This episode is for subscribers only. Sign Up or Log in to watch it.

28. Authentication with Buddy

Published 03 April 17

Buddy is a popular security library for implementing authentication and authorization. In this episode you’ll learn what the difference is, and how to implement password based authentication for a simple Ring app.

Show notes

Buddy is a collection of security libraries for Clojure. It contains cryptographic functions, utilities to implement authentication and authorization, and facilities for encryption and message signing.

In this episode I’ll show you how to use Buddy to implement authentication in a typical Ring application. Buddy is split into four packages. buddy-auth provides authentication and authorization. You also need buddy-hashers so you don’t have to store passwords in plain text.

buddy-sign provides cryptographic message signing, I won’t cover that one. buddy-core contains utilities used by the other three. It’s pulled in automatically by the others, so you don’t have to include it.

(defproject booklog "0.1.0-SNAPSHOT"
  :description "Keep track of the books you read,
                a sample project to demonstrate Buddy."

  :url ""

  :dependencies [,,,
                 [buddy/buddy-auth "1.4.1"]
                 [buddy/buddy-hashers "1.2.0"]
                 ;;[buddy/buddy-sign "1.4.0"]
                 ;;[buddy/buddy-core "1.2.0"]

This episode uses the Booklog example app, you can find it on Github. The starting point for this episode is the ep28-start branch.

To launch the app, open a REPL and use the (run) function. This starts the system with all the necessary components.

You can reload all namespaces and restart all components to get a clean slate again with (reset).

browse source code

To follow along:

git clone -b ep28-start

To see the final result:

git clone -b ep28-end


I mention several types of attacks in the episode