Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Ktor Session Cookie Authentication

Tags:

kotlin

ktor

I'd like to use a session cookie for authentication with Ktor and what I have so far is:

private const val SEVER_PORT = 8082
private const val SESSION_COOKIE_NAME = "some-cookie-name"

data class AuthSession(
    val authToken: String
)

fun main() {
    embeddedServer(Netty, port = SEVER_PORT, module = Application::basicAuthApplication).start(wait = true)
}

fun Application.basicAuthApplication() {
    install(Sessions) {
        cookie<AuthSession>(SESSION_COOKIE_NAME, SessionStorageMemory()) {
            cookie.path = "/"
        }
    }
    install(DefaultHeaders)
    install(CallLogging)
    install(Authentication) {
        session<AuthSession> {
            validate { session ->
                // TODO: do the actual validation
                null
            }
        }
    }

    routing {
        authenticate {
            get("/") {
                call.respondText("Success")
            }
        }
    }
}

But everytime when I do:

curl -v localhost:8082

I get an HTTP 200 and the response "Success"

I expected to get an HTTP 401 Not authorized or something similar.

Can somebody give me insights here how to do proper session cookie authentication with Ktor?

thanks

like image 238
guenhter Avatar asked Jun 14 '19 06:06

guenhter

People also ask

What is the session in KTOR?

Sessions The Sessions plugin provides a mechanism to persist data between different HTTP requests. Typical use cases include storing a logged-in user's ID, the contents of a shopping basket, or keeping user preferences on the client.

What is KTOR?

Ktor is a framework to easily build connected applications – web applications, HTTP services, mobile and browser applications. Modern connected applications need to be asynchronous to provide the best experience to users, and Kotlin coroutines provide awesome facilities to do it in an easy and straightforward way.

What is KTOR client?

Ktor includes a multiplatform asynchronous HTTP client, which allows you to make requests and handle responses, extend its functionality with plugins, such as authentication, JSON serialization, and so on. In this tutorial, we'll create a simple client application for sending a request and receiving a response.

1 Answers

UPDATE:

Okay I realized there is a session auth type which is not documented with authentication feature docs.

The issue with your current code is that you are not specifying the challenge explicitly, the default challenge specified inside is SessionAuthChallenge.Ignore so you have to change it to SessionAuthChallenge.Unauthorized or SessionAuthChallenge.Redirect

So your code should look like:

install(Authentication) {
    session<AuthSession> {
        challenge = SessionAuthChallenge.Unauthorized
        validate { session ->
            // TODO: do the actual validation
            null
        }
    }
}

OLD:

You are not specifying the type of authentication you want to use, probably basic, form or jwt, you may want to try something like this for form authentications for example:

install(Authentication) {
    form("login") {

        skipWhen { call -> call.sessions.get<AuthSession>() != null }

        userParamName = "username"
        passwordParamName = "password"
        challenge = FormAuthChallenge.Unauthorized
        validate { credentials ->
         // Handle credentials validations
       }
    }
}

Check the official documentation for more info.

like image 154
Tosin John Avatar answered Oct 04 '22 03:10

Tosin John
Sign in to Comment

Related questions

android - Running app fails with error 'com.android.builder.dexing.DexArchiveMergerException: Unable to merge dex'
Kotlin hard-failing an up-cast to an inferred (in-site) parameter
Kotlin: return a generic interface
Overriding 'writeToParcel' is not allowed. Use 'Parceler' companion object instead
Unable to load class 'kotlin.collections.CollectionsKT' error when trying to sync gradle
lateinit property not initialized when Activity is re-created
Running kotlin through JSR-223 is incredibly slow
Kotlin gradle build Unresolved reference to kotlin-stdlib functions
Spring Boot transitive @Component dependencies with @ConditionalOnBean
Jackson XML Deserialisation Issue
java.lang.NoClassDefFoundError when using Kotlin AAR in Android Java application
Strings.xml gives a translation error whenever I try to add a new string resource
"Error: Supertypes of the following classes cannot be resolved. Please make sure you have the required dependencies in the classpath"
Can I program microcontrollers in Kotlin?
Get intersection of two maps with different values in Kotlin
Why does printing IntArray show an address rather than the values of the array?
ViewModel, LiveData and Transformations.map
In Android, how to show notifications in lock screen?
Suspend coroutine until condition is true
How to define functional interface with generics in Kotlin?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!