├── .gitignore
├── resources-dev
└── config.edn
├── test
└── auth0_ring
│ ├── dev.clj
│ └── app.clj
├── project.clj
├── src
└── auth0_ring
│ ├── jwt.clj
│ ├── middleware.clj
│ ├── core.clj
│ └── handlers.clj
├── README.md
└── LICENSE
/.gitignore:
--------------------------------------------------------------------------------
1 | /target
2 | /classes
3 | /checkouts
4 | pom.xml
5 | pom.xml.asc
6 | *.jar
7 | *.class
8 | /.lein-*
9 | /.nrepl-port
10 | .hgignore
11 | .hg/
12 |
--------------------------------------------------------------------------------
/resources-dev/config.edn:
--------------------------------------------------------------------------------
1 | {:domain "yourapp.auth0.com"
2 | :issuer "https://yourapp.auth0.com/"
3 | :client-id "client id"
4 | :signing-algorithm :hs256
5 | :client-secret "client secret"
6 | :scope "openid user_id name nickname email picture"
7 | :callback-path "/auth/callback"
8 | :error-redirect "/login"
9 | :success-redirect "/"
10 | :logout-handler "/auth/logout"
11 | :logout-redirect "/"}
12 |
--------------------------------------------------------------------------------
/test/auth0_ring/dev.clj:
--------------------------------------------------------------------------------
1 | (ns auth0-ring.dev
2 | (:require [auth0-ring.app :as app]
3 | [ring.adapter.jetty :refer [run-jetty]]))
4 |
5 | (def server nil)
6 |
7 | (defn start []
8 | (when-not server
9 | (def server (run-jetty #'app/handler {:port 3666 :join? false}))))
10 |
11 | (defn stop []
12 | (when server
13 | (.stop server)
14 | (def server nil)))
15 |
16 | (defn restart []
17 | (start)
18 | (stop))
19 |
--------------------------------------------------------------------------------
/project.clj:
--------------------------------------------------------------------------------
1 | (defproject auth0-ring "0.4.5-SNAPSHOT"
2 | :description "Auth0 integration from Clojure"
3 | :url "http://github.com/cjohansen/auth0-ring"
4 | :license {:name "BSD-3-Clause"
5 | :url "http://opensource.org/licenses/BSD-3-Clause"}
6 | :dependencies [[org.clojure/clojure "1.8.0"]
7 | [com.auth0/mvc-auth-commons "0.1.2"]]
8 | :profiles {:dev {:dependencies [[ring "1.5.0"]]
9 | :resource-paths ["resources-dev"]}})
10 |
--------------------------------------------------------------------------------
/src/auth0_ring/jwt.clj:
--------------------------------------------------------------------------------
1 | (ns auth0-ring.jwt
2 | (:require [clojure.java.io :as io])
3 | (:import [com.auth0.jwt JWTVerifier]
4 | [com.auth0.jwt.pem PemReader]))
5 |
6 | (defmulti get-jwt-verifier :signing-algorithm)
7 |
8 | (defmethod get-jwt-verifier :hs256 [{:keys [client-secret client-id issuer]}]
9 | (JWTVerifier. client-secret client-id issuer))
10 |
11 | (defmethod get-jwt-verifier :rs256 [{:keys [public-key-path client-id issuer]}]
12 | (-> public-key-path
13 | io/resource
14 | io/file
15 | PemReader/readPublicKey
16 | (JWTVerifier. client-id issuer)))
17 |
18 | (defn verify-token [jwt-verifier token]
19 | (try
20 | (.verify jwt-verifier token)
21 | (catch Exception e nil)))
22 |
--------------------------------------------------------------------------------
/src/auth0_ring/middleware.clj:
--------------------------------------------------------------------------------
1 | (ns auth0-ring.middleware
2 | (:require [auth0-ring.core :refer [delete-cookie]]
3 | [auth0-ring.jwt :refer [get-jwt-verifier verify-token]]
4 | [clojure.walk :refer [keywordize-keys]]))
