July 30, 2019

Using Argon for Password Hashes

Include the argon2-jvm dependency in your build.boot or project.clj file. [de.mkammerer/argon2-jvm "2.5"] In the module you need to use argon hashes, import the necessary classes in you namespace (ns) declaration: (:import (de.mkammerer.argon2 Argon2Factory Argon2Factory$Argon2Types)) Now you can generate a hash or verify if a string matches a hash like below: (defonce ^:private ^:const arg2-iterations 8) (defonce ^:private ^:const arg2-memory 65536) (defonce ^:private ^:const arg2-parallelism 1) (defn- argon2-hash "Hash string with Argon2id" [str-to-be-hashed] (. Read more

August 30, 2018

Using Buddy for Authentication with JWT

buddy is a set of clojure modules and libraries to incorporate various security feature in your ring application. It is also fairly non-opinionated allowing you to decide how to handle various scenarios. Check out their github page to know more about the library. Their documentation can be found here. They also have basic examples for using various authentication schemes here. In this tutorial we will configure our webapp to use signed JSON Web Tokens (JWT) and also setup access rules to make sure certain routes can only be accessed with specific authorization levels. Read more

Powered by Hugo & Kiss.