https://kotlinlang.org logo
Title
v

v79

08/14/2021, 9:35 AM
When adding authentication to a website, do you wrap all the routes which the user must be logged into to with
authenticate()
or do you just add
authenticate()
to the routes which actually do the authentication? I'm terribly confused.
d

Dominaezzz

08/14/2021, 9:54 AM
The latter
v

v79

08/14/2021, 10:02 AM
So for every route which should only be accessible to authenticated users, I have to check the session state myself?
a

Aleksei Tirman [JB]

08/16/2021, 10:47 AM
Yes. There is no built-in functionality for this.
@v79 what authentification method do you use?
v

v79

08/16/2021, 12:16 PM
I'm using (well, experimenting with) Oauth using AWS Cogito.
a

Aleksei Tirman [JB]

08/16/2021, 12:17 PM
Then my answer is correct :)
v

v79

08/16/2021, 12:21 PM
The ktor examples seem to put the callback URL inside the authenticate block. That crashes when I'm running ktor on AWS lambda through kotless. Works when the callback is not in authenticate. The osiris framework I've previously used for serverless puts all routes which should be secure inside the authenticate block and handles it automatically. Which was nice 😊.