mbuczko / cerber-oauth2-provider Goto Github PK
View Code? Open in Web Editor NEWClojure implementation of RFC 6749 OAuth 2.0 authorization framework (OAuth2 provider)
License: Apache License 2.0
Clojure implementation of RFC 6749 OAuth 2.0 authorization framework (OAuth2 provider)
License: Apache License 2.0
It occurs java.lang.Exception: Exception in :insert-token.......Caused by: java.sql.BatchUpdateException: Incorrect string value: '\xAC\xED\x00\x05sr...' for column 'scope' at row 1
error when I request token using MySQL database.
Scope
is a set, maybe a set can't be stored in MySQL database.
I have a solution, I will make a pull request to you for this issue.
Cerber keeps its stores inside atoms. This has some advantages, but makes testing and mocking more difficult as there is only one global store that all tests + the development system reference. As a newcomer to the library, it is also more difficult to work out where side-effects are happening, as the store dependencies aren't explicit. We'd be interested in refactoring cerber to make it less stateful and to inject the stores throughout the library.
I haven't done too much investigation on how difficult this would be to do without breaking backwards compatibility. Before we go any further, I wanted to know what your thoughts are on this idea, and how backwards compatible you'd like to be?
This is the config in project.clj
:
:dependencies [[clj-time "0.14.0"] [compojure "1.6.0"] [conman "0.7.1"] [cprop "0.1.11"] [funcool/struct "1.1.0"] [luminus-immutant "0.2.4"] [luminus-migrations "0.4.2"] [luminus-nrepl "0.1.4"] [luminus/ring-ttl-session "0.3.2"] [markdown-clj "1.0.1"] [metosin/muuntaja "0.3.2"] [metosin/ring-http-response "0.9.0"] [mount "0.1.11"] [mysql/mysql-connector-java "6.0.5"] [org.clojure/clojure "1.8.0"] [org.clojure/tools.cli "0.3.5"] [org.clojure/tools.logging "0.4.0"] [org.webjars.bower/tether "1.4.0"] [org.webjars/bootstrap "4.0.0-alpha.5"] [org.webjars/font-awesome "4.7.0"] [org.webjars/jquery "3.2.1"] [ring-webjars "0.2.0"] [ring/ring-core "1.6.3"] [ring/ring-defaults "0.3.1"] [selmer "1.11.2"] [cerber/cerber-oauth2-provider "0.1.10"]]
This is my cerber-local.edn
and cerber.edn
file:
{ :authcodes {:store :sql :valid-for 180} :sessions {:store :sql :valid-for 180} :tokens {:store :sql :valid-for 180} :users {:store :sql :defined []} :clients {:store :sql :defined []} :scopes #{} :landing-url "/" :realm "Hanshulian" :endpoints {:authentication "/login" :client-approve "/approve" :client-refuse "/refuse"} ;:redis-spec {:spec {:host "localhost" :port 6379}} :jdbc-pool {:init-size 1 :min-idle 1 :max-idle 4 :max-active 32 :driver-class "com.mysql.cj.jdbc.Driver" :jdbc-url "jdbc:mysql://localhost:3306/test?useUnicode=true&characterEncoding=UTF-8&user=user1&password=password123'"} }
When I run command lein run
and get the message in below.
