Project

Namespaces

Public Vars

authn.core

Core authentication functionality.

Provides session-based authentication for first-party applications. Integrates with Ring middleware to handle login, logout, and session management using cookie-based sessions.

Basic Usage

(require '[authn.core :as authn]
         '[authn.store :as store])

(def authenticator
  (authn/create-authenticator
    {:credential-validator my-validator
     :claims-provider my-claims-provider
     :session-store (store/create-session-store)
     :session-ttl-ms (* 24 60 60 1000)})) ; 24 hours

With Ring Handler

(require '[authn.middleware :as mw])

(def app
  (-> handler
      (mw/wrap-authentication authenticator)
      (ring.middleware.session/wrap-session)))

Login/Logout

(require '[authn.handler :as handler])

(defn routes [authenticator]
  [["POST" "/login" (handler/login-handler authenticator)]
   ["POST" "/logout" (handler/logout-handler authenticator)]])

authenticate

(authenticate authenticator credentials)(authenticate authenticator credentials scope)

Authenticates credentials and creates a session.

Takes an Authenticator instance, credentials map, and optional scope vector. Validates the credentials, fetches user claims, creates a session, and returns the session ID. Returns nil if authentication fails.

Example:

(authenticate authenticator
              {:username "user" :password "pass"}
              ["profile" "email"])

cleanup-sessions

(cleanup-sessions authenticator)

Removes expired sessions.

Takes an Authenticator instance and removes all expired sessions from storage. Returns the number of sessions deleted. Should be called periodically in production applications.

Config

Malli schema for authenticator configuration.

create-authenticator

(create-authenticator {:keys [credential-validator claims-provider session-store session-ttl-ms], :as config})

Creates an authenticator instance.

Takes a configuration map with required keys :credential-validator and :claims-provider. Optional keys include :session-store (created in-memory if not provided), :session-ttl-ms (defaults to 24 hours), and session cookie configuration options.

Session cookie options: - :session-cookie-name - Cookie name (default: “session-id”) - :session-cookie-secure? - Require HTTPS (default: true) - :session-cookie-http-only? - HTTP only flag (default: true) - :session-cookie-same-site - SameSite attribute (default: :lax)

Returns an Authenticator record.

default-config

Default configuration values.

get-session

(get-session authenticator session-id)

Retrieves session data by session ID.

Takes an Authenticator instance and session ID string. Returns the session data map if found and valid, or nil if the session doesn’t exist or has expired.

logout

(logout authenticator session-id)

Destroys a session.

Takes an Authenticator instance and session ID string. Deletes the session from storage. Returns true if successful.

refresh-session

(refresh-session authenticator session-id)

Refreshes a session by extending its expiration.

Takes an Authenticator instance and session ID string. Updates the session’s expiration time. Returns true if successful, false if session doesn’t exist.