Hello. Following the tutorial on ktor website, I have implemented the session auth and the jwt auth separately.
Now I want to have my client send request with my jwt on cookie and decode it. here is my UserSession I created. it holds a jwt token.
data class UserSession(val jwt: String): Principal
Now, I am thinking of extracting this jwt from the cookie hopefully in below (A) and then validate it.
Is there a standard or recommended way to do so?
_install_(Authentication) {
_session_<UserSession>("auth-session") {
validate { session ->
//(A) i want to validate my jwt (session.jwt here)
}
challenge {
…
}
}
_jwt_("access") {
realm = myRealm
verifier(JWT
.require(Algorithm.HMAC256(accessTokenConfig.secret))
.withAudience(accessTokenConfig.audience)
.withIssuer(accessTokenConfig.issuer)
.build()
)
validate { credential ->
if (credential.payload.expiresAt.time > System.currentTimeMillis() &&
credential.payload.audience.contains(accessTokenConfig.audience) &&
credential.payload.issuer == accessTokenConfig.issuer &&
userDataSource.getUserByUserId(credential.payload.getClaim("userId").asString()) != null
) {
JWTPrincipal(credential.payload)
} else {
null
}
}
}
}
Thanks in advance.