Re: Some Friend documentation and regarding documentation in general
On Sunday, October 28, 2012 9:56:35 PM UTC, Patrik Sundberg wrote: On Sunday, October 28, 2012 8:14:41 PM UTC, Chas Emerick wrote: On Oct 28, 2012, at 2:57 PM, Patrik Sundberg wrote: I've looked at this for a bit now. It seems there are some slight inconsistencies in how the redirect info is used: Where the redirect-on-autth? is being set up for the interactive-form workflow it looks to me to be assumed to be a boolean flag. https://github.com/sundbp/friend/blob/master/src/cemerick/friend/workflows.clj#L79 At that point it's given as an argument when setting up the workflow (defaulting to true). Then when it's being used in the generic code it's first picked out - looking like boolean flag still: https://github.com/sundbp/friend/blob/master/src/cemerick/friend.clj#L145 but then all of a sudden assumed to be a string containing the url to redirect to: https://github.com/sundbp/friend/blob/master/src/cemerick/friend.clj#L149 Given that, for the interactive-form workflow, it can only be set at the time of creating the workflow, it seems impossible to actually achieve the flow where friend remembers which page under authentication that user tried to access, then do auth, and finally return user to the originally requested page in a dynamic fashion. Since given at workflow creation time it can't dynamically reflect things properly I'd have assumed. I'd have expected it to not be an argument at workflow creation time, but the originally requested url being dynamically kept track of at the point friend realizes it needs to redirect the user to do authentication, then that url being used on L149 up there when the workflow sets redirect-on-auth? to true. Am I misunderstanding the flow or is there a mixup here? The tests only tests for boolean state, not as a string url. You're misunderstanding. If ::redirect-on-auth? is any truthy value (which includes strings), then `redirect-new-auth` will either: (a) send a redirect to the ::unauthorized-uri as captured in the session, which is only ever set if the user previously requested a resource for which they were not authorized (see https://github.com/cemerick/friend/blob/master/src/cemerick/friend.clj#L200), or (b) redirect to the value of ::redirect-on-auth? if it is a string, or (c) redirect to the :default-landing-url specified in the configuration provided to `authenticate`. You're right that (b) will never be the case for the interactive-form workflow, fundamentally because `cemerick.friend.workflows/make-auth` merges the `auth-meta` defaults in last, rather than first. That's a valid point of enhancement; ticket/patch welcome. :-) Note that ::redirect-on-auth? _is_ poorly named: it was originally expected to only be a boolean, thus the '?'. Its name will need to change in the future to reflect its actual role. Ok - I think that's actually what my understanding was :) It just seemed that in the existing workflows if it is stringy (assume make-auth patched although I didn't quite get that yet) it is a fixed string rather than a dynamic value of the url user tried to access. I.e. I can give /foo as redirect-on-auth? when setting up the interactive-form workflow, but that's then a fixed url to redirecct to. To redirect to whatever page the user tried to access I'd have thought we need store it away from the original request before we go into the auth process, to later redirect back to it once successfully authenticated. Reading the code again I now get it. The redirection I was looking for is there. ::unauthorized-uri is the uri I was looking for, misinterpreted the name to mean something else and overlooked it. I see how it fits together now. Will try to get to making the changes that came up in this discussion sometime this week. Thanks -- You received this message because you are subscribed to the Google Groups Clojure group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en
Re: Some Friend documentation and regarding documentation in general
I've looked at this for a bit now. It seems there are some slight inconsistencies in how the redirect info is used: Where the redirect-on-autth? is being set up for the interactive-form workflow it looks to me to be assumed to be a boolean flag. https://github.com/sundbp/friend/blob/master/src/cemerick/friend/workflows.clj#L79 At that point it's given as an argument when setting up the workflow (defaulting to true). Then when it's being used in the generic code it's first picked out - looking like boolean flag still: https://github.com/sundbp/friend/blob/master/src/cemerick/friend.clj#L145 but then all of a sudden assumed to be a string containing the url to redirect to: https://github.com/sundbp/friend/blob/master/src/cemerick/friend.clj#L149 Given that, for the interactive-form workflow, it can only be set at the time of creating the workflow, it seems impossible to actually achieve the flow where friend remembers which page under authentication that user tried to access, then do auth, and finally return user to the originally requested page in a dynamic fashion. Since given at workflow creation time it can't dynamically reflect things properly I'd have assumed. I'd have expected it to not be an argument at workflow creation time, but the originally requested url being dynamically kept track of at the point friend realizes it needs to redirect the user to do authentication, then that url being used on L149 up there when the workflow sets redirect-on-auth? to true. Am I misunderstanding the flow or is there a mixup here? The tests only tests for boolean state, not as a string url. On Thursday, October 25, 2012 2:54:49 PM UTC+1, Patrik Sundberg wrote: On Thursday, October 25, 2012 1:59:36 PM UTC+1, Chas Emerick wrote: On Oct 25, 2012, at 8:04 AM, Patrik Sundberg wrote: I've digested openid and using it with google, should have a working example to share when I have a time to put it together over weekend. I've got another common useage pattern I'd like to ask about: How do we accomplish automatic redirect to the correct page? Let's say user accesses /secret, isn't authenticated and gets redirected to /login by friend. once authenticated, how do we ensure we get redirected back to /secret? I think that's a bug in the OpenID workflow. Friend will do this redirection automatically if the workflow enables it: https://github.com/cemerick/friend/blob/master/src/cemerick/friend/workflows.clj#L79 There are a couple of testcases in the project that verify this; unfortunately, the OpenID workflow doesn't yet accept the same configuration option as the interactive form workflow. Please file an issue, and, if you are so bold, a patch. :-) Got it, adding it to my weekend list. Thanks! -- You received this message because you are subscribed to the Google Groups Clojure group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en
Re: Some Friend documentation and regarding documentation in general
