What is the recommend way of accessing another resource server on behalf of a specific user in Ktor? I have a resource server which is setup to accept bearer authentication in Ktor; however, this service needs to communicate with another resource server on behalf of the user. Currently, we are using client credentials which are issued to the first service, but we’d like to somehow use the user’s credentials. Should we store the

JwtCredentials

into the principal returned during the validate call to be later used by the HttpClient?

In the past I've just recreated the token from the principal similar to this. But I guess you could store it also that might be more straightforward...

fun JWTPrincipal.toToken(): String = JWT.create().apply {
    withAudience(*audience.toTypedArray())
    withIssuer(issuer)
    withPayload(payload.claims)
    withExpiresAt(expiresAt)
}
    .sign(Algorithm.HMAC256(secret))

This is exactly what JWTs are used for. So storing the JwtCredentials “somewhere” and using it in the HttpClient to the resource server sounds like the way to go. You can access the jwt principal on the call object if i am correct.