oauth2-client.core
access-token-post-request
(access-token-post-request oauth2-config)(access-token-post-request {:keys [debug-http-client? token-request-query-args-fn], :or {token-request-query-args-fn token-request-query-args}, :as oauth2-config} accept-type)
Helper to POST an OAuth2 access token request using the
configuration in the oauth2-config hash-map.
By default, the token-request-query-args function is used to format
the arguments for posting to the token request url, but can be
overridden by providing a :token-request-query-args-fn member in the
oauth2-config map.
You can also toggle debugging of the clj-http.client/post call by
passing in :debug-http-client? true in the oauth2-config map.
add-params-to-url
(add-params-to-url url query-params)
Generates an url with a query string from a url string
and hash-map for the query parameters.
authorization-query-args
(authorization-query-args {:keys [client-id redirect-uri scope state], :as config})
Generates a hash-map representation of the default arguments
for a authorization query as specified in section 4.1.1 in RFC 6749.
authorization-redirect
(authorization-redirect {:keys [authorization-query-args-fn], :or {authorization-query-args-fn authorization-query-args}, :as oauth2-config})
Helper to generate a response url for an OAuth2 authorization
request from an oauth2-config hash-map.
authorized-request
(authorized-request method access_token url)(authorized-request method access_token url clj-http-config)
Makes a GET request to url using the access_token stored in the
request headers at the 'Authorization' key, as suggested by RFC6749
in section 7 (https://tools.ietf.org/html/rfc6749#section-7).
The third, optional argument is the configuration for the get/post
functions provided by clj-http.client. By default only the
Authorization header is set with the authorization method of
'Bearer,' using the provided auth-headers function.
To override this or any other get/post configuration parameters
simply pass in a map formatted per clj-http's conventions
(https://github.com/dakrone/clj-http). For example, to add debugging
to an authorized GET request using a Github access_token:
(let [clj-http-config (-> (auth-headers "token" access_token)
(assoc :debug true :debug-body true))]
(authorized-request :get "https://api.github.com/users"; clj-http-config))
The authorization headers will override the default, and any other
arguments will get added to the clj-http get or post function's
final second argument.
generate-anti-forgery-token
(generate-anti-forgery-token)
Generates random string for anti-forgery-token.
parse-json-access-token-response
(parse-json-access-token-response {body :body})
token-request-query-args
(token-request-query-args {:keys [client-id client-secret redirect-uri state code], :as config})
Extracts default arguments from the oauth2-config hash-map
according to the OAuth2 RFC6749. Expects the following keys:
:code :client_id :redirect-uri :state
:redirect-uri is optional depending on whether or not it was passed
initially during the authorization step.
:state is optional and not described in the RFC for the token
request step, but used by some providers (i.e. Github).
(see https://tools.ietf.org/html/rfc6749#section-4.1.3)
validate-oauth2-config
(validate-oauth2-config oauth2-config)
Basic validation function for oauth2-config, simply confirms that
all the required keys have non-blank (per clojure.string/blank?)
values. These include :authorization-uri, :access-token-uri,
:client-id and :client-secret. Returns boolean value.