On Oct 28, 2012, at 2:57 PM, Patrik Sundberg wrote: I've looked at this for a bit now. It seems there are some slight inconsistencies in how the redirect info is used: Where the redirect-on-autth? is being set up for the interactive-form workflow it looks to me to be assumed to be a boolean flag. https://github.com/sundbp/friend/blob/master/src/cemerick/friend/workflows.clj#L79 At that point it's given as an argument when setting up the workflow (defaulting to true). Then when it's being used in the generic code it's first picked out - looking like boolean flag still: https://github.com/sundbp/friend/blob/master/src/cemerick/friend.clj#L145 but then all of a sudden assumed to be a string containing the url to redirect to: https://github.com/sundbp/friend/blob/master/src/cemerick/friend.clj#L149 Given that, for the interactive-form workflow, it can only be set at the time of creating the workflow, it seems impossible to actually achieve the flow where friend remembers which page under authentication that user tried to access, then do auth, and finally return user to the originally requested page in a dynamic fashion. Since given at workflow creation time it can't dynamically reflect things properly I'd have assumed. I'd have expected it to not be an argument at workflow creation time, but the originally requested url being dynamically kept track of at the point friend realizes it needs to redirect the user to do authentication, then that url being used on L149 up there when the workflow sets redirect-on-auth? to true. Am I misunderstanding the flow or is there a mixup here? The tests only tests for boolean state, not as a string url. You're misunderstanding. If ::redirect-on-auth? is any truthy value (which includes strings), then `redirect-new-auth` will either: (a) send a redirect to the ::unauthorized-uri as captured in the session, which is only ever set if the user previously requested a resource for which they were not authorized (see https://github.com/cemerick/friend/blob/master/src/cemerick/friend.clj#L200), or (b) redirect to the value of ::redirect-on-auth? if it is a string, or (c) redirect to the :default-landing-url specified in the configuration provided to `authenticate`. You're right that (b) will never be the case for the interactive-form workflow, fundamentally because `cemerick.friend.workflows/make-auth` merges the `auth-meta` defaults in last, rather than first. That's a valid point of enhancement; ticket/patch welcome. :-) Note that ::redirect-on-auth? _is_ poorly named: it was originally expected to only be a boolean, thus the '?'. Its name will need to change in the future to reflect its actual role. - Chas -- You received this message because you are subscribed to the Google Groups Clojure group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en
Re: Some Friend documentation and regarding documentation in general
On Sunday, October 28, 2012 8:14:41 PM UTC, Chas Emerick wrote: On Oct 28, 2012, at 2:57 PM, Patrik Sundberg wrote: I've looked at this for a bit now. It seems there are some slight inconsistencies in how the redirect info is used: Where the redirect-on-autth? is being set up for the interactive-form workflow it looks to me to be assumed to be a boolean flag. https://github.com/sundbp/friend/blob/master/src/cemerick/friend/workflows.clj#L79 At that point it's given as an argument when setting up the workflow (defaulting to true). Then when it's being used in the generic code it's first picked out - looking like boolean flag still: https://github.com/sundbp/friend/blob/master/src/cemerick/friend.clj#L145 but then all of a sudden assumed to be a string containing the url to redirect to: https://github.com/sundbp/friend/blob/master/src/cemerick/friend.clj#L149 Given that, for the interactive-form workflow, it can only be set at the time of creating the workflow, it seems impossible to actually achieve the flow where friend remembers which page under authentication that user tried to access, then do auth, and finally return user to the originally requested page in a dynamic fashion. Since given at workflow creation time it can't dynamically reflect things properly I'd have assumed. I'd have expected it to not be an argument at workflow creation time, but the originally requested url being dynamically kept track of at the point friend realizes it needs to redirect the user to do authentication, then that url being used on L149 up there when the workflow sets redirect-on-auth? to true. Am I misunderstanding the flow or is there a mixup here? The tests only tests for boolean state, not as a string url. You're misunderstanding. If ::redirect-on-auth? is any truthy value (which includes strings), then `redirect-new-auth` will either: (a) send a redirect to the ::unauthorized-uri as captured in the session, which is only ever set if the user previously requested a resource for which they were not authorized (see https://github.com/cemerick/friend/blob/master/src/cemerick/friend.clj#L200), or (b) redirect to the value of ::redirect-on-auth? if it is a string, or (c) redirect to the :default-landing-url specified in the configuration provided to `authenticate`. You're right that (b) will never be the case for the interactive-form workflow, fundamentally because `cemerick.friend.workflows/make-auth` merges the `auth-meta` defaults in last, rather than first. That's a valid point of enhancement; ticket/patch welcome. :-) Note that ::redirect-on-auth? _is_ poorly named: it was originally expected to only be a boolean, thus the '?'. Its name will need to change in the future to reflect its actual role. Ok - I think that's actually what my understanding was :) It just seemed that in the existing workflows if it is stringy (assume make-auth patched although I didn't quite get that yet) it is a fixed string rather than a dynamic value of the url user tried to access. I.e. I can give /foo as redirect-on-auth? when setting up the interactive-form workflow, but that's then a fixed url to redirecct to. To redirect to whatever page the user tried to access I'd have thought we need store it away from the original request before we go into the auth process, to later redirect back to it once successfully authenticated. Patrik -- You received this message because you are subscribed to the Google Groups Clojure group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en
Re: Some Friend documentation and regarding documentation in general
