search

akka / akka-http

The Streaming-first HTTP server/module of Akka
https://doc.akka.io/docs/akka-http
Other
1.34k stars 594 forks source link

feat: add JWT and claim validation directives #4377

Closed efgpinto closed 2 months ago

efgpinto commented 2 months ago

With this PR, we want to:

Opening as an early version for feedback.

efgpinto commented 2 months ago

@johanandren do you have a clue on what might be missing to make CI happy? Had a look at the failing pipelines but not obvious for me.

johanandren commented 2 months ago

One thing is a test failure:

--> [jwt] Start of log messages of test that [Failed(org.scalatest.exceptions.TestFailedException: Request was rejected with rejection AuthenticationFailedRejection(CredentialsRejected,***"akka-http-jwt"))]
| [DEBUG] [04/15/2024 15:27:38.107] [pool-8-thread-12-ScalaTest-running-JwtDirectivesExamplesSpec] [WithLogCapturing(akka://docs-http-scaladsl-server-directives-JwtDirectivesExamplesSpec)] Logging started for test [jwt]
| [DEBUG] [04/15/2024 15:27:38.176] [pool-8-thread-12-ScalaTest-running-JwtDirectivesExamplesSpec] [akka.actor.ActorSystemImpl(docs-http-scaladsl-server-directives-JwtDirectivesExamplesSpec)] The token was rejected: Failed to verify JWT token due to unsupported algorithm
| [DEBUG] [04/15/2024 15:27:38.181] [pool-8-thread-12-ScalaTest-running-JwtDirectivesExamplesSpec] [WithLogCapturing(akka://docs-http-scaladsl-server-directives-JwtDirectivesExamplesSpec)] Logging finished for test [jwt]
<-- [jwt] End of log messages of test that [Failed(org.scalatest.exceptions.TestFailedException: Request was rejected with rejection AuthenticationFailedRejection(CredentialsRejected,***"akka-http-jwt"))]
[info] JwtDirectivesExamplesSpec:
[info] - jwt *** FAILED *** (77 milliseconds)
[info]   Request was rejected with rejection AuthenticationFailedRejection(CredentialsRejected,***"akka-http-jwt") (JwtDirectivesExamplesSpec.scala:32)
[info]   org.scalatest.exceptions.TestFailedException:
[info]   at akka.http.scaladsl.testkit.TestFrameworkInterface$Scalatest.failTest(TestFrameworkInterface.scala:27)
[info]   at akka.http.scaladsl.testkit.TestFrameworkInterface$Scalatest.failTest$(TestFrameworkInterface.scala:27)
[info]   at akka.http.scaladsl.server.RoutingSpec.failTest(RoutingSpec.scala:25)
[info]   at akka.http.scaladsl.testkit.RouteTestResultComponent$RouteTestResult.rawResponse(RouteTestResultComponent.scala:62)
[info]   at akka.http.scaladsl.testkit.RouteTestResultComponent$RouteTestResult.response(RouteTestResultComponent.scala:39)
[info]   at akka.http.scaladsl.testkit.RouteTest.response(RouteTest.scala:66)
[info]   at akka.http.scaladsl.testkit.RouteTest.response$(RouteTest.scala:66)
[info]   at akka.http.scaladsl.server.RoutingSpec.response(RoutingSpec.scala:25)
[info]   at akka.http.scaladsl.testkit.RouteTest.responseAs(RouteTest.scala:77)
[info]   at akka.http.scaladsl.testkit.RouteTest.responseAs$(RouteTest.scala:75)
[info]   at akka.http.scaladsl.server.RoutingSpec.responseAs(RoutingSpec.scala:25)
[info]   at docs.http.scaladsl.server.directives.JwtDirectivesExamplesSpec.$anonfun$new$4(JwtDirectivesExamplesSpec.scala:32)

the other is a check that any api annotated with @ApiMayChange is listed in the compatibility-guidelines.md doc page, so you need to add the public may-change JWT api:s there

efgpinto commented 2 months ago

Green at last. Thanks Johan for the tips. See what you think about https://github.com/akka/akka-http/commit/c65785d57511a95d796ea6bc4104e09a01221e21 .. otherwise I think this is good to go.