https://kotlinlang.org logo
#ktor
Title
# ktor
b

bram93

09/04/2019, 11:02 AM
Does anyone know how to add an intercepter after the authentication feature? Need it for an custom Authorization feature
u

Uriel Salischiker

09/04/2019, 11:05 AM
I made a custom authentication provider for that
but not sure its the best solution
b

bram93

09/04/2019, 11:17 AM
Could you share an example?
u

Uriel Salischiker

09/04/2019, 11:24 AM
Untitled_kt.kt
based on the BasicAuthenticationProvider
but for reading the info from a cookie
example_kt.kt
and thats the usage code
b

bram93

09/04/2019, 11:58 AM
thx
I ended up modifying the pricipal in the
validate
function:
Copy code
install(Authentication) {
        jwt {
            verifier(jwkProvider, jwkIssuer)
            realm = jwkRealm
            validate { credentials ->
                if (credentials.payload.audience.contains(jwkAudience)) {
                    val account = httpClient.get<Account>(accountEndpoint) {
                        header("Authorization", request.header("Authorization"))
                    }

                    KKPrincipal(credentials.payload, account)
                } else null
            }
        }
    }
s

Sergey Akhapkin

09/04/2019, 6:14 PM
@Uriel Salischiker why not to use Sessions plus Authentication features to have cookie auth out-of-box:
Copy code
install(Sessions) {
    cookie<CookieClass>("CookieName") {
        // configure cookie provider: path, httpOnly, secure and so on
    }
}

install(Authentication) {
    session<CookieClass>("AuthorizationName") {
        challenge {
            appendWWWAuthenticateHeader(call)
            call.respond(HttpStatusCode.Unauthorized)
        }
        validate {
            // it here points to you CookieClass - extract data and may be call db to find user 
        }
    }
}
u

Uriel Salischiker

09/04/2019, 7:03 PM
Ohh, tgat works when the cookie is not a session cookie but contains a url encoded string which then contains a access token?
@Sergey Akhapkin
s

Sergey Akhapkin

09/04/2019, 7:43 PM
I don't sure I completely understood your question, but I don't see any restrictions to a content of cookie. When cookie provider is configured, you need to provide serialize/deserialize methods from/to CookieClass to/from String.
Copy code
fun CookieSessionBuilder<CookieClass>.init() {
    ...
    serializer = object : SessionSerializer {
        override fun deserialize(text: String): Any = ...
        override fun serialize(session: Any): String = ...
    }
}
4 Views