oidc->local login improved

demo/deps.edn

@@ -8,24 +8,14 @@
         org.pinkgorilla/oauth2 {:local/root "../" :deps/manifest :deps}
         nrepl/nrepl {:mvn/version "1.2.0"}}
 
- :aliases {:webly {:exec-fn webly.app.app/webly-build
-                   :exec-args {:config [{}]
-                               :profile "npm-install"}}
-
-           :npm-install {:exec-args {:profile "npm-install"}}
-           :compile {:exec-args {:profile "compile"}}
-           :release {:exec-args {:profile "release"}}
-           :release-adv {:exec-args {:profile "release-adv"}}
-           :static {:exec-args {:profile "static"}}
-           :ci {:exec-args {:profile "ci"}}
-
-           :run {:exec-fn modular.system/start!
-                 :exec-args {:profile "jetty"
+ :aliases {:npm-install {:exec-fn webly.app.app/webly-build
+                         :exec-args {:config [{}]
+                                     :profile "npm-install"}}
+           :demo {:exec-fn modular.system/start!
+                  :exec-args {:profile "watch"
                               :config ["/home/florian/repo/myLinux/myvault/goldly/oauth2-localhost.edn" ; oauth2 secrets
-                                      ]
-                             :services "demo-services.edn"}}
-
-           }
+                                       "demo-config.edn"]
+                              :services "demo-services.edn"}}}
 
 ;
  }

demo/resources/demo-config.edn

@@ -0,0 +1,18 @@
+{:timbre/clj {:min-level [[#{"org.apache.http.*"
+                             "org.eclipse.aether.*"
+                             "org.eclipse.jetty.*"
+                             "modular.oauth2.*"
+                             "modular.oauth2.token.refresh.*"
+                             "modular.ws.*"
+                             "webly.web.*"
+                             "goldly.ws-connect.*"
+                             "goldly.cljs.discover.*"
+                             "goldly.run.cljs-load.*"
+                             "goldly.run.cljs-load"
+                             "goldly.run.ws-connect"} :warn] ; webserver stuff - warn only
+                          ; [#{"modular.ws.*"} :debug]
+                          [#{"modular.persist.*"} :warn]
+                          [#{"goldly.service.core"} :warn] ; goldly services - less logging
+                          [#{"*"} :info]] ; default -> info
+              :appenders {:default {:type :console-color}}}}
+

deps.edn

@@ -4,8 +4,6 @@
  {org.clojure/clojure    {:mvn/version "1.11.1"}
   funcool/promesa {:mvn/version "11.0.674"} ; needs to match version in ui-repl
   tick/tick {:mvn/version "0.6.2"}
-
-  ;nano-id/nano-id {:mvn/version "1.0.0"} ; nano id
   ;; web-ui deps
   reagent/reagent {:mvn/version "1.1.1"} ; https://github.com/reagent-project/reagent
   com.cemerick/url {:mvn/version "0.1.1"}  ; url query-strings

src/token/identity/dialog.cljs

@@ -16,12 +16,12 @@
   (let [r-p (local/get-token username password)]
     (-> r-p
         (p/then (fn [{:keys [user token] :as usermap}]
-                  (println "login local token success! user: " user " token: " token)
+                  (info "login local token success! user: " user " token: " token)
                   (show-notification :info [:span.bg-blue-300.inline "logged in successfully"] 1000)
                   (user/set-user! usermap)
                   (dialog-close)))
         (p/catch (fn [err]
-                   (println "login local error: " err)
+                   (error "login local error: " err)
                    (show-notification :error [:span.bg-red-300.inline "login error!"] 1000)
                    (dialog-close))))))
 
@@ -35,19 +35,19 @@
                                     :title (str "login via " provider)})]
     (-> r-p
         (p/then (fn [token]
-                  (println "login oauth2 token success! token: " token)
+                  (info "login oauth2 token success! token: " token)
                   (show-notification :info [:span.bg-blue-300.inline "logged in successfully"] 1000)
                   (let [user-p (oidc/login provider token)]
                     (-> user-p
                         (p/then (fn [usermap]
-                                  (println "oauth2 login success: " usermap)
+                                  (info "oauth2 login success: " usermap)
                                   (user/set-user! usermap)
                                   (dialog-close)))
                         (p/catch (fn [login-err]
-                                   (println "oauth2 login error: " login-err)
+                                   (error "oauth2 login error: " login-err)
                                    (dialog-close)))))))
         (p/catch (fn [err]
-                   (println "login local error: " err)
+                   (error "login oidc error: " err)
                    (show-notification :error [:span.bg-red-300.inline "login error!"] 1000)
                    (dialog-close))))))
 

src/token/identity/local.clj

@@ -30,14 +30,15 @@
       (codecs/bytes->hex)))
 