I've digested openid and using it with google, should have a working example to share when I have a time to put it together over weekend. I've got another common useage pattern I'd like to ask about: How do we accomplish automatic redirect to the correct page? Let's say user accesses /secret, isn't authenticated and gets redirected to /login by friend. once authenticated, how do we ensure we get redirected back to /secret? On Wednesday, October 24, 2012 10:12:01 AM UTC+1, Patrik Sundberg wrote: On Wednesday, October 24, 2012 3:10:52 AM UTC+1, David Della Costa wrote: Patrik, Pierre, have you folks checked out the mock app that Chas created in the test directory? It's not going to give you everything you're looking for but make it can help. There is an implementation of the OpenID workflow in there, including a credential-fn example: https://github.com/cemerick/friend/blob/master/test/test_friend/mock_app.clj Been digesting that and reading the OpenID workflow + the openid2java docs to work out what inputs mean what. I'm not quite there yet but starting to have some idea, will experiment today to get auth with Google Account up and running. This may also help, regarding credential functions: https://github.com/cemerick/friend/blob/master/test/test_friend/credentials.clj I also highly recommend looking at the bcrypt-credential-fn in the credentials.clj lib, in the src of the project itself: https://github.com/cemerick/friend/blob/master/src/cemerick/friend/credentials.clj The credentials I grok more easily than the workflow - or more specifically the openid workflow. The form based auth workflow is a lot easier for me to follow, no probs there. That I find the openid workflow more obtuse probably means I don't get OpenID quite yet so will do some standard reading there as well. This is the default credentials function used in the mock app above, so it should help illustrate some of the concepts. I've spent a lot of time poring over the code too, so feel free to ping me with questions too, I may be able to help. IMHO the doc is really lacking and I have to say I was expecting more guidance in the code itself. Yes, it's still hard to wrap your head around the docs. Friend scratches an itch I have, and I think it's going to be rather important if people are trying to web apps quickly in Clojure, so I'm going to keep working on it and see how much I can clean things up and make concepts more clear. And I know Chas is interested in this as well, from his past comments. Any help and pull requests are welcome. ;-) I'm working on some updates to everything I've been working on, I'll post updates to the list shortly (later this week probably, maybe even today). Agreed. Happy to contribute a working google acc openid auth once I get there. Patrik DD 2012/10/24 Pierre R p.rade...@gmail.com: Thanks David for the extra doc. I have had a try with OpenID. Everything works kind of expected. I had a question about 302 redirection prior to authentication that I posted on github. Another question is how to link the concept of roles with the openid credentials. IMHO the doc is really lacking and I have to say I was expecting more guidance in the code itself. I guess a lot of stuff obvious to an experienced clojure developers are still dark magic to me. In particular it is rather difficult to understand how to write a crendential-fn and this link won't help you ;-) https://github.com/cemerick/friend/blob/master/docs/credentials.md For OpenId I have blindly used the identity function without much understanding ... I am using Friend to scratch a little auth server. Not sure it is the best fit for that purpose. I will see. I hope Friend is going to be reviewed by an extended community of people much more qualified than myself to talk about such matter. Still docs could be improved and I believe helps could come from pull requests to suggest the addition of code comments there and there. If I dig far enough in the code, I would be pleased to help. Thanks for the hard work. Cheers, Le mardi 23 octobre 2012 17:50:25 UTC+2, Patrik Sundberg a écrit : These are great tutorials. Thanks for publishing. Right now I'm looking for something similar using the OpenID workflow. I see it's there but how I use to for example create a sign in with google setup is less clear to me. Has anyone got a good OpenID example out there somewhere? On Saturday, October 6, 2012 4:50:05 PM UTC+1, David Della Costa wrote: Hi folks, I've been pretty slack in communicating via the mailing list, but I realized today that there is a lot of important dialogue going on here so I have to make more of an effort to take part--I want to be a part of this community!
Re: Some Friend documentation and regarding documentation in general
On Oct 25, 2012, at 8:04 AM, Patrik Sundberg wrote: I've digested openid and using it with google, should have a working example to share when I have a time to put it together over weekend. I've got another common useage pattern I'd like to ask about: How do we accomplish automatic redirect to the correct page? Let's say user accesses /secret, isn't authenticated and gets redirected to /login by friend. once authenticated, how do we ensure we get redirected back to /secret? I think that's a bug in the OpenID workflow. Friend will do this redirection automatically if the workflow enables it: https://github.com/cemerick/friend/blob/master/src/cemerick/friend/workflows.clj#L79 There are a couple of testcases in the project that verify this; unfortunately, the OpenID workflow doesn't yet accept the same configuration option as the interactive form workflow. Please file an issue, and, if you are so bold, a patch. :-) Thanks, - Chas -- You received this message because you are subscribed to the Google Groups Clojure group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en
Re: Some Friend documentation and regarding documentation in general
On Thursday, October 25, 2012 1:59:36 PM UTC+1, Chas Emerick wrote: On Oct 25, 2012, at 8:04 AM, Patrik Sundberg wrote: I've digested openid and using it with google, should have a working example to share when I have a time to put it together over weekend. I've got another common useage pattern I'd like to ask about: How do we accomplish automatic redirect to the correct page? Let's say user accesses /secret, isn't authenticated and gets redirected to /login by friend. once authenticated, how do we ensure we get redirected back to /secret? I think that's a bug in the OpenID workflow. Friend will do this redirection automatically if the workflow enables it: https://github.com/cemerick/friend/blob/master/src/cemerick/friend/workflows.clj#L79 There are a couple of testcases in the project that verify this; unfortunately, the OpenID workflow doesn't yet accept the same configuration option as the interactive form workflow. Please file an issue, and, if you are so bold, a patch. :-) Got it, adding it to my weekend list. Thanks! -- You received this message because you are subscribed to the Google Groups Clojure group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en
Re: Some Friend documentation and regarding documentation in general
