Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to do authentication using Akka HTTP

Tags:

scala

akka

akka-http

Looking for a good explanation on how to do authentication using akka HTTP. Given a route that looks like

val route = 
  path("account") {
    authenticateBasic(realm = "some realm", myAuthenticator) { user =>
      get {
        encodeResponseWith(Deflate) {
          complete {
            //do something here
          }
        }
      }
    }
  }

The documentation outlines a way, but then the pertinent part performing the actual authentication is omitted...

// backend entry points
def myAuthenticator: Authenticator[User] = ???

Where can I find an example implementation of such an authenticator? I have the logic already for authenticating a user given a user name and password, but what i can't figure out is how to get a username/password (or token containing both) from the HTTP request (or RequestContext).

like image 804
mattmar10 Avatar asked Oct 18 '15 21:10

mattmar10

1 Answers

Authenticator is just a function UserCredentials => Option[T], where UserCredentials in case of being (check with pattern matching) Provided have verifySecret(secret) method which you need to safely call and return Some (Some user for example) in case of success, like:

def myAuthenticator: Authenticator[User] = {
  case p@Provided(username) =>
    if(p.verifySecret(myGetSecret(username))) Some(username) else None
  case Missing => None //you can throw an exeption here to get customized response otherwise it will be regular `CredentialsMissing` message

}

myGetSecret is your custom function which gets username and returns your secret (e.g. password), getting it possibly from database. verifySecret will securely compare (to avoid timing attack) provided password with your password from myGetSecret. Generally, "secret" is any hidden information (like hash of credentials or token) but in case of basic authentication it is just a plain password extracted from http headers.

If you need more customized approach - use authenticateOrRejectWithChallenge that gets HttpCredentials as an input, so you can extract provided password from there.

More info about authorization is in scaladocs.

like image 90
dk14 Avatar answered Sep 25 '22 08:09

dk14
Sign in to Comment

Related questions

Java bytecode decompiler in IntelliJIDEA for Scala
Scala Eclipse Autocomplete Broken?
Is there a way to make the Scala REPL not stop with CTRL-C
Setting up Scaladoc for IntelliJ
Using Typesafe Config's ConfigFactory to set key setting in build.sbt?
When extending a trait within a trait, what does 'super' refer to?
Spark structured streaming - join static dataset with streaming dataset
Minimal framework in Scala for collections with inheriting return type
Message delivery sequence in akka actors
What are the weaknesses in using Immutability + Actor model for concurrency programming?
How to fix NoSuchMethodError?
Error:scalac: bad option: -P (IntelliJ IDEA)
Why does this Scala function compile when the argument does not conform to the type constraint?
How to find which Java/Scala thread has locked a file?
Does Spark maintain parquet partitioning on read?
Why is Option not Traversable?
How to implement a Set with a user-defined equality
What is the benefit of using Futures over parallel collections in scala?
String interpolation and macro: how to get the StringContext and expression locations
When using Scala futures, will chained callbacks with the same execution context be optimised into synchronous calls?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!