2017-11-06 13:56:53,008 [main] DEBUG org.jboss.logging - Logging Provider: org.jboss.logging.Slf4jLoggerProvider Loading local environment... 2017-11-06 13:56:55,122 [main] ERROR com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Exception during pool initialization. java.sql.SQLException: Access denied for user 'user1'@'localhost' (using password: YES) at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:545) ~[mysql-connector-java-6.0.5.jar:6.0.5] at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:513) ~[mysql-connector-java-6.0.5.jar:6.0.5] at com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException(SQLExceptionsMapping.java:115) ~[mysql-connector-java-6.0.5.jar:6.0.5] at com.mysql.cj.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:1606) ~[mysql-connector-java-6.0.5.jar:6.0.5] at com.mysql.cj.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:633) ~[mysql-connector-java-6.0.5.jar:6.0.5] at com.mysql.cj.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:347) ~[mysql-connector-java-6.0.5.jar:6.0.5] at com.mysql.cj.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:219) ~[mysql-connector-java-6.0.5.jar:6.0.5] at com.zaxxer.hikari.util.DriverDataSource.getConnection(DriverDataSource.java:117) ~[HikariCP-2.7.2.jar:na] at com.zaxxer.hikari.pool.PoolBase.newConnection(PoolBase.java:375) ~[HikariCP-2.7.2.jar:na] at com.zaxxer.hikari.pool.PoolBase.newPoolEntry(PoolBase.java:204) ~[HikariCP-2.7.2.jar:na] at com.zaxxer.hikari.pool.HikariPool.createPoolEntry(HikariPool.java:445) [HikariCP-2.7.2.jar:na] at com.zaxxer.hikari.pool.HikariPool.checkFailFast(HikariPool.java:516) [HikariCP-2.7.2.jar:na] at com.zaxxer.hikari.pool.HikariPool.<init>(HikariPool.java:116) [HikariCP-2.7.2.jar:na] at com.zaxxer.hikari.HikariDataSource.<init>(HikariDataSource.java:72) [HikariCP-2.7.2.jar:na] at hikari_cp.core$make_datasource.invokeStatic(core.clj:213) [na:na] at hikari_cp.core$make_datasource.invoke(core.clj:210) [na:na] at conman.core$connect_BANG_.invokeStatic(core.clj:99) [na:na] at conman.core$connect_BANG_.invoke(core.clj:95) [na:na] at cerber.db$init_connection.invokeStatic(db.clj:9) [na:na] at cerber.db$init_connection.invoke(db.clj:6) [na:na] at cerber.db$eval11018$fn__11019.invoke(db.clj:16) [na:na] at mount.core$record_BANG_.invokeStatic(core.cljc:86) [na:na] at mount.core$record_BANG_.invoke(core.cljc:85) [na:na] at mount.core$up$fn__1843.invoke(core.cljc:93) [na:na] at mount.core$up.invokeStatic(core.cljc:92) [na:na] at mount.core$up.invoke(core.cljc:90) [na:na] at mount.core$bring.invokeStatic(core.cljc:210) [na:na] at mount.core$bring.invoke(core.cljc:202) [na:na] at mount.core$start.invokeStatic(core.cljc:252) [na:na] at mount.core$start.doInvoke(core.cljc:244) [na:na] at clojure.lang.RestFn.invoke(RestFn.java:397) [clojure-1.8.0.jar:na] at mount.core$start_with_args.invokeStatic(core.cljc:350) [na:na] at mount.core$start_with_args.doInvoke(core.cljc:346) [na:na] at clojure.lang.RestFn.invoke(RestFn.java:410) [clojure-1.8.0.jar:na] at test1.core$start_app.invokeStatic(core.clj:42) [na:na] at test1.core$start_app.invoke(core.clj:41) [na:na] at test1.core$_main.invokeStatic(core.clj:62) [na:na] at test1.core$_main.doInvoke(core.clj:49) [na:na] at clojure.lang.RestFn.invoke(RestFn.java:397) [clojure-1.8.0.jar:na] at clojure.lang.Var.invoke(Var.java:375) [clojure-1.8.0.jar:na] at user$eval25473.invokeStatic(form-init1285113983297512730.clj:1) [na:na] at user$eval25473.invoke(form-init1285113983297512730.clj:1) [na:na] at clojure.lang.Compiler.eval(Compiler.java:6927) [clojure-1.8.0.jar:na] at clojure.lang.Compiler.eval(Compiler.java:6917) [clojure-1.8.0.jar:na] at clojure.lang.Compiler.load(Compiler.java:7379) [clojure-1.8.0.jar:na] at