On Wednesday, October 24, 2012 3:10:52 AM UTC+1, David Della Costa wrote: Patrik, Pierre, have you folks checked out the mock app that Chas created in the test directory? It's not going to give you everything you're looking for but make it can help. There is an implementation of the OpenID workflow in there, including a credential-fn example: https://github.com/cemerick/friend/blob/master/test/test_friend/mock_app.clj Been digesting that and reading the OpenID workflow + the openid2java docs to work out what inputs mean what. I'm not quite there yet but starting to have some idea, will experiment today to get auth with Google Account up and running. This may also help, regarding credential functions: https://github.com/cemerick/friend/blob/master/test/test_friend/credentials.clj I also highly recommend looking at the bcrypt-credential-fn in the credentials.clj lib, in the src of the project itself: https://github.com/cemerick/friend/blob/master/src/cemerick/friend/credentials.clj The credentials I grok more easily than the workflow - or more specifically the openid workflow. The form based auth workflow is a lot easier for me to follow, no probs there. That I find the openid workflow more obtuse probably means I don't get OpenID quite yet so will do some standard reading there as well. This is the default credentials function used in the mock app above, so it should help illustrate some of the concepts. I've spent a lot of time poring over the code too, so feel free to ping me with questions too, I may be able to help. IMHO the doc is really lacking and I have to say I was expecting more guidance in the code itself. Yes, it's still hard to wrap your head around the docs. Friend scratches an itch I have, and I think it's going to be rather important if people are trying to web apps quickly in Clojure, so I'm going to keep working on it and see how much I can clean things up and make concepts more clear. And I know Chas is interested in this as well, from his past comments. Any help and pull requests are welcome. ;-) I'm working on some updates to everything I've been working on, I'll post updates to the list shortly (later this week probably, maybe even today). Agreed. Happy to contribute a working google acc openid auth once I get there. Patrik DD 2012/10/24 Pierre R p.rade...@gmail.com javascript:: Thanks David for the extra doc. I have had a try with OpenID. Everything works kind of expected. I had a question about 302 redirection prior to authentication that I posted on github. Another question is how to link the concept of roles with the openid credentials. IMHO the doc is really lacking and I have to say I was expecting more guidance in the code itself. I guess a lot of stuff obvious to an experienced clojure developers are still dark magic to me. In particular it is rather difficult to understand how to write a crendential-fn and this link won't help you ;-) https://github.com/cemerick/friend/blob/master/docs/credentials.md For OpenId I have blindly used the identity function without much understanding ... I am using Friend to scratch a little auth server. Not sure it is the best fit for that purpose. I will see. I hope Friend is going to be reviewed by an extended community of people much more qualified than myself to talk about such matter. Still docs could be improved and I believe helps could come from pull requests to suggest the addition of code comments there and there. If I dig far enough in the code, I would be pleased to help. Thanks for the hard work. Cheers, Le mardi 23 octobre 2012 17:50:25 UTC+2, Patrik Sundberg a écrit : These are great tutorials. Thanks for publishing. Right now I'm looking for something similar using the OpenID workflow. I see it's there but how I use to for example create a sign in with google setup is less clear to me. Has anyone got a good OpenID example out there somewhere? On Saturday, October 6, 2012 4:50:05 PM UTC+1, David Della Costa wrote: Hi folks, I've been pretty slack in communicating via the mailing list, but I realized today that there is a lot of important dialogue going on here so I have to make more of an effort to take part--I want to be a part of this community! In any case, I've been using Friend a lot lately, since I come from Ruby-on-Rails-land, and it addresses a lot of the pain points that Devise does for me. But (as has been mentioned in other threads quite recently), documentation is definitely the Clojure community's week point: it's inconsistent, formatted inconsistently (Ring and Compojure, for example, are wonderful exceptions), and updated erratically. When it's good, it's great; but when it's not, it puts me off from using a
Re: Some Friend documentation and regarding documentation in general
These are great tutorials. Thanks for publishing. Right now I'm looking for something similar using the OpenID workflow. I see it's there but how I use to for example create a sign in with google setup is less clear to me. Has anyone got a good OpenID example out there somewhere? On Saturday, October 6, 2012 4:50:05 PM UTC+1, David Della Costa wrote: Hi folks, I've been pretty slack in communicating via the mailing list, but I realized today that there is a lot of important dialogue going on here so I have to make more of an effort to take part--I want to be a part of this community! In any case, I've been using Friend a lot lately, since I come from Ruby-on-Rails-land, and it addresses a lot of the pain points that Devise does for me. But (as has been mentioned in other threads quite recently), documentation is definitely the Clojure community's week point: it's inconsistent, formatted inconsistently (Ring and Compojure, for example, are wonderful exceptions), and updated erratically. When it's good, it's great; but when it's not, it puts me off from using a library. For example, I stayed away from Enlive for months before I realized what a useful library it is--so I re-wrote the README to suit my tastes (https://github.com/ddellacosta/enlive). I think Chas Emerick writes much better docs than much of what accompanies most Clojure libraries, but he's quite an advanced Clojure developer, and he's moving very fast--so as a newbie, I had difficulty even with his relatively good docs for Friend. And I suspect you'll be getting more and more folks from the web development world in the next few years like me. So it will be good to have things from the perspective of someone not just trying to grok the libraries that exist, but also trying to understand how Clojure works, and how the eco-system fits together. I've written some material on how to use Friend, including some OAuth2 resources. I'd appreciate any feedback you can give, I'm pretty new to Clojure (and Lisp in general). In any case: https://github.com/ddellacosta/friend-interactive-form-tutorial https://github.com/ddellacosta/friend-oauth2-examples https://github.com/ddellacosta/friend-oauth2 I have a bunch of other Clojure-related stuff on my github account too, feedback is most welcome! Cheers, DD -- You received this message because you are subscribed to the Google Groups Clojure group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en
Re: Some Friend documentation and regarding documentation in general
