search

papsign / Ktor-OpenAPI-Generator

Ktor OpenAPI/Swagger 3 Generator
Apache License 2.0
243 stars 42 forks source link

jwt authentication support #8

Open Globegitter opened 4 years ago

Globegitter commented 4 years ago

So, hopefully this will be the last one. In our application we have

install(Authentication) {
        jwt(configure = authenticationProvider)
    }

and I would like for routes within the apiRouting block to be able to make use of that authentication provider. For normal kotlin routes I can just use the authenticate block but that does not seem to exist in apiRouting. Is this use-case supported or not?

Wicpar commented 4 years ago

no convenient implementation exists. you need to implement it yourself by implementing AuthProvider<PrincipalObject> and creating a route selector that registers it:

inline fun<T> NormalOpenAPIRoute.auth(privider: AuthProvider<T>, crossinline route: OpenAPIAuthenticatedRoute<T>.()->Unit = {}): OpenAPIAuthenticatedRoute<T> {
    return provider.apply(this).apply {
        route()
    }
}

there was an implementation with oauth, which would be a good example: https://github.com/papsign/Ktor-OpenAPI-Generator/blob/b5269bdab0bb40dbb36ec6a2b8f544418601a456/src/main/kotlin/com/papsign/ktor/openapigen/interop/OAuth2Provider.kt look at the inner class OAuth2Provider

the problem was that the oauth system in ktor is for clients only and not resource servers. i have implemented an oauth server framework, and will release it publicly once it is stable and maintainable.

Feel free to do a pull request if you create a proper implementation for convenient JWT handling