Channels
lincheck
kobweb
koalaql
gsoc
kotlin-foundation
decouple
compose-android
hiring-french
benchmarks
china
philippines
ohio-kotlin-users
vankotlin
dublin
canada
nigeria
rhein-main
kodex
hacktoberfest
truth
portugal
romania
argentina
sg-user-group
korean
helsinki
functional
oldenburg
cambodia
vietnam
hungary
colorado
panamá
turkey
kotlin-samples
eclipse
kotlin-by-example
wwdc
denmark
thailand
build-tools
coimbatore
sofl-user-group
kotlintlv
udacityindia
quasar
spanish
kotlinbot
dckotlin
ge-kotlin
vim
croatia
javafx
kotlin-multiplatform-contest
osgi
brikk
revolver
tricity-kotlin-user-group
russian_feed
munich
estatik
karg
kotlintest
french
kotlin-in-action
gui
uae
georgia
kotlinlondon
polish
german-lang
kdbc
kotlin-asia
tampa
brazil
kotlin-logging
nepal
redux-kotlin
reduks
austria
armenia
spacemacs
android-databinding
hamburg
budapest
switzerland
minnesota
jadx
hexagon
boston
malaysia
istanbulcoders
aem
codingame
cucumber-bdd
newname
room
ass
atm17
kakao
cincinnati-user-group
arabic
emacs
karlsruhe
fluid-libraries
amsterdam
libgdx
books
ai
vuejs
talking-kotlin
codemash-precompiler
dsl
kotlingforbeginners
stuttgart
cork
kotlin-szeged
utah
jhipster-kotlin
hibernate
jpa
strikt
macedonia
kovenant
kotlin-fuel
kotlinacademy
prozis-android-backup
reductor
funktionale
realworldkotlin
events
google-io
graviton-browser
scotland
spring-security
domain-driven-design
connect-audit-events
bayarea
pinoy
uk
javalin
re
server
kgen-doc-tools
tempe
pakistan
swiss-user-group
kubed
effectivekotlin
refactoring-to-kotlin
cloudfoundry
kprompt
jshdq
alexa
minutest
code-coverage
geospatial
jasync-sql
russian-kotlinasfirst
juul-libraries
lanark
wimix_sentry
pdx
databinding
slovak
austin
androidgithubprojects
data2viz
introduce-yourself
cobalt
korlibs
script
new-zealand
stlouis
linkeddata
kroto-plus
libkgd
zircon
big-data
pocketgitclient
mirror
moonbean
kong
hamkrest
kaskade
effective-kotlin
arkenv
knote
testing
oolong
hackathons
mu
kotlinx-files
pyhsikal
build
coursera
trójmiasto
anko
speaking
kohesive
vienna
communities
kotson
klock
korim
kotrix
kobalt
korte
arrow-meta
algolialibraries
codeforces
koans
result
ktcc
seattle
japanese
forum
uniflow
korio
jackson-kotlin
koin-dev
helios
io
kash_shell
graphql
kafka
kaal
kotlinx-html
freenode
leakcanary
lambdaworld_cadiz
intellij-tricks
kotlin-csv
bulgaria
kbuild
kloudformation
mpapt
100daysofcode
kmdc
package-search
terminal
kmongo
kotlin-pakistan
inkremental
motionlayout
navigation-architecture-component
strife-discord-lib
general-advice
unkonf
awesome-kotlin
tallinn
machinelearningbawas
leedskotlinusergroup
stayhungrystayfoolish
kotest-contributors
edinburgh
skrape-it
anime
moldova
losangeles
testtestest
kotlin-pune
knbt
godot-kotlin
practical-functional-programming
tensorflow
swagger-gradle-codegen
bazel
100daysofkotlin
fuchsia
rxjava
texas
dev-core
clikt
cli
hyderabad
vkug
kinta
detekt-hint
kotlinultimatechallenge
spotify-mobius
pattern-matching
kotlin-plugin
mumbai
mvrx
cyprus
kotlin-spark
lottie
kontent
metro-detroit