Thanks David for the extra doc. I have had a try with OpenID. Everything works kind of expected. I had a question about 302 redirection prior to authentication that I posted on github. Another question is how to link the concept of roles with the openid credentials. IMHO the doc is really lacking and I have to say I was expecting more guidance in the code itself. I guess a lot of stuff obvious to an experienced clojure developers are still dark magic to me. In particular it is rather difficult to understand how to write a crendential-fn and this link won't help you ;-) https://github.com/cemerick/friend/blob/master/docs/credentials.md For OpenId I have blindly used the identity function without much understanding ... I am using Friend to scratch a little auth server. Not sure it is the best fit for that purpose. I will see. I hope Friend is going to be reviewed by an extended community of people much more qualified than myself to talk about such matter. Still docs could be improved and I believe helps could come from pull requests to suggest the addition of code comments there and there. If I dig far enough in the code, I would be pleased to help. Thanks for the hard work. Cheers, Le mardi 23 octobre 2012 17:50:25 UTC+2, Patrik Sundberg a écrit : These are great tutorials. Thanks for publishing. Right now I'm looking for something similar using the OpenID workflow. I see it's there but how I use to for example create a sign in with google setup is less clear to me. Has anyone got a good OpenID example out there somewhere? On Saturday, October 6, 2012 4:50:05 PM UTC+1, David Della Costa wrote: Hi folks, I've been pretty slack in communicating via the mailing list, but I realized today that there is a lot of important dialogue going on here so I have to make more of an effort to take part--I want to be a part of this community! In any case, I've been using Friend a lot lately, since I come from Ruby-on-Rails-land, and it addresses a lot of the pain points that Devise does for me. But (as has been mentioned in other threads quite recently), documentation is definitely the Clojure community's week point: it's inconsistent, formatted inconsistently (Ring and Compojure, for example, are wonderful exceptions), and updated erratically. When it's good, it's great; but when it's not, it puts me off from using a library. For example, I stayed away from Enlive for months before I realized what a useful library it is--so I re-wrote the README to suit my tastes (https://github.com/ddellacosta/enlive). I think Chas Emerick writes much better docs than much of what accompanies most Clojure libraries, but he's quite an advanced Clojure developer, and he's moving very fast--so as a newbie, I had difficulty even with his relatively good docs for Friend. And I suspect you'll be getting more and more folks from the web development world in the next few years like me. So it will be good to have things from the perspective of someone not just trying to grok the libraries that exist, but also trying to understand how Clojure works, and how the eco-system fits together. I've written some material on how to use Friend, including some OAuth2 resources. I'd appreciate any feedback you can give, I'm pretty new to Clojure (and Lisp in general). In any case: https://github.com/ddellacosta/friend-interactive-form-tutorial https://github.com/ddellacosta/friend-oauth2-examples https://github.com/ddellacosta/friend-oauth2 I have a bunch of other Clojure-related stuff on my github account too, feedback is most welcome! Cheers, DD -- You received this message because you are subscribed to the Google Groups Clojure group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en
Re: Some Friend documentation and regarding documentation in general
Patrik, Pierre, have you folks checked out the mock app that Chas created in the test directory? It's not going to give you everything you're looking for but make it can help. There is an implementation of the OpenID workflow in there, including a credential-fn example: https://github.com/cemerick/friend/blob/master/test/test_friend/mock_app.clj This may also help, regarding credential functions: https://github.com/cemerick/friend/blob/master/test/test_friend/credentials.clj I also highly recommend looking at the bcrypt-credential-fn in the credentials.clj lib, in the src of the project itself: https://github.com/cemerick/friend/blob/master/src/cemerick/friend/credentials.clj This is the default credentials function used in the mock app above, so it should help illustrate some of the concepts. I've spent a lot of time poring over the code too, so feel free to ping me with questions too, I may be able to help. IMHO the doc is really lacking and I have to say I was expecting more guidance in the code itself. Yes, it's still hard to wrap your head around the docs. Friend scratches an itch I have, and I think it's going to be rather important if people are trying to web apps quickly in Clojure, so I'm going to keep working on it and see how much I can clean things up and make concepts more clear. And I know Chas is interested in this as well, from his past comments. Any help and pull requests are welcome. ;-) I'm working on some updates to everything I've been working on, I'll post updates to the list shortly (later this week probably, maybe even today). DD 2012/10/24 Pierre R p.radermec...@gmail.com: Thanks David for the extra doc. I have had a try with OpenID. Everything works kind of expected. I had a question about 302 redirection prior to authentication that I posted on github. Another question is how to link the concept of roles with the openid credentials. IMHO the doc is really lacking and I have to say I was expecting more guidance in the code itself. I guess a lot of stuff obvious to an experienced clojure developers are still dark magic to me. In particular it is rather difficult to understand how to write a crendential-fn and this link won't help you ;-) https://github.com/cemerick/friend/blob/master/docs/credentials.md For OpenId I have blindly used the identity function without much understanding ... I am using Friend to scratch a little auth server. Not sure it is the best fit for that purpose. I will see. I hope Friend is going to be reviewed by an extended community of people much more qualified than myself to talk about such matter. Still docs could be improved and I believe helps could come from pull requests to suggest the addition of code comments there and there. If I dig far enough in the code, I would be pleased to help. Thanks for the hard work. Cheers, Le mardi 23 octobre 2012 17:50:25 UTC+2, Patrik Sundberg a écrit : These are great tutorials. Thanks for publishing. Right now I'm looking for something similar using the OpenID workflow. I see it's there but how I use to for example create a sign in with google setup is less clear to me. Has anyone got a good OpenID example out there somewhere? On Saturday, October 6, 2012 4:50:05 PM UTC+1, David Della Costa wrote: Hi folks, I've been pretty slack in communicating via the mailing list, but I realized today that there is a lot of important dialogue going on here so I have to make more of an effort to take part--I want to be a part of this community! In any case, I've been using Friend a lot