clojure.lang.Compiler.loadFile(Compiler.java:7317) [clojure-1.8.0.jar:na] at clojure.main$load_script.invokeStatic(main.clj:275) [clojure-1.8.0.jar:na] at clojure.main$init_opt.invokeStatic(main.clj:277) [clojure-1.8.0.jar:na] at clojure.main$init_opt.invoke(main.clj:277) [clojure-1.8.0.jar:na] at clojure.main$initialize.invokeStatic(main.clj:308) [clojure-1.8.0.jar:na] at clojure.main$null_opt.invokeStatic(main.clj:342) [clojure-1.8.0.jar:na] at clojure.main$null_opt.invoke(main.clj:339) [clojure-1.8.0.jar:na] at clojure.main$main.invokeStatic(main.clj:421) [clojure-1.8.0.jar:na] at clojure.main$main.doInvoke(main.clj:384) [clojure-1.8.0.jar:na] at clojure.lang.RestFn.invoke(RestFn.java:421) [clojure-1.8.0.jar:na] at clojure.lang.Var.invoke(Var.java:383) [clojure-1.8.0.jar:na] at clojure.lang.AFn.applyToHelper(AFn.java:156) [clojure-1.8.0.jar:na] at clojure.lang.Var.applyTo(Var.java:700) [clojure-1.8.0.jar:na] at clojure.main.main(main.java:37) [clojure-1.8.0.jar:na] Exception in thread "main" java.lang.RuntimeException: could not start [#'cerber.db/*db*] due to, compiling:(/private/var/folders/w1/7l19l8ks06j57dl052zzvws00000gn/T/form-init1285113983297512730.clj:1:125) at clojure.lang.Compiler.load(Compiler.java:7391) at clojure.lang.Compiler.loadFile(Compiler.java:7317) at clojure.main$load_script.invokeStatic(main.clj:275) at clojure.main$init_opt.invokeStatic(main.clj:277) at clojure.main$init_opt.invoke(main.clj:277) at clojure.main$initialize.invokeStatic(main.clj:308) at clojure.main$null_opt.invokeStatic(main.clj:342) at clojure.main$null_opt.invoke(main.clj:339) at clojure.main$main.invokeStatic(main.clj:421) at clojure.main$main.doInvoke(main.clj:384) at clojure.lang.RestFn.invoke(RestFn.java:421) at clojure.lang.Var.invoke(Var.java:383) at clojure.lang.AFn.applyToHelper(AFn.java:156) at clojure.lang.Var.applyTo(Var.java:700) at clojure.main.main(main.java:37) Caused by: java.lang.RuntimeException: could not start [#'cerber.db/*db*] due to at mount.core$up$fn__1843.invoke(core.cljc:92) at mount.core$up.invokeStatic(core.cljc:92) at mount.core$up.invoke(core.cljc:90) at mount.core$bring.invokeStatic(core.cljc:210) at mount.core$bring.invoke(core.cljc:202) at mount.core$start.invokeStatic(core.cljc:252) at mount.core$start.doInvoke(core.cljc:244) at clojure.lang.RestFn.invoke(RestFn.java:397) at mount.core$start_with_args.invokeStatic(core.cljc:350) at mount.core$start_with_args.doInvoke(core.cljc:346) at clojure.lang.RestFn.invoke(RestFn.java:410) at test1.core$start_app.invokeStatic(core.clj:42) at test1.core$start_app.invoke(core.clj:41) at test1.core$_main.invokeStatic(core.clj:62) at test1.core$_main.doInvoke(core.clj:49) at clojure.lang.RestFn.invoke(RestFn.java:397) at clojure.lang.Var.invoke(Var.java:375) at user$eval25473.invokeStatic(form-init1285113983297512730.clj:1) at user$eval25473.invoke(form-init1285113983297512730.clj:1) at clojure.lang.Compiler.eval(Compiler.java:6927) at clojure.lang.Compiler.eval(Compiler.java:6917) at clojure.lang.Compiler.load(Compiler.java:7379) ... 14 more Caused by: com.zaxxer.hikari.pool.HikariPool$PoolInitializationException: Failed to initialize pool: Access denied for user 'user1'@'localhost' (using password: YES) at com.zaxxer.hikari.pool.HikariPool.throwPoolInitializationException(HikariPool.java:545) at com.zaxxer.hikari.pool.HikariPool.checkFailFast(HikariPool.java:537) at com.zaxxer.hikari.pool.HikariPool.<init>(HikariPool.java:116) at com.zaxxer.hikari.HikariDataSource.