https://kotlinlang.org logo
#ktor
Title
# ktor
d

Didier Villevalois

03/26/2021, 4:47 PM
Hi everyone! I have a question that may or may not be out of scope of this channel. Sorry in advance. I successfully setup OAuth2 with ktor and keycloak. I can see that the authentication works correctly from the log of keycloak and the logging of the
HttpClient
used by my
OAuthAuthenticationProvider
. It correctly receives the
access_token
. Now my question is what to do from there. I did put all my routes (this app is fully private) in
authenticate
, that is: my index
/
route, my static
/static
route (which serves the
output.js
file of my app) and my
/data
web-socket route. However, it seems that every requests are handled by
authentication
, the requests to
/static/output.js
and to
/static/favicon.ico
are all been redirected to keycloak and silently back to ktor. (The requests to my
/data
websocket also hangs but...) It seems to me that I should put the
access_token
in my response as cookie or something in order for ktor to know it doesn't have to ask for a redirect. But it is not clear from the documentation what I should exactly do for
authentication
to reuse the previously obtained
access_token
. Thanks in advance for your help.
r

rharter

03/27/2021, 2:53 PM
Assuming you're talking about a web app (as opposed to a stateless rest api), this sounds like sessions. Basically you're looking for a way to allow the server to remember a user's session. You can use the sessions feature of Ktor for this, I believe the docs have a good example of storing a secure session token for exactly this case. There are different ways to store a session (cookies, server vs. client side), but you basically store that in a secure manner so that subsequent requests can retrieve it so the user doesn't have to re-auth every request.
d

Didier Villevalois

04/06/2021, 1:14 PM
@rharter Sorry for the late answer. And thank you. Indeed I figured how to do that with sessions, manually checking for the expiry of my tokens and skipping authentication when the token is not expired.
👍 1