5 |
6 | (defn wrap-token-verification [handler config]
7 | (let [jwt-verifier (get-jwt-verifier config)]
8 | (fn [req]
9 | (let [id-token (get-in req [:cookies "id-token" :value])
10 | access-token (get-in req [:cookies "access-token" :value])]
11 | (if id-token
12 | (if-let [user (verify-token jwt-verifier id-token)]
13 | (handler (assoc req :user (keywordize-keys (into {} user))))
14 | (update-in (handler req) [:cookies] #(merge {"id-token" (delete-cookie req)
15 | "access-token" (delete-cookie req)} %)))
16 | (handler req))))))
17 |
--------------------------------------------------------------------------------
/src/auth0_ring/core.clj:
--------------------------------------------------------------------------------
1 | (ns auth0-ring.core
2 | (:import [java.net URLEncoder]
3 | (java.text SimpleDateFormat)
4 | (java.util Calendar TimeZone)))
5 |
6 | (def rfc822-formatter
7 | (doto
8 | (SimpleDateFormat. "EEE, dd MMM yyyy HH:mm:ss Z")
9 | (.setTimeZone (TimeZone/getTimeZone "GMT"))))
10 |
11 | (defn max-age->expires
12 | "Return a valid 'expires' value (RFC822 string)"
13 | [max-age]
14 | (let [cal (doto
15 | (Calendar/getInstance)
16 | (.add Calendar/SECOND max-age))]
17 | (.format rfc822-formatter (.getTime cal))))
18 |
19 | (defn urlencode [str]
20 | (URLEncoder/encode str "utf-8"))
21 |
22 | (defn qualify-url [req path]
23 | (if (re-find #"^https?://" path)
24 | path
25 | (str (name (:scheme req)) "://" (get (:headers req) "host") path)))
26 |
27 | (defn get-logout-url [req config]
28 | (str "https://" (:domain config) "/v2/logout?"
29 | "client_id=" (:client-id config)
30 | (when-let [url (:logout-handler config)]
31 | (str "&returnTo=" (urlencode (qualify-url req url))))))
32 |
33 | (defn http-only-cookie [req cookie]
34 | (cond-> (merge {:http-only true
35 | :secure (= (:scheme req) :https)
36 | :path "/"} cookie)
37 | (number? (:max-age cookie))
38 | (assoc :expires (max-age->expires (:max-age cookie)))))
39 |
40 | (defn delete-cookie [req]
41 | (http-only-cookie req {:value "" :max-age 1}))
42 |
--------------------------------------------------------------------------------
/test/auth0_ring/app.clj:
--------------------------------------------------------------------------------
1 | (ns auth0-ring.app
2 | (:require [auth0-ring.handlers :as auth0]
3 | [auth0-ring.middleware :refer [wrap-token-verification]]
4 | [clojure.java.io :as io]
5 | [ring.middleware.content-type :refer [wrap-content-type]]
6 | [ring.middleware.cookies :refer [wrap-cookies]]
7 | [ring.middleware.not-modified :refer [wrap-not-modified]]
8 | [ring.middleware.params :refer [wrap-params]]
9 | [ring.middleware.resource :refer [wrap-resource]]
10 | [ring.util.response :refer [redirect]]))
11 |
12 | (def config (read-string (slurp (io/resource "config.edn"))))
13 |
14 | (defn login [req]
15 | {:status 200
16 | :headers {"Content-Type" "text/html"}
17 | :body (str "
18 |
19 |
20 | Login
21 |
22 |
23 |
24 |
38 |
39 | ")})
40 |
41 | (defn some-page [req]
42 | (if-let [user (:user req)]
43 | {:status 200
44 | :headers {"Content-Type" "text/html"}
45 | :body (str "
46 |
47 |
48 | This is some page
49 |
50 |
51 | You need to be logged in to see this
52 | Frontpage please
53 |
54 | ")}
55 | (redirect (str "/login?returnUrl=" (:uri req)))))
56 |
57 | (defn index [req]
58 | (if-let [user (:user req)]
59 | {:status 200
60 | :headers {"Content-Type" "text/html"}
61 | :body (str "
62 |
63 |
64 | Hello
65 |
66 |
67 | Welcome dear user!
