https://kotlinlang.org logo
#ktor
Title
# ktor
a

a8tb1117

02/20/2023, 7:30 PM
Hello. Following the tutorial on ktor website, I have implemented the session auth and the jwt auth separately. Now I want to have my client send request with my jwt on cookie and decode it. here is my UserSession I created. it holds a jwt token. data class UserSession(val jwt: String): Principal Now, I am thinking of extracting this jwt from the cookie hopefully in below (A) and then validate it. Is there a standard or recommended way to do so? _install_(Authentication) { _session_<UserSession>("auth-session") { validate { session -> //(A) i want to validate my jwt (session.jwt here) } challenge { } } _jwt_("access") { realm = myRealm verifier(JWT .require(Algorithm.HMAC256(accessTokenConfig.secret)) .withAudience(accessTokenConfig.audience) .withIssuer(accessTokenConfig.issuer) .build() ) validate { credential -> if (credential.payload.expiresAt.time > System.currentTimeMillis() && credential.payload.audience.contains(accessTokenConfig.audience) && credential.payload.issuer == accessTokenConfig.issuer && userDataSource.getUserByUserId(credential.payload.getClaim("userId").asString()) != null ) { JWTPrincipal(credential.payload) } else { null } } } } Thanks in advance.
🧵 1
a

Aleksei Tirman [JB]

02/21/2023, 7:36 AM
What kind of validation do you need to do in the session authentication provider?
a

a8tb1117

02/24/2023, 7:19 AM
Not necessarily ‘in’ the authentication provider. I just want to relay the contents of a session (session.jwt in above code) to the jwt validation clause. Thanks @Aleksei Tirman [JB].
a

Aleksei Tirman [JB]

02/24/2023, 8:54 AM
The standard way is to validate a JWT token in the JWT Authentication and save it into a session in a route’s handler. In the Session authentication provider you should check the validity of a session. You can find an example in the documentation.
4 Views