first, then sign in

[azureus89]

@VikramShawFL any progress?

[VikramShawFL]

Sign-up page is ready, just a minor doubt need to clear with @sahabaishakhi once she come online. Connecting H2 database with the xtnt-micro project

[azureus89]

dont connect h2 with xtnt-micro ... auth server needs to run separately, dont want to integrate auth server into xtnt-micro ...

need to run auth server separately on your system, and xtnt micro both side by side ... with your page from micro contacting the auth server with authentication requests

[VikramShawFL]

Context: CORS error Issue: The error is referring to the line number 36 to 38 Logs

[azureus89]

on the auth server - wrap the route handler with cors middleware like this: https://github.com/jumblerg/ring-cors

[azureus89]

it looks like this is the more popular middleware for CORS: https://github.com/r0man/ring-cors

check and choose

[VikramShawFL]

Ok

[VikramShawFL]

Context Getting the same CORS error Issue Have added the cljs-ajax code in micro project login.cljs Ring-Cors code in Auth project core.clj Logs The error which I'm getting

[azureus89]

handler is wrapping app-routes correctly but in your main function you are calling app

app is not wrapping app-routes with wrap-cors in the def app thread put handler instead of app-routes

so A = routes + cors wrapper B = routes + other wrappers

it is not object oriented, its functional ... meaning just because you did handler = routes + cors wrapper, doesn't mean "wrapper is applied to routes"

wrapper gets applied to routes lazily only when you call handler, and the value of that is stored in handler, routes does not change just because you defined handler and applied wrap-cors to app-routes (everything in clojure except atoms is immutable) -- values are never changed .. they are only modified and passed forward

let me know if you understood

you may get an error again, for a different reason that I see, but this code snippet - this is what is wrong

[VikramShawFL]

I tried that but it's giving me the same error. I also tried but then also it is giving the same error

[VikramShawFL]

Context Getting POST http://localhost:4000/create-auth-token 401 (Unauthorized) Issue Even after modifying the code and getting the response header content-type as application/json, I'm getting the above header Logs Codes in core.clj(Auth project) Login.cljs micro project And the response I'm getting Console

Continuation of above image

[azureus89]

in your cljs --- not response-format ... request needs header for content-type! look at curl, do the same thing, look at curl documentation and see what the flags mean and replicate it here in the appropriate parameter

also create-auth-token is not sign up, its sign in ... why are you passing user roles etc

where is the confusion?

[VikramShawFL]

Yes, the error was because of the content type. I was getting confused between response- format and format for content-type. Added to that after sometime by seeing the error I thought that may be because auth project is separate project from micro so I need to write a function to get the value of :username from auth project. But I was wrong it was due to content-type.

[VikramShawFL]

Now after adding the content-type as :format :json it is creating the token without giving an error.

[VikramShawFL]

Creating documentation for the CORS apart from this anything else I need to do in this issue.

[azureus89]

Yes .. sign up, create new user

[VikramShawFL]

Context Need help, in sending the form data to the database. Issue How to send the form datas to the database after clicking on send button?

[azureus89]

what form data, what database?

[VikramShawFL]

By form data I'm in login page I have email, username, password and submit button. So for signup function it should be like after clicking on submit button it should send the datas of all the above form to the auth project database right. That's the problem, I'm not able to figure out how to do that.

[azureus89]

how is it different from sign in?

[azureus89]

is sign in implementation done?

[VikramShawFL]

Context The token is being generated from the login form and also added the logout function but after login I'm getting error which is related to unsigning the token. I did all this using clojure, once the error is solved will convert to clojurescript. Issue The error is No implementation of method: :-to-bytes of protocol: #'buddy.core.codecs/IByteArray found for class: org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPublicKey Log

