This is a workflow for Friend that handles Google's OpenID Connect.
Bug reports and pull requests are most welcome.
We needed a way to enable users to use their Google Apps identities to authenticate. We implemented this as a reusable workflow that allows us to quickly add this capability to each of our different services.
Additionally, Google OpenID 2.0 is deprecated leaving no drop-in workflow. (cemerick/friend#117).
This workflow uses Google's API Client Library for Java to verify the JWT without the need to deal with explicitly fetching and caching Google's public certs. Auth is hard, so we believe Google's provided libraries will be more correct and reliable.
friend-google-openid is available in Clojars. Add this :dependency to your Leiningen
project.clj:
[friend-google-openid "0.2.1"]friend-google-openid depends on friend-oauth2.
This is just another Friend workflow. Provide a :credential-fn along with :client-id, :client-secret, and a :callback hashmap.
You will need to create a project at Google's Developer Console. Make sure the configured callback path and domain line up with what you provided in Developer Console.
(ns your.ring.app
(:require [friend-google-openid.core :as openid]))
(openid/workflow {:client-id client-id
:client-secret client-secret
:callback {:path "/oauth2callback"
:domain "http://your.domain.com"
:credential-fn credential-fn}})Copyright © 2015 Mayvenn
Distributed under the Eclipse Public License version 1.0.