tessl/maven-io-ktor--ktor-client-auth
Ktor client authentication and authorization plugin that handles various authentication schemes including Basic, Bearer, and Digest authentication.
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
'%3e%3cpath%20d='m7.15%205.779.281.877c-.001.502.003.991.124%201.48l.116-.082.229-1.265c.723%201.422%202.78%203.325%202.53%205.008-.022.154-.082.3-.158.435.349-.014.375-.38.578-.56.187%201.005.17%201.975-.22%202.932l1.428%203.159c-.007.07-.626.285-.744.226-.087-.044-.629-1.506-.742-1.754-.103-.224-.457-1.044-.592-1.165-.592-.534-2.033-.183-2.773-.256l.488-.115.148-.109c-.68-.08-1.363-.34-1.85-.815.531.046%201.052.121%201.592.087.1-.006.378-.02.432-.114-1.338-.016-2.398-.569-3.16-1.62-1.03-1.422-1.646-3.215-2.658-4.662-.203-.289-.474-.68-.776-.847-.015-.092.076-.054.137-.049.375.034.778.157%201.148.234l1.26.462c-.404-.737-1.332-.637-1.984-.994-.759-.416-1.2-1.386-1.487-2.149-.258-.68-.536-1.495-.492-2.217.282.262.529.573.896.73.087-.102-.838-1.102-.867-1.323C-.051.673.656-.051%201.328.003c1.128.09%202.44%201.953%202.87%202.886.074.069.145-.23.149-.25.029-.154.01-.306.054-.452.67.932%201.64%201.722%202.122%202.768l.626%201.778V5.78Z'/%3e%3cpath%20d='m10.851%206.733.626-1.778c.483-1.047%201.451-1.836%202.122-2.769.045.147.025.299.054.452.005.021.075.32.149.25.43-.932%201.742-2.796%202.87-2.885.672-.054%201.38.67%201.294%201.31-.03.22-.954%201.221-.867%201.322.367-.156.614-.467.896-.729.044.722-.234%201.536-.49%202.218-.288.763-.73%201.733-1.488%202.149-.652.356-1.58.256-1.984.993l1.26-.461c.37-.077.772-.2%201.148-.234.06-.006.152-.044.136.049-.301.166-.573.557-.775.847-.794%201.135-1.347%202.488-2.049%203.68-.635%201.081-1.285%202.087-2.613%202.432.148-.768.005-1.562-.173-2.316l-.32-.092c-.219-1.088-.84-2.001-1.466-2.908l.919-1.475.229%201.265.116.082c.12-.489.125-.979.123-1.48l.283-.877v.955ZM8.017%2014.984c-.238.57-.531%201.119-.78%201.686-.089.204-.446%201.24-.518%201.295-.145.114-.622-.087-.777-.2l1.207-2.78h.868ZM12.008%2013.75c-.059.174-.949.7-1.04.617l.12-.5.92-.117Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h18v18H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/maven-io-ktor--ktor-client-auth@3.2.0index.mddocs/
Ktor Client Auth
Ktor Client Auth is a comprehensive authentication and authorization plugin for Ktor HTTP clients. It provides automatic handling of various authentication schemes including Basic, Bearer, and Digest authentication with intelligent token management, refresh capabilities, and circuit breaker functionality to prevent infinite authentication loops.
Package Information
- Package Name: io.ktor:ktor-client-auth
- Package Type: Maven
- Language: Kotlin
- Installation:
implementation("io.ktor:ktor-client-auth:3.2.0")
Core Imports
import io.ktor.client.plugins.auth.*
import io.ktor.client.plugins.auth.providers.*Basic Usage
import io.ktor.client.*
import io.ktor.client.engine.cio.*
import io.ktor.client.plugins.auth.*
import io.ktor.client.plugins.auth.providers.*
import io.ktor.client.request.*
// Create HTTP client with Bearer authentication
val client = HttpClient(CIO) {
install(Auth) {
bearer {
loadTokens {
// Load tokens from storage
BearerTokens("access_token", "refresh_token")
}
refreshTokens { params ->
// Refresh tokens when needed
val newTokens = refreshTokenFromServer(params.oldTokens)
newTokens
}
}
}
}
// Make authenticated requests
val response = client.get("https://api.example.com/protected")Architecture
Ktor Client Auth is built around several key components:
- Auth Plugin: Core plugin that intercepts HTTP requests/responses and manages authentication flow
- Authentication Providers: Pluggable authentication handlers for different schemes (Basic, Bearer, Digest)
- Token Management: Thread-safe token caching and refresh system with automatic retry logic
- Circuit Breaker: Prevention of infinite authentication loops using request attributes
- Response Detection: Configurable detection of unauthorized responses to trigger re-authentication
Capabilities
Auth Plugin Configuration
Core authentication plugin setup and configuration for handling unauthorized responses and managing authentication providers.
val Auth: ClientPlugin<AuthConfig>
fun HttpClientConfig<*>.Auth(block: AuthConfig.() -> Unit)
class AuthConfig {
val providers: MutableList<AuthProvider>
fun reAuthorizeOnResponse(block: suspend (HttpResponse) -> Boolean)
}Bearer Authentication
OAuth2/JWT token authentication with automatic token refresh and management. Supports access tokens with optional refresh tokens.
fun AuthConfig.bearer(block: BearerAuthConfig.() -> Unit)
class BearerTokens(
val accessToken: String,
val refreshToken: String?
)
class BearerAuthConfig {
var realm: String?
fun loadTokens(block: suspend () -> BearerTokens?)
fun refreshTokens(block: suspend RefreshTokensParams.() -> BearerTokens?)
fun sendWithoutRequest(block: (HttpRequestBuilder) -> Boolean)
}Basic Authentication
Username/password authentication using HTTP Basic authentication scheme with credential caching.
fun AuthConfig.basic(block: BasicAuthConfig.() -> Unit)
class BasicAuthCredentials(
val username: String,
val password: String
)
class BasicAuthConfig {
var realm: String?
fun credentials(block: suspend () -> BasicAuthCredentials?)
fun sendWithoutRequest(block: (HttpRequestBuilder) -> Boolean)
}Digest Authentication
Challenge-response authentication using HTTP Digest authentication scheme with nonce handling and hash computation.
fun AuthConfig.digest(block: DigestAuthConfig.() -> Unit)
class DigestAuthCredentials(
val username: String,
val password: String
)
class DigestAuthConfig {
var algorithmName: String
var realm: String?
fun credentials(block: suspend () -> DigestAuthCredentials?)
}Types
interface AuthProvider {
fun sendWithoutRequest(request: HttpRequestBuilder): Boolean
fun isApplicable(auth: HttpAuthHeader): Boolean
suspend fun addRequestHeaders(request: HttpRequestBuilder, authHeader: HttpAuthHeader? = null)
suspend fun refreshToken(response: HttpResponse): Boolean
}
val AuthCircuitBreaker: AttributeKey<Unit>
val HttpClient.authProviders: List<AuthProvider>
inline fun <reified T : AuthProvider> HttpClient.authProvider(): T?