 (defn create-claim [{:keys [secret] :as this} claim]
+  (info "creating claim: " claim " secret: " secret)
   (let [token (jwt/sign claim secret)]
     (assoc claim :token token)))
 
 (defn get-token [{:keys [permission] :as this} user-name user-password]
   (let [user-kw (keyword user-name)
         password-hashed (pwd-hash user-password)
         user (get-user permission user-kw)]
-    (println "get-token user: " user-name " user-kw: " user-kw " user-details: "  user)
+    (info "get-token user: " user-name " user-kw: " user-kw " user-details: "  user)
     (cond
     ; user unknown
       (not user)
@@ -56,19 +57,22 @@
                           :email (:email user)}))))
 
 (defn verify-token [{:keys [secret] :as this} token]
-  (println "verifying token: " token)
+  (info "verifying token: " token " secret: " secret)
   (try
     (-> (jwt/unsign token secret)
         (update :user keyword))
-    (catch Exception _
+    (catch Exception ex
+      (error "verify-token exception: " ex)
       {:error :bad-token
        :error-message "Bad Token"})))
 
 (defn login
   [{:keys [permission secret] :as this} token]
   (info "login/local: token: " token " session: " *session*)
   (let [{:keys [user error] :as r} (verify-token this token)]
-    (info "login/local: result: " r)
+    (if error 
+      (taoensso.timbre/error "login/local error: " error " token: " token)
+      (info "login/local: result: " r))
     (when user
       (set-user! permission  *session* user))
     r))
@@ -97,7 +101,7 @@
  ; (clj-jwt/unsign
   ; "https://identity.xero.com/.well-known/openid-configuration/jwks"
    ;"eyJhbGciOiJSUzI1NiIsImtpZCI6IjFDQUY4RTY2NzcyRDZEQzAyOEQ2NzI2RkQwMjYxNTgxNTcwRUZDMTkiLCJ0eXAiOiJKV1QiLCJ4NXQiOiJISy1PWm5jdGJjQW8xbkp2MENZVmdWY09fQmsifQ.eyJuYmYiOjE2NDE1NjcwOTksImV4cCI6MTY0MTU2ODg5OSwiaXNzIjoiaHR0cHM6Ly9pZGVudGl0eS54ZXJvLmNvbSIsImF1ZCI6Imh0dHBzOi8vaWRlbnRpdHkueGVyby5jb20vcmVzb3VyY2VzIiwiY2xpZW50X2lkIjoiMUQ0RTUxQzMyNDA1NDUxQ0JCQTMyQzExMjkwOUE3QjgiLCJzdWIiOiJkODZhNTIyMThiODk1MDFiODE0ZmIyMDY1YjU5NzNlMSIsImF1dGhfdGltZSI6MTY0MTU2NjQ3OSwieGVyb191c2VyaWQiOiIzYzczNjBjMC02MTk1LTQ2MmQtYjkxMy03NmNlOWM2NmNiYjgiLCJnbG9iYWxfc2Vzc2lvbl9pZCI6IjZjYjZhZjRkNTQ4ZDQ3NDZhZTZjMTNjNWJjOThlOWFmIiwianRpIjoiZTM2Y2NkYzdlMjViOGVlMDFhM2U3YzBkNDAwZDk2OWIiLCJhdXRoZW50aWNhdGlvbl9ldmVudF9pZCI6IjA4ZTg2ZTdiLTZkMjctNDQxMS05MTFiLTY0YjJmMWQ1NzhjMCIsInNjb3BlIjpbImVtYWlsIiwicHJvZmlsZSIsIm9wZW5pZCIsImFjY291bnRpbmcucmVwb3J0cy5yZWFkIiwiYWNjb3VudGluZy5zZXR0aW5ncyIsImFjY291bnRpbmcuYXR0YWNobWVudHMiLCJhY2NvdW50aW5nLnRyYW5zYWN0aW9ucyIsImFjY291bnRpbmcuam91cm5hbHMucmVhZCIsImFjY291bnRpbmcudHJhbnNhY3Rpb25zLnJlYWQiLCJhY2NvdW50aW5nLmNvbnRhY3RzIiwib2ZmbGluZV9hY2Nlc3MiXX0.t9c33xsXXqAfxC8JOyTRPG8b-QrLzqkxIItenXyul3kaSulzue281jed1wFyIpBefDq_xNUfFt4SfrMMyplOxThjQMyYktweyftijfMfnHwa4ZlGJaArdNOFNNzm2XOhdlyjFsVpWrAsMdhb8U9LyZjtagePE90VWyF47N3733tsDj9IBMKOUTg0HVEzyHqR0b-yRXE7KraM9KB3A_-CmuKBjT9JfExfFD8K17vS5T94cHW36EAy1UwWS2NZcFai_nh838Yi4sT1x7HCC3rOJlH8-S-GdmgPXpY5enrJ3nvwhca9bSXQKrnxktubDZeKVV3M1Mfhp5Gr-44Jkzu5Ww")
-   
+
  ; 
   )
 