68 | Nice to see you, " (:nickname user) "
69 | Log out
70 |
71 | ")}
72 | {:status 200
73 | :headers {"Content-Type" "text/html"}
74 | :body (str "
75 |
76 |
77 | Hello
78 |
79 |
80 | You ain't logged in
81 | Log in
82 |
83 | ")}))
84 |
85 | (defn web-handler [req]
86 | (let [callback-handler (auth0/create-callback-handler config)
87 | logout-callback-handler (auth0/create-logout-callback-handler config)
88 | logout-handler (auth0/create-logout-handler config)
89 | login-handler (auth0/wrap-login-handler login)]
90 | (case (:uri req)
91 | "/" (index req)
92 | "/login" (login-handler req)
93 | "/auth/callback" (callback-handler req)
94 | "/auth/logout" (logout-callback-handler req)
95 | "/logout" (logout-handler req)
96 | "/some/page" (some-page req)
97 | "/favicon.ico" {:status 404})))
98 |
99 | (def handler (-> #'web-handler
100 | (wrap-resource "public")
101 | wrap-content-type
102 | wrap-not-modified
103 | (wrap-token-verification config)
104 | wrap-params
105 | wrap-cookies))
106 |
--------------------------------------------------------------------------------
/src/auth0_ring/handlers.clj:
--------------------------------------------------------------------------------
1 | (ns auth0-ring.handlers
2 | (:require [auth0-ring.core :refer [qualify-url get-logout-url http-only-cookie delete-cookie]]
3 | [clojure.string :as s])
4 | (:import [com.auth0 NonceFactory QueryParamUtils Auth0ClientImpl]))
5 |
6 | (defn query-param [req p]
7 | (get (:query-params req) (name p)))
8 |
9 | (defn parse-query-param [str param]
10 | (QueryParamUtils/parseFromQueryParams (or str "") (name param)))
11 |
12 | (defn create-client [{:keys [client-id client-secret domain]}]
13 | (Auth0ClientImpl. client-id client-secret domain))
14 |
15 | (defn matches-nonce [req]
16 | (let [state (query-param req :state)
17 | nonce (get-in req [:cookies "nonce" :value])]
18 | (if nonce
19 | (and state (= (parse-query-param state :nonce) nonce))
20 | true)))
21 |
22 | (defn is-valid [req]
23 | (and (not (query-param req :error))
24 | (matches-nonce req)))
25 |
26 | (defn redirect-uri [req redirect-path]
27 | (if (re-find #"^https?://" redirect-path)
28 | redirect-path
29 | (qualify-url req redirect-path)))
30 |
31 | (defn get-url-path [url-str]
32 | (second (re-find #"(?:.+://[^/]+)?(.*)" url-str)))
33 |
34 | (defn get-success-redirect [req config]
35 | (if-let [return-url (parse-query-param (query-param req :state) :returnUrl)]
36 | (qualify-url req (get-url-path return-url))
37 | (:success-redirect config)))
38 |
39 | (defn create-callback-handler [config & [{:keys [on-authenticated cookie-opts]
40 | :or {cookie-opts {}}}]]
41 | (let [auth0-client (create-client config)
42 | callback-uri (or (:callback-uri config) "/callback")]
43 | (fn [req]
44 | (try
45 | (if (is-valid req)
46 | (let [tokens (.getTokens auth0-client
47 | (query-param req :code)
48 | (redirect-uri req (:success-redirect config)))
49 | user-profile (.getUserProfile auth0-client tokens)]
50 | (when (fn? on-authenticated)
51 | (on-authenticated user-profile tokens))
52 | {:status 302
53 | :headers {"Location" (get-success-redirect req config)}
54 | :cookies {"nonce" (delete-cookie req)
55 | "id-token" (http-only-cookie req (merge
56 | cookie-opts
57 | {:value (.getIdToken tokens)}))
58 | "access-token" (http-only-cookie req (merge
59 | cookie-opts
60 | {:value (.getAccessToken tokens)}))}})
61 | {:status 302 :headers {"Location" (:error-redirect config)}})
62 | (catch RuntimeException e
63 | (.printStackTrace e)
64 | {:status 302 :headers {"Location" (:error-redirect config)}})))))
65 |
66 |
67 | (defn create-logout-callback-handler [config]
68 | (fn [req]
69 | {:status 302
70 | :cookies {"id-token" (delete-cookie req)
71 | "access-token" (delete-cookie req)}
72 | :headers {"Location" (:logout-redirect config)}}))
73 |
74 | (defn get-nonce [req]
75 | (let [cookie (:value (get (:cookies req) "nonce"))]
76 | (if (s/blank? cookie)
77 | (NonceFactory/create)
78 | cookie)))
79 |
80 | (defn wrap-login-handler [handler]
81 | (fn [req]
82 | (let [nonce (get-nonce req)]
83 | (assoc-in (handler (assoc req :nonce nonce))
84 | [:cookies "nonce"]
85 | (http-only-cookie req {:value nonce :max-age 600})))))
86 |
87 | (defn create-logout-handler [config]
88 | (fn [req] {:status 302 :headers {"Location" (get-logout-url req config)}}))
89 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # auth0-ring
2 |
3 | Integrate with Auth0 from Clojure. This repo contains a middleware and some Ring
4 | handlers that mostly mirror the functionality in
5 | the [official Auth0 Servlet](https://github.com/auth0/auth0-servlet), with the
6 | notable exception that this library implements Auth0 in a completely statelesss
7 | manner (e.g. no sessions).
