Package io.ktor.server.auth

Types

Link copied to clipboard
typealias ApplicationCallPredicate = (<ERROR CLASS>) -> Boolean

A predicate function that accepts an application call and returns true or false.

Link copied to clipboard
class Authentication(config: AuthenticationConfig)

A plugin that handles authentication and authorization. Typical usage scenarios include logging in users, granting access to specific resources, and securely transmitting information between parties.

Link copied to clipboard
object AuthenticationChecked

A hook that is executed after authentication was checked. Note that this hook is also executed for optional authentication or for routes without any authentication, resulting in ApplicationCall.principal being null.

Link copied to clipboard
class AuthenticationConfig(providers: Map<String?, AuthenticationProvider>)

A configuration for the Authentication plugin.

Link copied to clipboard
class AuthenticationContext(call: <ERROR CLASS>)

An authentication context for a call.

Link copied to clipboard
sealed class AuthenticationFailedCause

Represents a cause for an authentication challenge request.

Link copied to clipboard
typealias AuthenticationFunction<C> = suspend <ERROR CLASS>.(C) -> Principal?

An authentication function that accepts and verifies credentials and returns a principal when verification is successful.

Link copied to clipboard
class AuthenticationProcedureChallenge

Represents an authentication challenging procedure requested by authentication mechanism.

Link copied to clipboard
abstract class AuthenticationProvider(config: AuthenticationProvider.Config)

An authentication provider with the specified name.

Link copied to clipboard
class AuthenticationRouteSelector(names: List<String?>)

An authentication route node that is used by Authentication plugin and usually created by the Route.authenticate DSL function, so generally there is no need to instantiate it directly unless you are writing an extension.

Link copied to clipboard
class BasicAuthenticationProvider : AuthenticationProvider

A basicAuthentication provider.

Link copied to clipboard
typealias ChallengeFunction = suspend (AuthenticationProcedureChallenge, <ERROR CLASS>) -> Unit
Link copied to clipboard
interface Credential

A marker interface indicating that a class represents credentials for authentication.

Link copied to clipboard
class DigestAuthenticationProvider : AuthenticationProvider

A digestAuthentication provider.

Link copied to clipboard
data class DigestCredential(realm: String, userName: String, digestUri: String, nonce: String, opaque: String?, nonceCount: String?, algorithm: String?, response: String, cnonce: String?, qop: String?) : Credential

Digest credentials.

Link copied to clipboard
typealias DigestProviderFunction = suspend (userName: String, realm: String) -> ByteArray?

Provides a message digest for the specified username and realm or returns null if a user is missing. This function could fetch digest from a database or compute it instead.

Link copied to clipboard
class DynamicProviderConfig(name: String?) : AuthenticationProvider.Config

A configuration that creates a provider based on the AuthenticationConfig.provider block.

Link copied to clipboard
class ForbiddenResponse(challenges: HttpAuthHeader) : OutgoingContent.NoContent

Response content with the 403 Forbidden status code and the WWW-Authenticate header of supplied challenges

Link copied to clipboard
class FormAuthChallengeContext(call: <ERROR CLASS>)
Link copied to clipboard
typealias FormAuthChallengeFunction = suspend FormAuthChallengeContext.(UserPasswordCredential?) -> Unit

Specifies what to send back if form-based authentication fails.

Link copied to clipboard
class FormAuthenticationProvider : AuthenticationProvider

A form-based authentication provider.

Link copied to clipboard
sealed class OAuth1aException : Exception

An OAuth1a server error.

Link copied to clipboard
sealed class OAuth2Exception : Exception

Represents an error during communicating to OAuth2 server.

Link copied to clipboard
object OAuth2RequestParameters

List of OAuth2 request parameters for both peers.

Link copied to clipboard
object OAuth2ResponseParameters

List of OAuth2 server response parameters.

Link copied to clipboard
sealed class OAuthAccessTokenResponse : Principal

An OAuth access token acquired from the server.

