https://kotlinlang.org logo
#ktor
Title
# ktor
n

Nikky

04/23/2022, 12:29 AM
how do i use JWT auth with
optional=true
? in my code when the token verification fails it always responds with 401, even when set up like so
Copy code
authenticate("auth-jwt", optional = true) {
any tricks that i can do to evad whats in
JWTUtils.kt#verifyAndValidate at lines 96-99
? from how i read the documentation a failed auth should lead to a principal being null.. but in this case it never hits my code and always just jumps to the challenge... PS: diging into the code.. seems like
AuthenticationFailedCause.InvalidCredentials
is still responded with a 401 and token verification failure, eg. expired token or signing key differs or such.. will trigger that i'd prefer to treat it as if it was a
AuthenticationFailedCause.NoCredentials
for now i copied the
JWTAuthenticationProvider
and all the internal classes it uses.. just to change one line...
a

Aleksei Tirman [JB]

04/26/2022, 8:21 AM
The KDoc for the
optional
parameter says:
optional when set, if no authentication is provided by the client, a call continues but with a null [Principal].
So if an authentication is provided by the client then it will verify a token. Am I right that you want to receive a null principal when authentication fails or when no authentication is provided by a client?
n

Nikky

04/28/2022, 3:13 PM
another way i found that works too in
authHeader
block i manually extract
blob
out of the header and run verifier on it.. if it throws exception i return
null
acts the same as if nothing was passed in..
8 Views