:header "Authorization" token not used?

[paulrd]

I just want to confirm how this app checks authorization. I can't run this app yet, but I want to see if I'm missing anything. I see the token get's set at login, but never seems to get used.

[myguidingstar]

It does use authorization. Client side: When client submits username/password successfully and receives a token from server, it saves to an atom and uses it for all requests after that (it's a fulcro request middleware) https://github.com/walkable-server/realworld-fulcro/blob/master/src/conduit/client.cljs#L8 Server side: The server app uses Buddy middleware with jwt https://github.com/walkable-server/realworld-fulcro/blob/master/resources/conduit/config.edn#L5 For each incoming request with valid jwt key, the middleware will decode to find out the user's id and provides that id as :identity of Ring request map. That :identity again will be passed to Walkable handler via the env map: https://github.com/walkable-server/realworld-fulcro/blob/master/src/conduit/handler/walkable.clj#L234 Some idents or joins have restriction by the :extra-conditions in floor-plan: https://github.com/walkable-server/realworld-fulcro/blob/master/resources/conduit/config.edn#L109 In the definition of those extra conditions, you can see the symbol app/current-user. Such symbol is called a variable. In this case, the var app/current-user are computed from the runtime env mentioned above. https://github.com/walkable-server/realworld-fulcro/blob/master/src/conduit/handler/walkable.clj#L222

Let me know if anything is unclear.