Link copied to clipboard
class OAuthAuthenticationProvider : AuthenticationProvider

An OAuthAuthentication provider.

Link copied to clipboard
sealed class OAuthCallback

OAuth callback parameters.

Link copied to clipboard
object OAuthGrantTypes

OAuth grant types constants.

Link copied to clipboard
sealed class OAuthServerSettings

OAuth server settings.

Link copied to clipboard
enum OAuthVersion : Enum<OAuthVersion>

OAuth versions used in configuration.

Link copied to clipboard
interface Principal

A marker interface indicating that a class represents an authenticated principal.

Link copied to clipboard
class RouteAuthenticationConfig

A configuration for the AuthenticationInterceptors plugin.

Link copied to clipboard
typealias SessionAuthChallengeFunction<T> = suspend SessionChallengeContext.(T?) -> Unit

Specifies what to send back if session authentication fails.

Link copied to clipboard
class SessionAuthenticationProvider<T : Any> : AuthenticationProvider

A session-based Authentication provider.

Link copied to clipboard
class SessionChallengeContext(call: ApplicationCall)
Link copied to clipboard
class UnauthorizedResponse(challenges: HttpAuthHeader) : OutgoingContent.NoContent

Response content with the 401 Unauthorized status code and the WWW-Authenticate header of supplied challenges.

Link copied to clipboard
class UserHashedTableAuth(digester: (String) -> ByteArray, table: Map<String, ByteArray>)

An in-memory table that keeps usernames and password hashes. This allows you not to compromise user passwords if your data source is leaked.

Link copied to clipboard
data class UserIdPrincipal(name: String) : Principal

A user's principal identified by name.

Link copied to clipboard
data class UserPasswordCredential(name: String, password: String) : Credential

A user's credentials identified by name and password.

Functions

Link copied to clipboard
fun <ERROR CLASS>.authenticate(vararg configurations: String? = arrayOf(null), optional: Boolean = false, build: <ERROR CLASS>.() -> Unit): <ERROR CLASS>

Creates a route that allows you to define authorization scope for application resources. This function accepts names of authentication providers defined in the Authentication plugin configuration.

Link copied to clipboard
fun <ERROR CLASS>.authentication(block: AuthenticationConfig.() -> Unit)

Installs the Authentication plugin if not yet installed and invokes block on its config. You can modify the existing authentication configuration only in the authentication's block or using the Authentication.configure function. Changing captured instance of configuration outside of block may have no effect or damage application's state.

Link copied to clipboard
fun AuthenticationConfig.basic(name: String? = null, configure: BasicAuthenticationProvider.Config.() -> Unit)

Installs the basic Authentication provider. You can use basic authentication for logging in users and protecting specific routes. To learn how to configure it, see Basic authentication.

Link copied to clipboard
fun <ERROR CLASS>.basicAuthenticationCredentials(charset: Charset? = null): UserPasswordCredential?

Retrieves basic authentication credentials for this ApplicationRequest.

Link copied to clipboard
fun createObtainRequestTokenHeader(callback: String, consumerKey: String, nonce: String, timestamp: LocalDateTime = LocalDateTime.now()): HttpAuthHeader.Parameterized

Creates an HTTP authentication header for OAuth1a obtain token request.

Link copied to clipboard
fun AuthenticationConfig.digest(name: String? = null, configure: DigestAuthenticationProvider.Config.() -> Unit)

Installs the digest Authentication provider. To learn how to configure it, see Digest authentication.

Link copied to clipboard

Retrieves DigestCredential for this call.

Link copied to clipboard
fun DigestCredential.expectedDigest(method: HttpMethod, digester: MessageDigest, userNameRealmPasswordDigest: ByteArray): ByteArray

Calculates the expected digest bytes for this DigestCredential.

Link copied to clipboard
fun AuthenticationConfig.form(name: String? = null, configure: FormAuthenticationProvider.Config.() -> Unit)

Installs the form-based Authentication provider. Form-based authentication uses a web form to collect credential information and authenticate a user. To learn how to configure it, see Form-based authentication.

