Clojure client library for the Auth0 platform (Authentication API).
[auth0-clojure "0.1.0"]The implementation is based on the Authentication API Docs.
Initiate the config by setting the Client (Application) details from the dashboard.
(ns app.core
(:require [auth0-clojure.api.authentication :as auth]))
(auth/set-config!
{:auth0/client-id "<your-client-id>"
:auth0/client-secret "<your-client-secret>"
:auth0/default-domain "<your-tenant-name>.auth0.com"
:auth0/custom-domain "<your-custom-domain>"})Each function then accepts a request settings map and an optional config map, like this:
(authorize-url
{:auth0/response-type "code"
:auth0/scope "openid profile"
:auth0/redirect-uri "http://localhost:1111/login-user"})
;; OR
(authorize-url
;; this one here needs only the client id and the custom or default domain
{:auth0/client-id "<your-client-id>"
:auth0/custom-domain "<your-custom-domain>"}
{:auth0/response-type "code"
:auth0/scope "openid profile"
:auth0/redirect-uri "http://localhost:1111/login-user"})In the samples below only the shorter version will be used.
Each function corresponds to an Auth0 endpoint. Keyword values like :auth0.grant-type/authorization-code
are used for convenience; strings like "authorization_code" are also acceptable.
Note that when using keywords hyphens to underscores conversion is done automatically for you.
Creates an authorize url to authenticate the user with an OAuth provider.
The :auth0/redirect-uri must be white-listed in the "Allowed Callback URLs" section
of the Client (Application) Settings. Parameters can be added to the final URL by
adding the values to the map.
(authorize-url
{:auth0/response-type "code"
:auth0/scope "openid profile"
:auth0/redirect-uri "http://localhost:1111/login-user"})Creates a logout url to log out the user.
The auth0/return-to must be white-listed in the "Allowed Logout URLs" section
of the Dashboard. Parameters can be added to the final URL by adding the values to the map.
(logout-url
{:auth0/return-to "http://localhost:1111/login"
:auth0/federated true})Creates a request to exchange the code previously obtained by calling the /authorize endpoint.
The redirect URI must be the one sent in the /authorize call.
(oauth-token
{:auth0/grant-type :auth0.grant-type/authorization-code
:auth0/code "<code>"
:auth0/redirect-uri "http://localhost:1111/login-user"})Creates a request to log in the user with username and password.
The connection used is the one defined as "Default Directory" in the account settings.
(oauth-token
{:auth0/grant-type :auth0.grant-type/password
:auth0/username "<username>"
:auth0/password "<password>"})Creates a request to log in the user with username and password using the Password Realm.
(oauth-token
{:auth0/grant-type "http://auth0.com/oauth/grant-type/password-realm"
:auth0/realm "<realm>" ;; like "Username-Password-Authentication"
:auth0/username "<username>"
:auth0/password "<password>"})Creates a request to get a Token for the given Audience.
(oauth-token
{:auth0/grant-type :auth0.grant-type/client-credentials
:auth0/audience "<audience>"})Use this endpoint to refresh an Access Token using the Refresh Token you got during authorization.
(oauth-token
{:auth0/grant-type :auth0.grant-type/refresh-token
:auth0/refresh-token "<refresh-token>"})Creates a request to revoke an existing Refresh Token.
(oauth-revoke {:auth0/token "<refresh-token>"})Creates a request to create a user. Up to 10 additional Sign Up fields can be added to the request. This will only work for db connections.
;; minimal
(signup
{:auth0/email "<email>"
:auth0/password "<password>"
:auth0/connection "<connection>" ;; usually "Username-Password-Authentication"
})
;; all
(signup
{:auth0/email "<email>"
:auth0/password "<password>"
:auth0/connection "<connection>" ;; usually "Username-Password-Authentication"
:auth0/username "<username>"
:auth0/given-name "<first-name>"
:auth0/family-name "<last-name>"
:auth0/name "<full-name>"
:auth0/nickname "<nick>"
:auth0/picture "<image-url>"
:auth0/user-metadata {:some-key "some-val"}})Creates a request to reset the user's password. This will only work for db connections.
(change-password
{:auth0/email "<email>"
:auth0/connection "<connection>" ;; usually "Username-Password-Authentication"
})Creates a request to get the user information associated to a given access token.
This will only work if the token has been granted the openid scope.
(userinfo "<access-token>")- Spec (+
openid,email,authorization-code) - Authentication API Passwordless support
- Authentication API MFA support
- Authentication API WS-Federation support
- More samples (for Auth API - including the above 3, Management API)
- Management API docs
- Default utility that handles Management API token refreshes
- Tests
Copyright © 2019 FIXME
Distributed under the Eclipse Public License either version 1.0 or (at your option) any later version.