8 |
9 | ## Install
10 |
11 | Add to `:dependencies` in your project.clj:
12 |
13 | ```clj
14 | [auth0-ring "0.4.4"]
15 | ```
16 |
17 | ## Prerequisites
18 |
19 | The middleware and handlers assumes the existence of `:cookies` and
20 | `:query-params` in the Ring request map, meaning you should make sure to enable
21 | the corresponding middlewares:
22 |
23 | ```clj
24 | (ns your.app
25 | (:require [ring.middleware.cookies :refer [wrap-cookies]]
26 | [ring.middleware.params :refer [wrap-params]]))
27 |
28 | (def handler (-> your-web-handler
29 | wrap-params
30 | wrap-cookies))
31 | ```
32 |
33 | ## Usage
34 |
35 | The official
36 | Auth0 [Java introduction](https://auth0.com/docs/quickstart/webapp/java)
37 | provides much more details and background on how to use this code, the flow,
38 | related specs and so on.
39 |
40 | If you just want the distilled version of how to use this library in Clojure,
41 | read on.
42 |
43 | The library includes a middleware that will verify the user's JSON Web Token
44 | (JWT), if any, and deserialize it into `(:user req)`. It does not provide a
45 | middleware for requiring logged in users. It also provides handlers that
46 | implement the authentication callback, add a CSRF token/nonce to the login form,
47 | and implements logout from your app and Auth0.
48 |
49 | ### Configuration
50 |
51 | In order to run the sample code in this repo (and Readme), you will need some
52 | configuration:
53 |
54 | ```clj
55 | {:domain "yourapp.datacenter.auth0.com"
56 | :issuer "https://yourapp.datacenter.auth0.com/"
57 | :client-id "client id"
58 | :signing-algorithm :hs256
59 | :client-secret "client secret"
60 | :scope "openid user_id name nickname email picture"
61 | :callback-path "/auth/callback"
62 | :error-redirect "/login"
63 | :success-redirect "/"
64 | :logout-handler "/auth/logout"
65 | :logout-redirect "/"}
66 | ```
67 |
68 | To run the provided sample code, put this in `resources/config.edn`.
69 |
70 | ### The login page
71 |
72 | We'll be using [Auth0's Lock](https://auth0.com/docs/libraries/lock) for logins.
73 | Follow the link to learn how to customize it.
74 |
75 | The login page pulls a few values from your configuration, as well as the
76 | `:nonce` from the request. In order to make this available, wrap the handler in
77 | `auth0-ring.handlers/wrap-login-handler`:
78 |
79 | ```clj
80 | (def login
81 | (auth0-handlers/wrap-login-handler
82 | (fn [req]
83 | {:status 200
84 | :headers {"Content-Type" "text/html"}
85 | :body (str "
86 |
87 |
88 | Login
89 |
90 |
91 |
92 |
106 |
107 | ")})))
108 | ```
109 |
110 | Then create your web handler:
111 |
112 | ```clj
113 | (ns auth0-clj.app
114 | (:require [auth0-ring.handlers :as auth0]
115 | [auth0-ring.middleware :refer [wrap-token-verification]]
116 | [ring.middleware.cookies :refer [wrap-cookies]]
117 | [ring.middleware.params :refer [wrap-params]]))
118 |
119 | ;; config ...
