tessl/maven-io-ktor--ktor-server-auth-jvm
Authentication and authorization plugin for Ktor server applications
—
Pending
Quality
Pending
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Securityby
Pending
The risk profile of this skill
Ktor Server Authentication
Comprehensive authentication and authorization capabilities for Ktor server applications. This module provides support for multiple authentication mechanisms including Basic, Bearer, Form-based, Session-based, Digest, OAuth 1.0a, and OAuth 2.0 authentication through a flexible provider-based architecture.
Package Information
- Package Name: ktor-server-auth-jvm
- Package Type: maven
- Language: Kotlin
- Installation:
implementation("io.ktor:ktor-server-auth-jvm:3.2.0")
Core Imports
import io.ktor.server.auth.*
import io.ktor.server.application.*
import io.ktor.server.routing.*Basic Usage
import io.ktor.server.application.*
import io.ktor.server.auth.*
import io.ktor.server.routing.*
import io.ktor.server.response.*
fun Application.configureAuthentication() {
install(Authentication) {
basic("auth-basic") {
realm = "Access to the '/' path"
validate { credentials ->
if (credentials.name == "admin" && credentials.password == "password") {
UserIdPrincipal(credentials.name)
} else null
}
}
}
routing {
authenticate("auth-basic") {
get("/protected") {
val principal = call.principal<UserIdPrincipal>()
call.respond("Hello ${principal?.name}!")
}
}
}
}Architecture
The Ktor authentication module follows a provider-based architecture:
- Authentication Plugin: Core plugin that manages multiple authentication providers
- Authentication Providers: Specific implementations for different auth mechanisms (Basic, Bearer, OAuth, etc.)
- Authentication Context: Manages authentication state and results during request processing
- Principals: Represent authenticated users/identities
- Credentials: Represent authentication data (username/password, tokens, etc.)
- Challenge System: Handles authentication failures and response generation
Core Components
Authentication Plugin
Main plugin for handling authentication and authorization.
object Authentication : BaseApplicationPlugin<Application, AuthenticationConfig, Authentication>
fun Application.authentication(block: AuthenticationConfig.() -> Unit)
class AuthenticationConfig {
fun provider(name: String?, configure: DynamicProviderConfig.() -> Unit)
fun register(provider: AuthenticationProvider)
}
class DynamicProviderConfig(name: String?) {
fun authenticate(block: (context: AuthenticationContext) -> Unit)
}Authentication Context
val ApplicationCall.authentication: AuthenticationContext
inline fun <reified P : Any> ApplicationCall.principal(): P?
inline fun <reified P : Any> ApplicationCall.principal(provider: String?): P?
class AuthenticationContext {
fun principal(principal: Any)
fun principal(provider: String?, principal: Any)
fun <T> principal(provider: String? = null): T?
fun challenge(key: Any, cause: AuthenticationFailedCause, function: ChallengeFunction)
fun error(key: Any, cause: AuthenticationFailedCause)
val allErrors: List<AuthenticationFailedCause>
val allFailures: List<AuthenticationFailedCause>
}Route Protection
fun Route.authenticate(
vararg configurations: String? = arrayOf(null),
optional: Boolean = false,
build: Route.() -> Unit
): Route
fun Route.authenticate(
vararg configurations: String? = arrayOf(null),
strategy: AuthenticationStrategy,
build: Route.() -> Unit
): Route
enum class AuthenticationStrategy {
Optional, FirstSuccessful, Required
}
class AuthenticationRouteSelector(val names: List<String?>)
object AuthenticationCheckedCapabilities
Basic Authentication
HTTP Basic authentication with username and password validation.
fun AuthenticationConfig.basic(
name: String? = null,
configure: BasicAuthenticationProvider.Config.() -> Unit
)Bearer Token Authentication
Bearer token authentication for API access tokens and JWT tokens.
fun AuthenticationConfig.bearer(
name: String? = null,
configure: BearerAuthenticationProvider.Config.() -> Unit
)Form and Session Authentication
Form-based and session-based authentication for web applications.
fun AuthenticationConfig.form(
name: String? = null,
configure: FormAuthenticationProvider.Config.() -> Unit
)
fun <T : Any> AuthenticationConfig.session(
name: String? = null,
configure: SessionAuthenticationProvider.Config<T>.() -> Unit
)Form and Session Authentication
OAuth Authentication
OAuth 1.0a and OAuth 2.0 support for third-party authentication providers.
fun AuthenticationConfig.oauth(
name: String? = null,
configure: OAuthAuthenticationProvider.Config.() -> Unit
)JVM-Specific Features
Digest authentication and comprehensive OAuth 1.0a support available only on JVM platform.
fun AuthenticationConfig.digest(
name: String? = null,
configure: DigestAuthenticationProvider.Config.() -> Unit
)Common Types
Credentials
data class UserPasswordCredential(val name: String, val password: String)
data class BearerTokenCredential(val token: String)Principals
data class UserIdPrincipal(val name: String)Utility Classes
class UserHashedTableAuth(
table: Map<String, ByteArray>,
digester: (String) -> String
) {
fun authenticate(credential: UserPasswordCredential): UserIdPrincipal?