<init>(HikariDataSource.java:72) at hikari_cp.core$make_datasource.invokeStatic(core.clj:213) at hikari_cp.core$make_datasource.invoke(core.clj:210) at conman.core$connect_BANG_.invokeStatic(core.clj:99) at conman.core$connect_BANG_.invoke(core.clj:95) at cerber.db$init_connection.invokeStatic(db.clj:9) at cerber.db$init_connection.invoke(db.clj:6) at cerber.db$eval11018$fn__11019.invoke(db.clj:16) at mount.core$record_BANG_.invokeStatic(core.cljc:86) at mount.core$record_BANG_.invoke(core.cljc:85) at mount.core$up$fn__1843.invoke(core.cljc:93) ... 35 more Caused by: java.sql.SQLException: Access denied for user 'user1'@'localhost' (using password: YES) at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:545) at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:513) at com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException(SQLExceptionsMapping.java:115) at com.mysql.cj.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:1606) at com.mysql.cj.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:633) at com.mysql.cj.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:347) at com.mysql.cj.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:219) at com.zaxxer.hikari.util.DriverDataSource.getConnection(DriverDataSource.java:117) at com.zaxxer.hikari.pool.PoolBase.newConnection(PoolBase.java:375) at com.zaxxer.hikari.pool.PoolBase.newPoolEntry(PoolBase.java:204) at com.zaxxer.hikari.pool.HikariPool.createPoolEntry(HikariPool.java:445) at com.zaxxer.hikari.pool.HikariPool.checkFailFast(HikariPool.java:516) ... 47 more
How can I get the way to correct this issue?
Available scopes should be predefined and validated accordingly.
This is to mark certain clients as trusted ones and omit confirmation step during an oauth dance.
having tokens hashed makes them relatively much more secure in case when database got compromised.
Implement PKCE to prevent public clients using the authorization code grant from authorization
code interception attack.
Sometimes it's much more convenient to have some clients predefined in a declarative way (as a part of cerber configuration). That would also easily allow to set up client's scopes, auto-approval and so on.
It occurs the error in below sometimes.
Cannot cast java.time.LocalDateTime to org.joda.time.ReadablePartial java.lang.ClassCastException: Cannot cast java.time.LocalDateTime to org.joda.time.ReadablePartial at java.lang.Class.cast(Class.java:3369) ~[na:1.8.0_111] at clojure.lang.Reflector.boxArg(Reflector.java:427) ~[clojure-1.8.0.jar:na] at clojure.lang.Reflector.boxArgs(Reflector.java:460) ~[clojure-1.8.0.jar:na] at clojure.lang.Reflector.invokeMatchingMethod(Reflector.java:58) ~[clojure-1.8.0.jar:na] at clojure.lang.Reflector.invokeInstanceMethod(Reflector.java:28) ~[clojure-1.8.0.jar:na] at cerber.helpers$expired_QMARK_.invokeStatic(helpers.clj:51) ~[na:na] at cerber.helpers$expired_QMARK_.invoke(helpers.clj:44) ~[na:na] at cerber.oauth2.context$bearer_valid_QMARK_.invokeStatic(context.clj:69) ~[na:na] at cerber.oauth2.context$bearer_valid_QMARK_.invoke(context.clj:65) ~[na:na] at cerber.handlers$wrap_authorization$fn__24259.invoke(handlers.clj:28) ~[na:na] at cerber.handlers$wrap_errors$fn__24255.invoke(handlers.clj:18) ~[na:na] at ring.middleware.session$wrap_session$fn__24246.invoke(session.clj:108) [na:na] at ring.middleware.format_params$wrap_format_params$fn__8901.invoke(format_params.clj:119) ~[na:na] at ring.middleware.format_response$wrap_format_response$fn__9680.invoke(format_response.clj:194) [na:na]
It issues access token and refresh token when I request token by password grant_type.
But it get Invalid token
error message when I use access token to visit api. I found that there is only refresh token in database. Should an access token be generated an stored in database.
Grants and scopes ware stored on the wrong columns when I calling c/create-client
api.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.