120 | ;; login handler ...
121 |
122 | (defn auth-callback [auth0-user]
123 | ;; Optional hook for when you need to sync user profile details into a local
124 | ;; database, session etc.
125 | ;;
126 | ;; Refer to the Auth0User API:
127 | ;; https://github.com/auth0/auth0-java-mvc-common/blob/master/src/main/java/com/auth0/Auth0User.java
128 | (println (.getUserId auth0-user)))
129 |
130 | (defn web-handler [req]
131 | (let [callback-handler (auth0/create-callback-handler config :on-authenticated auth-callback)
132 | logout-callback-handler (auth0/create-logout-callback-handler config)
133 | logout-handler (auth0/create-logout-handler config)]
134 | (case (:uri req)
135 | "/login" (login-handler req)
136 | "/auth/callback" (callback-handler req)
137 | "/auth/logout" (logout-callback-handler req)
138 | "/logout" (logout-handler req)
139 | "/favicon.ico" {:status 404})))
140 |
141 | (def handler (-> #'web-handler
142 | (wrap-token-verification config)
143 | wrap-params
144 | wrap-cookies))
145 | ```
146 |
147 | After going through the login, you should now see `(:user req)` in your web
148 | handlers.
149 |
150 | ## License
151 |
152 | Copyright © 2017 Christian Johansen
153 |
154 | Distributed under the Eclipse Public License either version 1.0 or (at
155 | your option) any later version.
156 |
157 |
158 | ## License: BSD
159 |
160 | Copyright © 2017 Christian Johansen. All rights reserved.
161 |
162 | 1. Redistribution and use in source and binary forms, with or without
163 | modification, are permitted provided that the following conditions are met:
164 | 2. Redistributions of source code must retain the above copyright notice, this
165 | list of conditions and the following disclaimer.
166 | 3. Redistributions in binary form must reproduce the above copyright notice,
167 | this list of conditions and the following disclaimer in the documentation
168 | and/or other materials provided with the distribution.
169 |
170 | Neither the name of the copyright holder nor the names of its contributors may
171 | be used to endorse or promote products derived from this software without
172 | specific prior written permission.
173 |
174 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
175 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
176 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
177 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
178 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
179 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
180 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
181 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
182 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
183 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
184 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS ECLIPSE PUBLIC
2 | LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION OF THE PROGRAM
3 | CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT.
4 |
5 | 1. DEFINITIONS
6 |
7 | "Contribution" means:
8 |
9 | a) in the case of the initial Contributor, the initial code and
10 | documentation distributed under this Agreement, and
11 |
12 | b) in the case of each subsequent Contributor:
13 |
14 | i) changes to the Program, and
15 |
16 | ii) additions to the Program;
17 |
18 | where such changes and/or additions to the Program originate from and are
19 | distributed by that particular Contributor. A Contribution 'originates' from
20 | a Contributor if it was added to the Program by such Contributor itself or
21 | anyone acting on such Contributor's behalf. Contributions do not include
22 | additions to the Program which: (i) are separate modules of software
23 | distributed in conjunction with the Program under their own license
24 | agreement, and (ii) are not derivative works of the Program.
25 |
26 | "Contributor" means any person or entity that distributes the Program.
27 |
28 | "Licensed Patents" mean patent claims licensable by a Contributor which are
29 | necessarily infringed by the use or sale of its Contribution alone or when
30 | combined with the Program.
31 |
32 | "Program" means the Contributions distributed in accordance with this
33 | Agreement.
34 |
35 | "Recipient" means anyone who receives the Program under this Agreement,
36 | including all Contributors.
37 |
38 | 2. GRANT OF RIGHTS
39 |
40 | a) Subject to the terms of this Agreement, each Contributor hereby grants
41 | Recipient a non-exclusive, worldwide, royalty-free copyright license to
42 | reproduce, prepare derivative works of, publicly display, publicly perform,
43 | distribute and sublicense the Contribution of such Contributor, if any, and
44 | such derivative works, in source code and object code form.