src/token/identity/local.cljs

@@ -1,12 +1,13 @@
 (ns token.identity.local
   (:require
+   [taoensso.timbre :refer-macros [info error]]
    [promesa.core :as p]
    [goldly.service.core :refer [clj]]))
 
 (defn get-token
   "returns a promise with the token or an error"
   [user password]
-  (println "local get-token user: " user "password: " password)
+  (info "local get-token user: " user "password: " password)
   (let [r-p (p/deferred)
         data-p (clj 'token.identity.local/get-token user password)]
     (-> data-p
@@ -15,21 +16,21 @@
                     (p/reject! r-p error-message)
                     (p/resolve! r-p token))))
         (p/catch (fn [err]
-                   (println "get-token error: " err)
+                   (error "get-token error: " err)
                    (p/reject! r-p err))))
     r-p))
 
 (defn login
   "input: the result of get-token (or the saved token in localstorage)"
   [user]
-  (println "login (local) user: " user)
+  (info "login (local) user: " user)
   (let [r-p (p/deferred)
         data-p (clj 'token.identity.local/login user)]
     (-> data-p
         (p/then (fn [{:keys [error error-message] :as result}]
-                  (println "local login success: " result)
+                  (info "local login success: " result)
                   (p/resolve! r-p result)))
         (p/catch (fn [err]
-                   (println "local login error: " err)
+                   (error "local login error: " err)
                    (p/reject! r-p err))))
     r-p))

src/token/identity/oidc.clj

@@ -26,22 +26,22 @@
 
 (defn validate-token [jwt jwks alg]
   (try
-    (warn "validate token: " jwt " jwks: " jwks " alg: " alg)
+    ;(warn "validate token: " jwt " jwks: " jwks " alg: " alg)
     (util/validate-jwt jwt jwks alg)
     (catch Exception ex
-      (timbre/error "token validate exception: " ex)
+      (timbre/error "oidc token validate exception: " ex)
       false)))
 
 (defn login
   [{:keys [permission] :as this} {:keys [provider token]}]
   (info "login/oauth2-oidc: token: " token " session: " *session*)
   (let [;email (user-email token)
         jwks-url  (provider/oauth2-jwks-uri {:provider provider})
-        _ (info "getting jwks for provider: " provider " url: " jwks-url)
+        ;_ (info "getting jwks for provider: " provider " url: " jwks-url)
         jwks (util/get-jwks jwks-url)
         alg {:alg :rs256}
         jwt (util/token->id-jwt token)
-        _ (info "jwt token (access token): " jwt)
+        ;_ (info "jwt token (access token): " jwt)
         {:keys [error email] :as validation-response} (validate-token jwt jwks alg)]
     (info "login/oauth2-oidc:validation-response: " validation-response)
     (if email

src/token/identity/oidc.cljs

@@ -1,19 +1,20 @@
 (ns token.identity.oidc
   (:require
+   [taoensso.timbre :refer-macros [info error]]
    [promesa.core :as p]
    [goldly.service.core :refer [clj]]))
 
 (defn login
   "input: the result of get-token (or the saved token in localstorage)"
   [provider token]
-  (println "login (oidc) provider:" provider " token: " token)
+  (info "login (oidc) provider:" provider " token: " token)
   (let [r-p (p/deferred)
         data-p (clj 'token.identity.oidc/login {:provider provider :token token})]
     (-> data-p
         (p/then (fn [{:keys [error error-message] :as result}]
-                  (println "local oidc success: " result)
+                  (info "local oidc success: " result)
                   (p/resolve! r-p result)))
         (p/catch (fn [err]
-                   (println "local oidc error: " err)
+                   (error "local oidc error: " err)
                    (p/reject! r-p err))))
     r-p))

src/token/identity/oidc/util.clj

@@ -64,9 +64,9 @@
     (let [decoded-jwt (decode-jwt jwt)
           pem (build-pem jwks decoded-jwt)
           public-key (keys/jwk->public-key pem)]
-      (info "decoded jwt: " decoded-jwt)
-      (info "pem: " pem)
-      (info "public-key: " public-key)
+      ;(info "decoded jwt: " decoded-jwt)
+      ;(info "pem: " pem)
+      ;(info "public-key: " public-key)
       (when (keys/public-key? public-key)
         (jwt/unsign jwt public-key alg)))
     (catch Exception e

src/token/identity/service.clj

@@ -4,10 +4,8 @@
    [token.identity.oidc :refer [start-oidc-identity]]))
 