kotlin-beam
kotlick
hoplite
cryptography
androidx
kotlinforbeginners
sudan
appintro
tunisia
kotlin-roadmap
kotlin-mumbai
collaborations
pbandk
competitive-programming
scrimage
kotlindl
fp-in-kotlin
python
memes
rocksdb
docs-revamped
jdbi
rsocket
meetkotlin
hikari-cp
firebase
proguard
popkorn
kmm-español
npm-publish
failgood
rpi-pico
kalasim
swing
forkhandles
compose-ui-showcase
kug-torino
web-mpp
students
kondor-json
deprecated
reports
kotlin-sap
carrat-dev
compose-hiring
carrat
carrat-feed
competitivecoding
jobsworldwide
kotlin-data-storage
skia-wasm-interop-temp
tegal
kotlin-website
couchbase
tgbotapi
videos
java-to-kotlin-refactoring
event21-community-content
twitter-feed
androidx-xprocessing
embedded-kotlin
san-diego
atrium
snake
javadevelopers
klaxon
bangladesh
androidthings
lets-have-fun
training
ecuador
new-mexico
montreal
fb-internal-demo
monsterpuzzle
internships
webrtc
arksemdevteam
image-processing
myndocs-oauth2-server
otpisani
love
rethink
chile
kotlintest-devs
beepiz-libraries
korau
uuid
spin
lychee
ktp
debugging
miami
atlanta
scrcast
kotlinprogrammers
corda
swarm
kotlinmad
india
krawler
fritz2
phoenix
nodejs
stacks
lithuania
dutch
kraph
indonesia
cscenter-course-2016
czech
greece
ukrainian
kotlinconf
teamcity
colombia
cn
nyc
graphkool
uruguay
kweb
singapore
turkiye
graphic
jxadapter
karachi
hongkong
oceania
kotlin-serbia
madrid
spain
kotlinsu
norway
latvia
southafrica
morocco
dfw
algeria
peru
israel
kotlin-latam
barcelona
mexico
sweden
vancouver
belgium
iran
australia
london
bydgoszcz
k2-early-adopters
exposed
meta
spek
confetti
naming
dokka
gamedev
rx
intellij-plugins
compose-mp
language-proposals
hiring
stdlib
coroutines
kodein
codereview
announcements
mockk
scripting
koin
ios
feed
serialization
spring
eap
test
kontributors
random
korge
compiler
detekt
redux
library-development
javascript
tornadofx
kotless
ktlint
kvision
moko
kug-leads
fosdem
refreshversions
hire-me
orbit-mvi
language-evolution
graphql-kotlin
arrow
android-studio
flow
grpc
compose
chucker
ktor
russian
ksp
kotest
reaktive
education
touchlab-tools
mvikotlin
apollo-kotlin
doodle
intellij
kotlinx-datetime
framework-elide
reflect
compose-desktop
jvm-ir-backend-feedback
komapper
gradle
glance
ballast
android-architecture
kgraphql
compose-web
science
ktfmt
chicago
android
micronaut
100daysofkotlin-2021
github-workflows-kt
python-contributors
mathematics
kotlin-inject
compose-wear
splitties
squarelibraries
compose-ios
decompose
realm
dagger
arrow-contributors
kotlin-native
react
vertx
advent-of-code
webassembly
codingconventions
getting-started
kapt
stackoverflow
italian
berlin
opensource
multiplatform
datascience
http4k
Title
g
Guilherme Delgado
04/26/2021, 4:38 PMHello,
I’ve a few questions regarding authentication with Google oAuth. I’m developing a Server and a webApp. For now the Server acts like a proxy between webApp and a Google API (down the road I’ll add some custom logic to justify the existence of the SS, but for now existis for the purpose of the exercise).
