{"id":23626351,"url":"https://github.com/yetanalytics/pedestal-oidc","last_synced_at":"2025-06-22T07:04:33.215Z","repository":{"id":39856275,"uuid":"446854350","full_name":"yetanalytics/pedestal-oidc","owner":"yetanalytics","description":"OAuth 2.0 and OIDC Facilities for Pedestal web applications","archived":false,"fork":false,"pushed_at":"2024-01-24T18:58:39.000Z","size":134,"stargazers_count":10,"open_issues_count":0,"forks_count":1,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-06-08T23:35:48.029Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Clojure","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/yetanalytics.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-01-11T14:28:18.000Z","updated_at":"2024-11-17T13:42:53.000Z","dependencies_parsed_at":"2024-12-27T22:56:34.865Z","dependency_job_id":"96769fd5-2467-49a6-80db-65252d036a94","html_url":"https://github.com/yetanalytics/pedestal-oidc","commit_stats":{"total_commits":96,"total_committers":3,"mean_commits":32.0,"dds":0.04166666666666663,"last_synced_commit":"409356d67a9116fd5077f55ba3e79a7d8894fc78"},"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"purl":"pkg:github/yetanalytics/pedestal-oidc","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yetanalytics%2Fpedestal-oidc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yetanalytics%2Fpedestal-oidc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yetanalytics%2Fpedestal-oidc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yetanalytics%2Fpedestal-oidc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yetanalytics","download_url":"https://codeload.github.com/yetanalytics/pedestal-oidc/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yetanalytics%2Fpedestal-oidc/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261250272,"owners_count":23130540,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-27T22:53:04.355Z","updated_at":"2025-06-22T07:04:28.200Z","avatar_url":"https://github.com/yetanalytics.png","language":"Clojure","funding_links":[],"categories":[],"sub_categories":[],"readme":"# pedestal-oidc\n\n[![CI](https://github.com/yetanalytics/pedestal-oidc/actions/workflows/ci.yml/badge.svg)](https://github.com/yetanalytics/pedestal-oidc/actions/workflows/ci.yml)\n\n[![Clojars Version](https://img.shields.io/clojars/v/com.yetanalytics/pedestal-oidc)](https://clojars.org/com.yetanalytics/pedestal-oidc)\n\nThis lib provides a [pedestal](https://github.com/pedestal/pedestal) interceptor for decoding [OIDC](https://openid.net/connect/) tokens, utilities for retrieving and unsigning (inspired by [clj-jwt](https://gitlab.nsd.no/clojure/clj-jwt)) and for performing simple OIDC discovery.\n\n## Usage\n\nSee [the demo](src/dev/com/yetanalytics/pedestal_oidc/service.clj) for a simple example of usage.\n\n### Interceptor\n\nGive `com.yetanalytics.pedestal-oidc.interceptor/decode-interceptor` a \"get-keyset\" function that returns either:\n\n* a map of JWKS key IDs to the keys themselves.\n* a function that takes such an ID and (maybe) returns a key. This may be useful if you need to maintain a cache.\n\nUse the resulting interceptor in a pedestal route. Decoded claims will be placed on the request at `:com.yetanalytics.pedestal-oidc/claims`.\n\n#### Failures\n\nBy default the `decode-interceptor` will respond to any failure with a 401. You can customize this behavior by providing a `:unauthorized` keyword arg which is a function that will recieve the pedestal context, a failure keyword and possibly an exception. The possible failure keywords are:\n\n* `:header-missing` - The `Authorization` header (or whatever is provided for `check-header`) is not present. No exception.\n* `:header-invalid` - The header does not start with `Bearer `. No exception.\n* `:kid-not-found` - The indicated public key is not found by ID. An exception is passed with ex-data containing the `:kid`\n* `:validation` - The token failed unsigning with `buddy-sign`. The provided exception contains the `:cause` in its ex-data.\n* `:keyset-invalid` - The keyset function failed to return a map or function.\n* `:keyset-error` - (sync only) the keyset function threw an unhandled error.\n* `:unknown` - An unknown exception was thrown. See the provided exception for more info.\n\nThe default `:unauthorized` function will add the failure keyword to the context as `:com.yetanalytics.pedestal-oidc/failure`. By default exceptions will not be retained.\n\n### Getting Keysets\n\n`com.yetanalytics.pedestal-oidc.jwt/get-keyset` will attempt to fetch a valid keyset from the given `jwks-uri`. How this is stored/cached is up to the lib consumer.\n\n### Discovery Utils\n\n`com.yetanalytics.pedestal-oidc.discovery` provides facilities for pulling config metadata (like the `jwks_uri`) from the IDP per [the spec](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig).\n\n## Development\n\nTo run a demo instance of keycloak:\n\n    make keycloak-demo\n\nThis will host a JWKS uri of http://0.0.0.0:8080/auth/realms/test/protocol/openid-connect/certs with the realm's public keyset.\n\nYou can then run the demo API:\n\n    make run-dev\n\n## Testing\n\nRun the test suite:\n\n    make test\n\n## License\n\nCopyright © 2022 Yet Analytics Inc.\n\nDistributed under the Apache License version 2.0.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyetanalytics%2Fpedestal-oidc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyetanalytics%2Fpedestal-oidc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyetanalytics%2Fpedestal-oidc/lists"}