45 |
46 | b) Subject to the terms of this Agreement, each Contributor hereby grants
47 | Recipient a non-exclusive, worldwide, royalty-free patent license under
48 | Licensed Patents to make, use, sell, offer to sell, import and otherwise
49 | transfer the Contribution of such Contributor, if any, in source code and
50 | object code form. This patent license shall apply to the combination of the
51 | Contribution and the Program if, at the time the Contribution is added by the
52 | Contributor, such addition of the Contribution causes such combination to be
53 | covered by the Licensed Patents. The patent license shall not apply to any
54 | other combinations which include the Contribution. No hardware per se is
55 | licensed hereunder.
56 |
57 | c) Recipient understands that although each Contributor grants the licenses
58 | to its Contributions set forth herein, no assurances are provided by any
59 | Contributor that the Program does not infringe the patent or other
60 | intellectual property rights of any other entity. Each Contributor disclaims
61 | any liability to Recipient for claims brought by any other entity based on
62 | infringement of intellectual property rights or otherwise. As a condition to
63 | exercising the rights and licenses granted hereunder, each Recipient hereby
64 | assumes sole responsibility to secure any other intellectual property rights
65 | needed, if any. For example, if a third party patent license is required to
66 | allow Recipient to distribute the Program, it is Recipient's responsibility
67 | to acquire that license before distributing the Program.
68 |
69 | d) Each Contributor represents that to its knowledge it has sufficient
70 | copyright rights in its Contribution, if any, to grant the copyright license
71 | set forth in this Agreement.
72 |
73 | 3. REQUIREMENTS
74 |
75 | A Contributor may choose to distribute the Program in object code form under
76 | its own license agreement, provided that:
77 |
78 | a) it complies with the terms and conditions of this Agreement; and
79 |
80 | b) its license agreement:
81 |
82 | i) effectively disclaims on behalf of all Contributors all warranties and
83 | conditions, express and implied, including warranties or conditions of title
84 | and non-infringement, and implied warranties or conditions of merchantability
85 | and fitness for a particular purpose;
86 |
87 | ii) effectively excludes on behalf of all Contributors all liability for
88 | damages, including direct, indirect, special, incidental and consequential
89 | damages, such as lost profits;
90 |
91 | iii) states that any provisions which differ from this Agreement are offered
92 | by that Contributor alone and not by any other party; and
93 |
94 | iv) states that source code for the Program is available from such
95 | Contributor, and informs licensees how to obtain it in a reasonable manner on
96 | or through a medium customarily used for software exchange.
97 |
98 | When the Program is made available in source code form:
99 |
100 | a) it must be made available under this Agreement; and
101 |
102 | b) a copy of this Agreement must be included with each copy of the Program.
103 |
104 | Contributors may not remove or alter any copyright notices contained within
105 | the Program.
106 |
107 | Each Contributor must identify itself as the originator of its Contribution,
108 | if any, in a manner that reasonably allows subsequent Recipients to identify
109 | the originator of the Contribution.
110 |
111 | 4. COMMERCIAL DISTRIBUTION
112 |
113 | Commercial distributors of software may accept certain responsibilities with
114 | respect to end users, business partners and the like. While this license is
115 | intended to facilitate the commercial use of the Program, the Contributor who
116 | includes the Program in a commercial product offering should do so in a
117 | manner which does not create potential liability for other Contributors.
118 | Therefore, if a Contributor includes the Program in a commercial product
119 | offering, such Contributor ("Commercial Contributor") hereby agrees to defend
120 | and indemnify every other Contributor ("Indemnified Contributor") against any
121 | losses, damages and costs (collectively "Losses") arising from claims,
122 | lawsuits and other legal actions brought by a third party against the
123 | Indemnified Contributor to the extent caused by the acts or omissions of such
124 | Commercial Contributor in connection with its distribution of the Program in
125 | a commercial product offering. The obligations in this section do not apply
126 | to any claims or Losses relating to any actual or alleged intellectual
127 | property infringement. In order to qualify, an Indemnified Contributor must:
128 | a) promptly notify the Commercial Contributor in writing of such claim, and
129 | b) allow the Commercial Contributor to control, and cooperate with the
130 | Commercial Contributor in, the defense and any related settlement
131 | negotiations. The Indemnified Contributor may participate in any such claim
132 | at its own expense.