Wed Dec 18 01:51:44 IST 2019 [worker-3] ERROR - GET /
java.lang.IllegalArgumentException: No implementation of method: :-to-bytes of protocol: #'buddy.core.codecs/IByteArray found for class: org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPublicKey
    at clojure.core$_cache_protocol_fn.invokeStatic(core_deftype.clj:583)
    at clojure.core$_cache_protocol_fn.invoke(core_deftype.clj:575)
    at buddy.core.codecs$eval16176$fn__16177$G__16167__16182.invoke(codecs.clj:60)
    at buddy.core.codecs$to_bytes.invokeStatic(codecs.clj:69)
    at buddy.core.codecs$to_bytes.invoke(codecs.clj:66)
    at buddy.core.mac$eval16633$fn__16634.invoke(mac.clj:91)
    at buddy.core.mac$eval16543$fn__16544$G__16534__16551.invoke(mac.clj:44)
    at buddy.core.mac$verify.invokeStatic(mac.clj:247)
    at buddy.core.mac$verify.invoke(mac.clj:240)
    at buddy.sign.jws$fn__17134.invokeStatic(jws.clj:34)
    at buddy.sign.jws$fn__17134.invoke(jws.clj:31)
    at buddy.sign.jws$verify_signature.invokeStatic(jws.clj:118)
    at buddy.sign.jws$verify_signature.invoke(jws.clj:110)
    at buddy.sign.jws$unsign$fn__17204.invoke(jws.clj:156)
    at buddy.sign.jws$unsign.invokeStatic(jws.clj:155)
    at buddy.sign.jws$unsign.invoke(jws.clj:147)
    at buddy.sign.jwt$unsign.invokeStatic(jwt.clj:122)
    at buddy.sign.jwt$unsign.invoke(jwt.clj:118)
    at buddy.sign.jwt$unsign.invokeStatic(jwt.clj:119)
    at buddy.sign.jwt$unsign.invoke(jwt.clj:118)
    at xtnt_micro.security$unsign_token.invokeStatic(security.clj:70)
    at xtnt_micro.security$unsign_token.invoke(security.clj:69)
    at xtnt_micro.security$wrap_auth_token$fn__19294.invoke(security.clj:76)
    at compojure.core$routing$fn__2532.invoke(core.clj:185)
    at clojure.core$some.invokeStatic(core.clj:2701)
    at clojure.core$some.invoke(core.clj:2692)
    at compojure.core$routing.invokeStatic(core.clj:185)
    at compojure.core$routing.doInvoke(core.clj:182)
    at clojure.lang.RestFn.applyTo(RestFn.java:139)
    at clojure.core$apply.invokeStatic(core.clj:667)
    at clojure.core$apply.invoke(core.clj:660)
    at compojure.core$routes$fn__2536.invoke(core.clj:192)
    at ring.middleware.keyword_params$wrap_keyword_params$fn__19457.invoke(keyword_params.clj:53)
    at ring.middleware.params$wrap_params$fn__19385.invoke(params.clj:67)
    at ring.middleware.absolute_redirects$wrap_absolute_redirects$fn__19411.invoke(absolute_redirects.clj:47)
    at xtnt_micro.security$wrap_authorized_redirects$fn__19308.invoke(security.clj:112)
    at ring.middleware.session$wrap_session$fn__19199.invoke(session.clj:108)
    at clojure.lang.Var.invoke(Var.java:384)
    at ring.middleware.reload$wrap_reload$fn__13443.invoke(reload.clj:39)
    at org.httpkit.server.HttpHandler.run(RingHandler.java:115)
    at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
    at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
    at java.base/java.lang.Thread.run(Thread.java:835)

[azureus89]

Raise an issue about unsigning ... this is nor relevant to current issue, please check issue description:

@VikramShawFL add an example build in xtnt-micro - cljs
where when you have the auth service running on local machine
you can sign up, sign in ... no need for sign out yet
this is not a demo: http://randomlurker.eu/clojurescript/re-frame/2017/05/22/re-frame-auth0-authentication.html

Clearly stated above : no need for sign out yet

1. Implement Log In in clojurescript example FIRST
2. Work on sign up flow in stamp project and close this open issue https://github.com/224-1/stamp/issues/3
3. Implement Sign Up flow in clojurescript example