The idea is:
- webApp has a few .ftl pages and respective Routing Locations. One of this .ftl needs authentication (to fetch data from Google Api through Server)
- Server communicates with Google API using the AccessToken provided by Google OAuth to the webApp
This is my configuration:
Application.kt
install(Sessions) {
cookie<Session>(SESSION_COOKIE) {
cookie.extensions["SameSite"] = "lax"
transform(SessionTransportTransformerMessageAuthentication(hex(...)))
}
}
install(Authentication) {
session<Session>(SESSION_AUTH) {
challenge { throw AuthenticationException() }
validate { session -> if (session.accessToken.isEmpty()) null else session }
}
oauth(GOOGLE_OAUTH) {
client = httpClient
providerLookup = {
OAuthServerSettings.OAuth2ServerSettings(
name = "google",
authorizeUrl = "<https://accounts.google.com/o/oauth2/auth>",
accessTokenUrl = "<https://www.googleapis.com/oauth2/v3/token>",
requestMethod = <http://HttpMethod.Post|HttpMethod.Post>,
...
)
}
urlProvider = { p -> redirectUrl(Login(p.name), false) }
}
}@KtorExperimentalLocationsAPI
@Location("/login/{provider?}")
class Login(val provider: String = "google")
@KtorExperimentalLocationsAPI
fun Route.login(client: HttpClient) {
authenticate(GOOGLE_OAUTH) {
location<Login> {
param("error") { handle {...} }
handle {
val principal = call.authentication.principal<OAuthAccessTokenResponse>()
if (principal != null) {
val oauth = call.authentication.principal<OAuthAccessTokenResponse.OAuth2>()!!
val response = client.get<UserInfo>("<https://www.googleapis.com/oauth2/v1/userinfo>") {
header(HttpHeaders.Authorization, "Bearer ${oauth.accessToken}")
}
call.sessions.set(Session(response, oauth.accessToken, oauth.refreshToken?: ""))
call.redirect(Home())
} else {
call.respond(status = HttpStatusCode.Unauthorized, "Unauthorized, no token issued")
}
}
}
}
}@KtorExperimentalLocationsAPI
@Location("/data")
class Data
@KtorExperimentalLocationsAPI
fun Route.data(client: HttpClient) {
authenticate(SESSION_AUTH) {
get<Data> {
val response = client.get<Info>("<http://localhost:8080>${application.locationToUrl(DataApi())}") {
header(HttpHeaders.Authorization, "Bearer ${call.getSession()?.accessToken}")
...
}
...
}
post<Data> {...}
}
}@KtorExperimentalLocationsAPI
@Location("$API_VERSION/data")
class DataApi
@KtorExperimentalLocationsAPI
fun Route.dataApi(client: HttpClient) {
// authenticate(SESSION_AUTH) {
get<DataApi> {
...
val response = client.get<SomeApiData>("<https://www.googleapis.com/>...") {
parameter("key", params.apiKey)
header(HttpHeaders.Authorization, call.request.headers[HttpHeaders.Authorization])
}
...
}
post<DataApi> {...}
// }
}Hello @Big Chungus , I’m new in kotlinlang 😅, so let me ask if your :thread-please: reaction means to encourage people to respond in thread and not on “the open”, or if I should place my question in a different format.
b
Big Chungus
04/28/2021, 8:59 AMGiven the length of your post it's basically an invitation to only leave the summary in the main post and move elaboration in a thread. That way you don't take up as much screen real estate. Remember, there's shitloads of us here, so we need to be respectful of each other and try and avoid spamming main channel.
Also any further clarifications should also go to thread and not as a separate message
g
Guilherme Delgado
04/28/2021, 9:01 AMyes of course, I’ll change it, that’s why I’ve questioned, I don’t want to break rules 🙂
b
Big Chungus
04/28/2021, 9:01 AMIt's more of an unwritten rure, really. So don't fret! 😀
g
Guilherme Delgado
04/28/2021, 9:02 AMeheh i’m new to “global slack” that’s why I’m still getting used to it ^^
should I delete my question and create a new one, or edit? 🤔
b
Big Chungus
04/28/2021, 9:02 AMDon't bother, leave those as is. Just keep this in mind for the future
👍 1