I'm not sure how I should handle authentication. I have a bunch of REST routes, my application is a React app, so client side. How do I enforce authentication on all those routes with a form authentication?

The ktor documentation gets into how to use Form Authentication here: http://ktor.io/features/authentication.html

I ended up not using ktor-auth. The process of authentication is simple yet there is no explanation how ktor-auth works, so I can't use it properly.