 (defn start-identity-service [{:keys [permission clj secret]}]
-  {:local (start-local-identity
-           {:permission permission
-            :clj clj
-            :secret secret})
-   :oidc (start-oidc-identity
-          {:permission permission
-           :clj clj})})
+  (let [this {:permission permission
+              :clj clj
+              :secret secret}]
+  {:local (start-local-identity this)
+   :oidc (start-oidc-identity this)}))

src/token/identity/user.cljs

@@ -1,21 +1,21 @@
 (ns token.identity.user
   (:require
-   [taoensso.timbre :refer-macros [info error]]
+   [cljs.reader :refer [read-string]]
+   [taoensso.timbre :refer-macros [info warn error]]
    [reagent.core :as r]
-   [token.identity.local :as local]
-   [cljs.reader :refer [read-string]]))
+   [token.identity.local :as local]))
 
 ;; LocalStorage Helpers
 
-(defn ls-set! [k v]
+(defn- ls-set! [k v]
   (.setItem js/localStorage (pr-str k) (pr-str v)))
 
-(defn ls-get [k]
+(defn- ls-get [k]
   (when-let [s (.getItem js/localStorage (pr-str k))]
     (read-string s)))
 
-(defn ls-remove! [k]
-  (.removeItem js/localStorage k))
+(defn- ls-remove! [k]
+  (.removeItem js/localStorage (pr-str k)))
 
 (defonce user-key "oauth2-user")
 
@@ -42,4 +42,7 @@
   (info "initializing user ..")
   (when-let [usermap (ls-get user-key)]
     (info "user loaded from localstorage: " usermap)
-    (reset! user-a usermap)))
+    (reset! user-a usermap)))
+
+
+

src/token/oauth2/core.clj

@@ -14,24 +14,28 @@
    [token.oauth2.store :refer [load-token save-token]]
    [token.oauth2.token :refer [sanitize-token access-token-needs-refresh?]]))
 
-(defn assert-provider [[id p]]
-  (assert (keyword? id) "oauth2 provider key needs to be a keyword")
+(defn assert-provider [v]
+  (let [[id p] v]
+  (assert (keyword? id) (str "oauth2 provider key needs to be a keyword id: " id))
   (assert (map? p) "oauth2 provider needs to be a map")
   (assert (:client-id p) "oauth2 provider needs :client-id key")
   (assert (:client-secret p) "oauth2 provider needs :client-secret key")
-  (assert (:token-prefix p) "oauth2 provider needs :token-prefix key")
   (assert (string? (:client-id p)) "oauth2 provider needs :client-id with type string")
-  (assert (string? (:client-secret p)) "oauth2 provider needs :client-secret  with type string")
-  (assert (string? (:token-prefix p)) "oauth2 provider needs :token-prefix with type string"))
+  (assert (string? (:client-secret p)) "oauth2 provider needs :client-secret  with type string")))
 
 (defn assert-providers [ps]
   (assert (map? ps) "oauth2 providers needs to be a map")
-  ;(doall (map assert-provider ps))
-  )
+  (doall (map assert-provider ps)))                  
 
 (defn start-oauth2-providers [{:keys [clj _store providers] :as this}]
   (info "starting oauth2-provider service..")
-  (assert-providers providers)
+  (try
+    (assert-providers providers)
+    (catch AssertionError ex
+      (info "assert error: " ex )
+      (info "providers config: " providers)
+      (throw (ex-info "oauth2 provider-config error!" {:ex ex}))))
+
   (info "starting oauth2-provider service.. provider config ok.")
   (expose-functions clj
                     {:name "token-oauth2"
@@ -40,7 +44,7 @@
                      :permission nil
                      :fixed-args [this]})
   (info "oauth2-provider service running..")
-  this)
+  nil)
 
 (defn get-provider-client-id [{:keys [providers] :as this} p]
   (get-in providers [p :client-id]))

src/token/oauth2/service.clj

@@ -6,11 +6,10 @@
 (defn start-oauth2-service [{:keys [clj providers store-path store-role]}]
   (let [store (create-store {:clj clj
                              :store-path store-path
-                             :store-role store-role})
-        providers (start-oauth2-providers
-                   {:clj clj
-                    :store store
-                    :providers providers})]
+                             :store-role store-role})]
+    (start-oauth2-providers {:clj clj
+                             :store store
+                             :providers providers})
     {:store store
      :providers providers}))