133 |
134 | For example, a Contributor might include the Program in a commercial product
135 | offering, Product X. That Contributor is then a Commercial Contributor. If
136 | that Commercial Contributor then makes performance claims, or offers
137 | warranties related to Product X, those performance claims and warranties are
138 | such Commercial Contributor's responsibility alone. Under this section, the
139 | Commercial Contributor would have to defend claims against the other
140 | Contributors related to those performance claims and warranties, and if a
141 | court requires any other Contributor to pay any damages as a result, the
142 | Commercial Contributor must pay those damages.
143 |
144 | 5. NO WARRANTY
145 |
146 | EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE PROGRAM IS PROVIDED ON
147 | AN "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER
148 | EXPRESS OR IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR
149 | CONDITIONS OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A
150 | PARTICULAR PURPOSE. Each Recipient is solely responsible for determining the
151 | appropriateness of using and distributing the Program and assumes all risks
152 | associated with its exercise of rights under this Agreement , including but
153 | not limited to the risks and costs of program errors, compliance with
154 | applicable laws, damage to or loss of data, programs or equipment, and
155 | unavailability or interruption of operations.
156 |
157 | 6. DISCLAIMER OF LIABILITY
158 |
159 | EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER RECIPIENT NOR ANY
160 | CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL,
161 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION
162 | LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
163 | CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
164 | ARISING IN ANY WAY OUT OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE
165 | EXERCISE OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY
166 | OF SUCH DAMAGES.
167 |
168 | 7. GENERAL
169 |
170 | If any provision of this Agreement is invalid or unenforceable under
171 | applicable law, it shall not affect the validity or enforceability of the
172 | remainder of the terms of this Agreement, and without further action by the
173 | parties hereto, such provision shall be reformed to the minimum extent
174 | necessary to make such provision valid and enforceable.
175 |
176 | If Recipient institutes patent litigation against any entity (including a
177 | cross-claim or counterclaim in a lawsuit) alleging that the Program itself
178 | (excluding combinations of the Program with other software or hardware)
179 | infringes such Recipient's patent(s), then such Recipient's rights granted
180 | under Section 2(b) shall terminate as of the date such litigation is filed.
181 |
182 | All Recipient's rights under this Agreement shall terminate if it fails to
183 | comply with any of the material terms or conditions of this Agreement and
184 | does not cure such failure in a reasonable period of time after becoming
185 | aware of such noncompliance. If all Recipient's rights under this Agreement
186 | terminate, Recipient agrees to cease use and distribution of the Program as
187 | soon as reasonably practicable. However, Recipient's obligations under this
188 | Agreement and any licenses granted by Recipient relating to the Program shall
189 | continue and survive.
190 |
191 | Everyone is permitted to copy and distribute copies of this Agreement, but in
192 | order to avoid inconsistency the Agreement is copyrighted and may only be
193 | modified in the following manner. The Agreement Steward reserves the right to
194 | publish new versions (including revisions) of this Agreement from time to
195 | time. No one other than the Agreement Steward has the right to modify this
196 | Agreement. The Eclipse Foundation is the initial Agreement Steward. The
197 | Eclipse Foundation may assign the responsibility to serve as the Agreement
198 | Steward to a suitable separate entity. Each new version of the Agreement will
199 | be given a distinguishing version number. The Program (including
200 | Contributions) may always be distributed subject to the version of the
201 | Agreement under which it was received. In addition, after a new version of
202 | the Agreement is published, Contributor may elect to distribute the Program
203 | (including its Contributions) under the new version. Except as expressly
204 | stated in Sections 2(a) and 2(b) above, Recipient receives no rights or
205 | licenses to the intellectual property of any Contributor under this
206 | Agreement, whether expressly, by implication, estoppel or otherwise. All
207 | rights in the Program not expressly granted under this Agreement are
208 | reserved.
209 |
210 | This Agreement is governed by the laws of the State of New York and the
211 | intellectual property laws of the United States of America. No party to this
212 | Agreement will bring a legal action under this Agreement more than one year
213 | after the cause of action arose. Each party waives its rights to a jury trial
214 | in any resulting litigation.
215 |
--------------------------------------------------------------------------------