}Header Utilities
fun ApplicationRequest.parseAuthorizationHeader(): HttpAuthHeader?Authentication Results
sealed class AuthenticationFailedCause {
data object NoCredentials : AuthenticationFailedCause()
data object InvalidCredentials : AuthenticationFailedCause()
open class Error(val message: String) : AuthenticationFailedCause()
}
typealias ChallengeFunction = suspend PipelineContext<*, ApplicationCall>.(String, String) -> Unit
typealias AuthenticationFunction<C> = suspend ApplicationCall.(C) -> Any?
typealias ApplicationCallPredicate = (ApplicationCall) -> BooleanResponse Types
class UnauthorizedResponse(
challenge: HttpAuthHeader = HttpAuthHeader.basicAuthChallenge("Ktor Server")
) : HttpStatusCodeContent
class ForbiddenResponse(message: String = "Forbidden") : HttpStatusCodeContentPlatform Availability
- Common: Basic, Bearer, Form, Session authentication, OAuth 2.0
- JVM Only: Digest authentication, OAuth 1.0a
- JS/WASM/Native: Limited OAuth support through platform-specific implementations
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
- Publish Source
- CLI
- Badge
'%3e%3cpath%20d='m7.15%205.779.281.877c-.001.502.003.991.124%201.48l.116-.082.229-1.265c.723%201.422%202.78%203.325%202.53%205.008-.022.154-.082.3-.158.435.349-.014.375-.38.578-.56.187%201.005.17%201.975-.22%202.932l1.428%203.159c-.007.07-.626.285-.744.226-.087-.044-.629-1.506-.742-1.754-.103-.224-.457-1.044-.592-1.165-.592-.534-2.033-.183-2.773-.256l.488-.115.148-.109c-.68-.08-1.363-.34-1.85-.815.531.046%201.052.121%201.592.087.1-.006.378-.02.432-.114-1.338-.016-2.398-.569-3.16-1.62-1.03-1.422-1.646-3.215-2.658-4.662-.203-.289-.474-.68-.776-.847-.015-.092.076-.054.137-.049.375.034.778.157%201.148.234l1.26.462c-.404-.737-1.332-.637-1.984-.994-.759-.416-1.2-1.386-1.487-2.149-.258-.68-.536-1.495-.492-2.217.282.262.529.573.896.73.087-.102-.838-1.102-.867-1.323C-.051.673.656-.051%201.328.003c1.128.09%202.44%201.953%202.87%202.886.074.069.145-.23.149-.25.029-.154.01-.306.054-.452.67.932%201.64%201.722%202.122%202.768l.626%201.778V5.78Z'/%3e%3cpath%20d='m10.851%206.733.626-1.778c.483-1.047%201.451-1.836%202.122-2.769.045.147.025.299.054.452.005.021.075.32.149.25.43-.932%201.742-2.796%202.87-2.885.672-.054%201.38.67%201.294%201.31-.03.22-.954%201.221-.867%201.322.367-.156.614-.467.896-.729.044.722-.234%201.536-.49%202.218-.288.763-.73%201.733-1.488%202.149-.652.356-1.58.256-1.984.993l1.26-.461c.37-.077.772-.2%201.148-.234.06-.006.152-.044.136.049-.301.166-.573.557-.775.847-.794%201.135-1.347%202.488-2.049%203.68-.635%201.081-1.285%202.087-2.613%202.432.148-.768.005-1.562-.173-2.316l-.32-.092c-.219-1.088-.84-2.001-1.466-2.908l.919-1.475.229%201.265.116.082c.12-.489.125-.979.123-1.48l.283-.877v.955ZM8.017%2014.984c-.238.57-.531%201.119-.78%201.686-.089.204-.446%201.24-.518%201.295-.145.114-.622-.087-.777-.2l1.207-2.78h.868ZM12.008%2013.75c-.059.174-.949.7-1.04.617l.12-.5.92-.117Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h18v18H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