lately, since I come from Ruby-on-Rails-land, and it addresses a lot of the pain points that Devise does for me. But (as has been mentioned in other threads quite recently), documentation is definitely the Clojure community's week point: it's inconsistent, formatted inconsistently (Ring and Compojure, for example, are wonderful exceptions), and updated erratically. When it's good, it's great; but when it's not, it puts me off from using a library. For example, I stayed away from Enlive for months before I realized what a useful library it is--so I re-wrote the README to suit my tastes (https://github.com/ddellacosta/enlive). I think Chas Emerick writes much better docs than much of what accompanies most Clojure libraries, but he's quite an advanced Clojure developer, and he's moving very fast--so as a newbie, I had difficulty even with his relatively good docs for Friend. And I suspect you'll be getting more and more folks from the web development world in the next few years like me. So it will be good to have things from the perspective of someone not just trying to grok the libraries that exist, but also trying to understand how Clojure works, and how the eco-system fits together. I've written some material on how to use Friend, including some OAuth2 resources. I'd appreciate any feedback you can give, I'm pretty new to Clojure (and Lisp in
Re: Some Friend documentation and regarding documentation in general
Hi Chas, Great, I'm glad you think this is a useful contribution, and thanks for the encouraging words! To address some specific points: I know that Friend's docs are particularly dense, especially for anyone that just wants to use the stuff. That's probably due to my using the docs to talk through the library's design more than anything else, in part to help potential workflow authors understand what's going on, Yes, the Friend README is dense, but at the same time it is really helpful to have that volume of information there (especially rather than not at all). What I would like to do is help provide some transitional material from a more basic integration level up to the level of detail you provide in your README. I'm wondering if you are game for changing that into a structure somewhat like how Ring and Compojure are structured--I personally feel like those have a great setup: - Basic high-level information in the main README, with links to - Wiki with detailed examples and rationale, and - API docs So, that's my proposal, and I'm happy to do a pull request re-structuring the README to fit in this pattern (or something else...just one proposal) if you're interested. Also, it's awesome, but damn, that Tolkien quote is long. ;-) in part to provoke people into protesting certain decisions (this is my first swing at writing an authentication/authorization library, which should petrify you... ;-) I have to be honest and say I am not a security guy either; but I have been doing this long enough that I'm not entirely naive about web security (and I really doubt you are from what you've written). It seems like you're starting from a good basis by attempting to emulate some of the other systems you listed--stuff like Warden (which I'm familiar with) and Spring Security (which I have to learn more about). In the end, I think the best thing is to get the software out there as quickly as possible and describe your thought process--exactly as you've done. And once I've implemented more Friend-based apps, I'll have a better idea of suggestions to make to improve both architecture and security--so I'll speak up when I've got more experience with it. I daresay you're getting the jump on me in both directions, which I really appreciate. Great--if you think this is a good direction then I'll keep working on all of this stuff. I think a good next step would be for me to create a Friend organization (of course https://github.com/friend is taken! :-P), Doh. Damnit, there's nothing there, that's annoying. I wonder if we could politely ask them to hand it over and see if whoever is there is open to the possibility... Well, another option is to format it like ring: https://github.com/ring-clojure/ring ...something like friend-clojure perhaps? so that you and others can readily contribute tutorials, example projects, and more that can be gradually cultivated into canonical, easily-approachable code and content. Okay, sounds great! Just let me know, and I'll start adding this stuff to that group. Cheers, DD (12/10/07 6:33), Chas Emerick wrote: Hi Dave, This is a metric ton of awesome; thank you very much for taking the time and effort to put all this together. And, BTW, based on what I've seen so far, I never would have thought you were new to Clojure. :-) cont'd… On Oct 6, 2012, at 11:49 AM, Dave Della Costa wrote: I think Chas Emerick writes much better docs than much of what accompanies most Clojure libraries, but he's quite an advanced Clojure developer, and he's moving very fast--so as a newbie, I had difficulty even with his relatively good docs for Friend. And I suspect you'll be getting more and more folks from the web development world in the next few years like me. So it will be good to have things from the perspective of someone not just trying to grok the libraries that exist, but also trying to understand how Clojure works, and how the eco-system fits together. Noted re: Friend's docs. I've actually fallen behind a bit on my documentation activities this year; both Friend and nREPL are underdocumented at the moment. I know that Friend's docs are particularly dense, especially for anyone that just wants to use the stuff. That's probably due to my using the docs to talk through the library's design more than anything else, in part to help potential workflow authors understand what's going on, in part to provoke people into protesting certain decisions (this is my first swing at writing an authentication/authorization library, which should petrify you... ;-) I've known for some time that I'd like to have a companion project that implements all sorts of common usage scenarios that can be easily pushed up to heroku in order to facilitate experimentation. Pairing those with end-user-focused tutorials would be even better. I daresay you're getting the jump on me in both directions, which I really appreciate. I've written some
Some Friend documentation and regarding documentation in general