Link copied to clipboard
fun AuthenticationConfig.oauth(name: String? = null, configure: OAuthAuthenticationProvider.Config.() -> Unit)

Installs the OAuth Authentication provider. OAuth can be used to authorize users of your application by using external providers, such as Google, Facebook, Twitter, and so on. To learn how to configure it, see OAuth.

suspend fun PipelineContext<Unit, ApplicationCall>.oauth(client: HttpClient, dispatcher: CoroutineDispatcher, providerLookup: ApplicationCall.() -> OAuthServerSettings?, urlProvider: ApplicationCall.(OAuthServerSettings) -> String)

Installs both OAuth1a and OAuth2 authentication helpers that redirects to an OAuth server authorization page and handles corresponding callbacks.

Link copied to clipboard
suspend fun PipelineContext<Unit, ApplicationCall>.oauthHandleCallback(client: HttpClient, dispatcher: CoroutineDispatcher, provider: OAuthServerSettings, callbackUrl: String, loginPageUrl: String, block: suspend (OAuthAccessTokenResponse) -> Unit)

Handles an OAuth callback. Usually it leads to requesting an access token.

suspend fun PipelineContext<Unit, ApplicationCall>.oauthHandleCallback(client: HttpClient, dispatcher: CoroutineDispatcher, provider: OAuthServerSettings, callbackUrl: String, loginPageUrl: String, configure: HttpRequestBuilder.() -> Unit = {}, block: suspend (OAuthAccessTokenResponse) -> Unit)

Handles an OAuth callback.

Link copied to clipboard
suspend fun PipelineContext<Unit, ApplicationCall>.oauthRespondRedirect(client: HttpClient, dispatcher: CoroutineDispatcher, provider: OAuthServerSettings, callbackUrl: String)

Responds with OAuth redirect.

Link copied to clipboard
fun <ERROR CLASS>.parseAuthorizationHeader(): HttpAuthHeader?

Parses an authorization header from a ApplicationRequest returning a HttpAuthHeader.

Link copied to clipboard
inline fun <P : Principal> <ERROR CLASS>.principal(): P?

Retrieves an authenticated Principal for this call.

Link copied to clipboard
inline fun <T : Principal> AuthenticationConfig.session(name: String? = null)
inline fun <T : Any> AuthenticationConfig.session(name: String? = null, configure: SessionAuthenticationProvider.Config<T>.() -> Unit)

Installs the session Authentication provider. This provider provides the ability to authenticate a user that already has an associated session.

Link copied to clipboard
fun HttpAuthHeader.Parameterized.sign(method: HttpMethod, baseUrl: String, key: String, parameters: List<Pair<String, String>>): HttpAuthHeader.Parameterized

Signs an HTTP auth header.

Link copied to clipboard
fun signatureBaseString(header: HttpAuthHeader.Parameterized, method: HttpMethod, baseUrl: String, parameters: List<HeaderValueParam>): String

Builds an OAuth1a signature base string as per RFC.

Link copied to clipboard
Link copied to clipboard
suspend fun DigestCredential.verifier(method: HttpMethod, digester: MessageDigest, userNameRealmPasswordDigest: suspend (String, String) -> ByteArray?): Boolean

Verifies that credentials are valid for a given method, digester, and userNameRealmPasswordDigest.

Link copied to clipboard

Implements Resource Owner Password Credentials Grant.

Properties

Link copied to clipboard
val <ERROR CLASS>.authentication: AuthenticationContext

Retrieves an AuthenticationContext for this call.

Link copied to clipboard
val AuthenticationInterceptors: <ERROR CLASS><RouteAuthenticationConfig>

A plugin that authenticates calls. Usually used via the authenticate function inside routing.

Link copied to clipboard
val OAuthKey: Any

An OAuth provider key.

Link copied to clipboard
const val SessionAuthChallengeKey: String

A key used to register authentication challenge.