# ktor

Didier Villevalois

03/26/2021, 4:47 PM
Hi everyone! I have a question that may or may not be out of scope of this channel. Sorry in advance. I successfully setup OAuth2 with ktor and keycloak. I can see that the authentication works correctly from the log of keycloak and the logging of the
used by my
. It correctly receives the
. Now my question is what to do from there. I did put all my routes (this app is fully private) in
, that is: my index
route, my static
route (which serves the
file of my app) and my
web-socket route. However, it seems that every requests are handled by
, the requests to
and to
are all been redirected to keycloak and silently back to ktor. (The requests to my
websocket also hangs but...) It seems to me that I should put the
in my response as cookie or something in order for ktor to know it doesn't have to ask for a redirect. But it is not clear from the documentation what I should exactly do for
to reuse the previously obtained
. Thanks in advance for your help.


03/27/2021, 2:53 PM
Assuming you're talking about a web app (as opposed to a stateless rest api), this sounds like sessions. Basically you're looking for a way to allow the server to remember a user's session. You can use the sessions feature of Ktor for this, I believe the docs have a good example of storing a secure session token for exactly this case. There are different ways to store a session (cookies, server vs. client side), but you basically store that in a secure manner so that subsequent requests can retrieve it so the user doesn't have to re-auth every request.

Didier Villevalois

04/06/2021, 1:14 PM
@rharter Sorry for the late answer. And thank you. Indeed I figured how to do that with sessions, manually checking for the expiry of my tokens and skipping authentication when the token is not expired.
👍 1