Hi folks, I've been pretty slack in communicating via the mailing list, but I realized today that there is a lot of important dialogue going on here so I have to make more of an effort to take part--I want to be a part of this community! In any case, I've been using Friend a lot lately, since I come from Ruby-on-Rails-land, and it addresses a lot of the pain points that Devise does for me. But (as has been mentioned in other threads quite recently), documentation is definitely the Clojure community's week point: it's inconsistent, formatted inconsistently (Ring and Compojure, for example, are wonderful exceptions), and updated erratically. When it's good, it's great; but when it's not, it puts me off from using a library. For example, I stayed away from Enlive for months before I realized what a useful library it is--so I re-wrote the README to suit my tastes (https://github.com/ddellacosta/enlive). I think Chas Emerick writes much better docs than much of what accompanies most Clojure libraries, but he's quite an advanced Clojure developer, and he's moving very fast--so as a newbie, I had difficulty even with his relatively good docs for Friend. And I suspect you'll be getting more and more folks from the web development world in the next few years like me. So it will be good to have things from the perspective of someone not just trying to grok the libraries that exist, but also trying to understand how Clojure works, and how the eco-system fits together. I've written some material on how to use Friend, including some OAuth2 resources. I'd appreciate any feedback you can give, I'm pretty new to Clojure (and Lisp in general). In any case: https://github.com/ddellacosta/friend-interactive-form-tutorial https://github.com/ddellacosta/friend-oauth2-examples https://github.com/ddellacosta/friend-oauth2 I have a bunch of other Clojure-related stuff on my github account too, feedback is most welcome! Cheers, DD -- You received this message because you are subscribed to the Google Groups Clojure group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en
Re: Some Friend documentation and regarding documentation in general
This is fantastic documentation and Michael's feedback is apt and valuable. I think resources like this should be linked-to from the Friend README (or an appropriate documentation site, e.g. CDS) to collect such pointers in one place. Shantanu On Oct 6, 10:02 pm, Michael Klishin michael.s.klis...@gmail.com wrote: 2012/10/6 Dave Della Costa ddellaco...@gmail.com I've written some material on how to use Friend, including some OAuth2 resources. I'd appreciate any feedback you can give, I'm pretty new to Clojure (and Lisp in general). In any case: https://github.com/ddellacosta/friend-interactive-form-tutorial This tutorial is missing the crucial first step: explaining how to add Friend as a dependency with Leiningen (and Maven). Another thing worth adding is a section of what kind of features Friend has: not everybody is coming from the same background and knows what Devise and CanCan are or what they are used for. I haven't done Web development in a while so maybe it's just me but I have no idea what the interactive form workflow is. https://github.com/ddellacosta/friend-oauth2-examples This one is missing the information about what port the example is running on. It's running now, cool, how do I try it out? I have a bunch of other Clojure-related stuff on my github account too, feedback is most welcome! It's great to see someone writing tutorials for projects that are fundamental building blocks (if you choose to build a Web app in Clojure, you probably gonna need Friend or something like Friend fairly quickly). It will take a few rounds to make your tutorial good, don't get discouraged by it. And I really hope it will make it into Friend's documentation in some shape or form. -- MK -- You received this message because you are subscribed to the Google Groups Clojure group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en
Re: Some Friend documentation and regarding documentation in general
Michael, this is great feedback. This tutorial is missing the crucial first step: explaining how to add Friend as a dependency with Leiningen (and Maven). So, part of me had thought that these details would covered by looking through the source of the repo, but on consideration, I think you're right--this is indeed the kind of stuff I was bit by when I started working with Clojure. Point taken; I'll tweak it to make that part clear. features Friend has: not everybody is coming from the same background and knows what Devise and CanCan are or what they are used for. Good point--I'll add some links and/or descriptions, as it seems appropriate. I haven't done Web development in a while so maybe it's just me but I have no idea what the interactive form workflow is. Another good point: this is what it is called in Friend. I'll fix this so it is more clear what I mean by this (or just change the wording). This one is missing the information about what port the example is running on. It's running now, cool, how do I try it out? You should just be able to clone the repo, and start it up, assuming you've got the necessary oauth config for FB or App.net. The source should make it pretty clear, but if anything is unclear, do let me know. Obviously the README is not enough, so if you play with it and have ideas how it can be improved, let me know. And sorry, what do you mean by what port? It will take a few rounds to make your tutorial good, don't get discouraged by it. Not at all! This kind of feedback is exactly what I want. I want to help make these docs as high quality as possible, so they can be a resource for those coming into the community. I have an ulterior motive: the more folks that are using Clojure for building high-quality web apps, the more chance I can get a job doing Clojure stuff fulltime, instead of as a hobby...haha. Anyways, I'll update this stuff as soon as I have time. Thanks again for the feedback, Michael. DD (12/10/07 2:01), Michael Klishin wrote: 2012/10/6 Dave Della Costa ddellaco...@gmail.com mailto:ddellaco...@gmail.com I've written some material on how to use Friend, including some OAuth2 resources. I'd appreciate any feedback you can give, I'm pretty new to Clojure (and Lisp in general). In any case: https://github.com/ddellacosta/friend-interactive-form-tutorial This tutorial is missing the crucial first step: explaining how to add Friend as a dependency with Leiningen (and Maven). Another thing worth adding is a section of what kind of features Friend has: not everybody is coming from the same background and knows what Devise and CanCan are or what they are used for. I haven't done Web development in a while so maybe it's just me but I have no idea what the interactive form workflow is. https://github.com/ddellacosta/friend-oauth2-examples This one is missing the information about what port the example is running on. It's running now, cool, how do I try it out? I have a bunch of other Clojure-related stuff on my github account too, feedback is most welcome! It's great to see someone writing tutorials for projects that are fundamental building blocks (if you choose to build a Web app in Clojure, you probably gonna need Friend or something like Friend fairly quickly). It will take a few rounds to make your tutorial good, don't get discouraged by it. And I really hope it will make it into Friend's documentation in some shape or form. -- MK -- You received this message because you are subscribed to the Google Groups Clojure group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en -- You received this message because you are subscribed to the Google Groups Clojure group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en
