https://kotlinlang.org logo
Title
k

Kalpesh Chandora

04/05/2023, 5:30 AM
Hi. I am working on a Ktor project and I need to execute a code block for every request made to the server. I am passing the Firebase authToken from client as header and need to verify if for all the requests. One approach is to create a lamba and call it for every request manually. Any good alternative for this?
j

Jorge R

04/05/2023, 8:49 AM
Did you have a look to the authentication documentation? this seems like some kind of authentication based on Firebase authToken? This way you can wrap all your routes with authenticate clause, that will be executed before any routing, and you can define there which auth to do. https://ktor.io/docs/basic.html#configure
One question to be answered is how are you planning to validate the firebase token? What is a good token vs a bad one? how can you detect bad actors?
I'm assuming you are asking server side here, let me know if that is the case, because it is not really clear.
k

Kalpesh Chandora

04/06/2023, 3:57 AM
@Jorge R Yes. I need to verify the token for all the requests. I have gone through the auth doc of ktor but couldn’t get much out of it. Basically I want to protect all the routes
k

Kalpesh Chandora

04/07/2023, 8:43 AM
Firebase provides a method
verifyIdToken()
. To simplify my question, let’s assume that I want to execute a method for every api call to the server
j

Jorge R

04/07/2023, 9:06 AM
Did you Google a bit? I've found someone doing what you are mentioning here https://plusmobileapps.com/2022/08/02/ktor-firebase-auth.html