Hi everyone! I have a question that may or may not be out of scope of this channel. Sorry in advance. I successfully setup OAuth2 with ktor and keycloak. I can see that the authentication works correctly from the log of keycloak and the logging of the

HttpClient

used by my

OAuthAuthenticationProvider

. It correctly receives the

access_token

. Now my question is what to do from there. I did put all my routes (this app is fully private) in

authenticate

, that is: my index

/

route, my static

/static

route (which serves the

output.js

file of my app) and my

/data

web-socket route. However, it seems that every requests are handled by

authentication

, the requests to

/static/output.js

and to

/static/favicon.ico

are all been redirected to keycloak and silently back to ktor. (The requests to my

/data

websocket also hangs but...) It seems to me that I should put the

access_token

in my response as cookie or something in order for ktor to know it doesn't have to ask for a redirect. But it is not clear from the documentation what I should exactly do for

authentication

to reuse the previously obtained

access_token

. Thanks in advance for your help.

Assuming you're talking about a web app (as opposed to a stateless rest api), this sounds like sessions. Basically you're looking for a way to allow the server to remember a user's session. You can use the sessions feature of Ktor for this, I believe the docs have a good example of storing a secure session token for exactly this case. There are different ways to store a session (cookies, server vs. client side), but you basically store that in a secure manner so that subsequent requests can retrieve it so the user doesn't have to re-auth every request.

@rharter Sorry for the late answer. And thank you. Indeed I figured how to do that with sessions, manually checking for the expiry of my tokens and skipping authentication when the token is not expired.