Re: Some Friend documentation and regarding documentation in general
Thanks Shantanu! Yeah, I'll ping Chas Emerick to see what he thinks if he doesn't tune in on this thread. (12/10/07 2:25), Shantanu Kumar wrote: This is fantastic documentation and Michael's feedback is apt and valuable. I think resources like this should be linked-to from the Friend README (or an appropriate documentation site, e.g. CDS) to collect such pointers in one place. Shantanu On Oct 6, 10:02 pm, Michael Klishin michael.s.klis...@gmail.com wrote: 2012/10/6 Dave Della Costa ddellaco...@gmail.com I've written some material on how to use Friend, including some OAuth2 resources. I'd appreciate any feedback you can give, I'm pretty new to Clojure (and Lisp in general). In any case: https://github.com/ddellacosta/friend-interactive-form-tutorial This tutorial is missing the crucial first step: explaining how to add Friend as a dependency with Leiningen (and Maven). Another thing worth adding is a section of what kind of features Friend has: not everybody is coming from the same background and knows what Devise and CanCan are or what they are used for. I haven't done Web development in a while so maybe it's just me but I have no idea what the interactive form workflow is. https://github.com/ddellacosta/friend-oauth2-examples This one is missing the information about what port the example is running on. It's running now, cool, how do I try it out? I have a bunch of other Clojure-related stuff on my github account too, feedback is most welcome! It's great to see someone writing tutorials for projects that are fundamental building blocks (if you choose to build a Web app in Clojure, you probably gonna need Friend or something like Friend fairly quickly). It will take a few rounds to make your tutorial good, don't get discouraged by it. And I really hope it will make it into Friend's documentation in some shape or form. -- MK -- You received this message because you are subscribed to the Google Groups Clojure group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en
Re: Some Friend documentation and regarding documentation in general
Ah, right. Again, something I'm making assumptions about that maybe I shouldn't be. I use 'lein ring server-headless' to run the app, and it always shows up on port 3000. I believe this is a part of Compojure, but I have to admit I'm not positive--it shows up in the Compojure docs here (minus the 'headless' bit, which just avoids loading a browser up, something I don't want to be happening every time): https://github.com/weavejester/compojure/wiki/Getting-Started (12/10/07 2:57), Michael Klishin wrote: 2012/10/6 Dave Della Costa ddellaco...@gmail.com mailto:ddellaco...@gmail.com And sorry, what do you mean by what port? Will the example be accessible on http://localhost:4000, :3000 or :8080? -- MK -- You received this message because you are subscribed to the Google Groups Clojure group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en -- You received this message because you are subscribed to the Google Groups Clojure group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en
Re: Some Friend documentation and regarding documentation in general
Sorry Michael, I was mistaken about it being Compojure, this is obviously all lein-ring territory (see in particular, Starting a web server): https://github.com/weavejester/lein-ring (12/10/07 2:57), Michael Klishin wrote: 2012/10/6 Dave Della Costa ddellaco...@gmail.com mailto:ddellaco...@gmail.com And sorry, what do you mean by what port? Will the example be accessible on http://localhost:4000, :3000 or :8080? -- MK -- You received this message because you are subscribed to the Google Groups Clojure group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en -- You received this message because you are subscribed to the Google Groups Clojure group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en
Re: Some Friend documentation and regarding documentation in general
Hi Dave, This is a metric ton of awesome; thank you very much for taking the time and effort to put all this together. And, BTW, based on what I've seen so far, I never would have thought you were new to Clojure. :-) cont'd… On Oct 6, 2012, at 11:49 AM, Dave Della Costa wrote: I think Chas Emerick writes much better docs than much of what accompanies most Clojure libraries, but he's quite an advanced Clojure developer, and he's moving very fast--so as a newbie, I had difficulty even with his relatively good docs for Friend. And I suspect you'll be getting more and more folks from the web development world in the next few years like me. So it will be good to have things from the perspective of someone not just trying to grok the libraries that exist, but also trying to understand how Clojure works, and how the eco-system fits together. Noted re: Friend's docs. I've actually fallen behind a bit on my documentation activities this year; both Friend and nREPL are underdocumented at the moment. I know that Friend's docs are particularly dense, especially for anyone that just wants to use the stuff. That's probably due to my using the docs to talk through the library's design more than anything else, in part to help potential workflow authors understand what's going on, in part to provoke people into protesting certain decisions (this is my first swing at writing an authentication/authorization library, which should petrify you... ;-) I've known for some time that I'd like to have a companion project that implements all sorts of common usage scenarios that can be easily pushed up to heroku in order to facilitate experimentation. Pairing those with end-user-focused tutorials would be even better. I daresay you're getting the jump on me in both directions, which I really appreciate. I've written some material on how to use Friend, including some OAuth2 resources. I'd appreciate any feedback you can give, I'm pretty new to Clojure (and Lisp in general). In any case: https://github.com/ddellacosta/friend-interactive-form-tutorial https://github.com/ddellacosta/friend-oauth2-examples https://github.com/ddellacosta/friend-oauth2 I am personally very interested in friend-oauth2, for obvious reasons. (Onlookers can watch https://github.com/cemerick/friend/issues/23 for activity between it and Friend itself.) I haven't worked through the tutorial, but I did find it really well-written and a phenomenal start. I think a good next step would be for me to create a Friend organization (of course https://github.com/friend is taken! :-P), so that you and others can readily contribute tutorials, example projects, and more that can be gradually cultivated into canonical, easily-approachable code and content. Talk later… Thanks again, - Chas -- You received this message because you are subscribed to the Google Groups Clojure group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en
