Package-level declarations

Types

Link copied to clipboard

A predicate function that accepts an application call and returns true or false.

Link copied to clipboard

A plugin that handles authentication and authorization. Typical usage scenarios include logging in users, granting access to specific resources, and securely transmitting information between parties.

Link copied to clipboard

A hook that is executed after authentication was checked. Note that this hook is also executed for optional authentication or for routes without any authentication, resulting in ApplicationCall.principal being null.

Link copied to clipboard
class AuthenticationConfig(providers: Map<String?, AuthenticationProvider> = emptyMap())

A configuration for the Authentication plugin.

Link copied to clipboard

An authentication context for a call.

Link copied to clipboard

Represents a cause for an authentication challenge request.

Link copied to clipboard
typealias AuthenticationFunction<C> = suspend ApplicationCall.(credentials: C) -> Principal?

An authentication function that accepts and verifies credentials and returns a principal when verification is successful.

Link copied to clipboard

Represents an authentication challenging procedure requested by authentication mechanism.

Link copied to clipboard

An authentication provider with the specified name.

Link copied to clipboard

An authentication route node that is used by Authentication plugin and usually created by the Route.authenticate DSL function, so generally there is no need to instantiate it directly unless you are writing an extension.

Link copied to clipboard

A resolution strategy for nested authentication providers. AuthenticationStrategy.Optional - if no authentication is provided by the client, a call continues but with a null Principal. AuthenticationStrategy.FirstSuccessful - client must provide authentication data for at least one provider registered for this route AuthenticationStrategy.Required - client must provide authentication data for all providers registered for this route with this strategy

Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
data class BearerTokenCredential(val token: String) : Credential
Link copied to clipboard
Link copied to clipboard
interface Credential

A marker interface indicating that a class represents credentials for authentication.

Link copied to clipboard
data class DigestCredential(val realm: String, val userName: String, val digestUri: String, val nonce: String, val opaque: String?, val nonceCount: String?, val algorithm: String?, val response: String, val cnonce: String?, val qop: String?) : Credential

Digest credentials.

Link copied to clipboard
typealias DigestProviderFunction = suspend (userName: String, realm: String) -> ByteArray?

Provides a message digest for the specified username and realm or returns null if a user is missing. This function could fetch digest from a database or compute it instead.

Link copied to clipboard

A configuration that creates a provider based on the AuthenticationConfig.provider block.

Link copied to clipboard

Response content with the 403 Forbidden status code and the WWW-Authenticate header of supplied challenges

Link copied to clipboard
Link copied to clipboard

Specifies what to send back if form-based authentication fails.

Link copied to clipboard

A form-based authentication provider.

Link copied to clipboard

An OAuth1a server error.

Link copied to clipboard
sealed class OAuth2Exception : Exception

Represents an error during communicating to OAuth2 server.

Link copied to clipboard

List of OAuth2 request parameters for both peers.

Link copied to clipboard

List of OAuth2 server response parameters.

Link copied to clipboard

An OAuth access token acquired from the server.

Link copied to clipboard
Link copied to clipboard
sealed class OAuthCallback

OAuth callback parameters.

Link copied to clipboard

OAuth grant types constants.

Link copied to clipboard
sealed class OAuthServerSettings

OAuth server settings.

Link copied to clipboard

OAuth versions used in configuration.

Link copied to clipboard
interface Principal

A marker interface indicating that a class represents an authenticated principal.

Link copied to clipboard

A configuration for the AuthenticationInterceptors plugin.

Link copied to clipboard

Specifies what to send back if session authentication fails.

Link copied to clipboard
Link copied to clipboard
Link copied to clipboard

Response content with the 401 Unauthorized status code and the WWW-Authenticate header of supplied challenges.

Link copied to clipboard
class UserHashedTableAuth(val digester: (String) -> ByteArray, val table: Map<String, ByteArray>)

An in-memory table that keeps usernames and password hashes. This allows you not to compromise user passwords if your data source is leaked.

Link copied to clipboard
data class UserIdPrincipal(val name: String) : Principal

A user's principal identified by name.

Link copied to clipboard
data class UserPasswordCredential(val name: String, val password: String) : Credential

A user's credentials identified by name and password.

Functions

Link copied to clipboard
fun Route.authenticate(vararg configurations: String? = arrayOf(null), strategy: AuthenticationStrategy, build: Route.() -> Unit): Route
fun Route.authenticate(vararg configurations: String? = arrayOf(null), optional: Boolean = false, build: Route.() -> Unit): Route

Creates a route that allows you to define authorization scope for application resources. This function accepts names of authentication providers defined in the Authentication plugin configuration.

Link copied to clipboard

Installs the Authentication plugin if not yet installed and invokes block on its config. You can modify the existing authentication configuration only in the authentication's block or using the Authentication.configure function. Changing captured instance of configuration outside of block may have no effect or damage application's state.

Link copied to clipboard

Installs the basic Authentication provider. You can use basic authentication for logging in users and protecting specific routes. To learn how to configure it, see Basic authentication.

Link copied to clipboard

Retrieves basic authentication credentials for this ApplicationRequest.

Link copied to clipboard

Installs the Bearer Authentication provider. Bearer auth requires the developer to provide a custom 'authenticate' function to authorize the token, and return the associated principal.

Link copied to clipboard
fun createObtainRequestTokenHeader(callback: String, consumerKey: String, nonce: String, timestamp: LocalDateTime = LocalDateTime.now()): HttpAuthHeader.Parameterized

Creates an HTTP authentication header for OAuth1a obtain token request.

Link copied to clipboard

Installs the digest Authentication provider. To learn how to configure it, see Digest authentication.

Link copied to clipboard
fun DigestCredential.expectedDigest(method: HttpMethod, digester: MessageDigest, userNameRealmPasswordDigest: ByteArray): ByteArray

Calculates the expected digest bytes for this DigestCredential.

Link copied to clipboard

Installs the form-based Authentication provider. Form-based authentication uses a web form to collect credential information and authenticate a user. To learn how to configure it, see Form-based authentication.

Link copied to clipboard

Installs the OAuth Authentication provider. OAuth can be used to authorize users of your application by using external providers, such as Google, Facebook, Twitter, and so on. To learn how to configure it, see OAuth.

expect suspend fun PipelineContext<Unit, ApplicationCall>.oauth(client: HttpClient, dispatcher: CoroutineDispatcher, providerLookup: ApplicationCall.() -> OAuthServerSettings?, urlProvider: ApplicationCall.(OAuthServerSettings) -> String)

Installs both OAuth1a and OAuth2 authentication helpers that redirects to an OAuth server authorization page and handles corresponding callbacks.

actual suspend fun PipelineContext<Unit, ApplicationCall>.oauth(client: HttpClient, dispatcher: CoroutineDispatcher, providerLookup: ApplicationCall.() -> OAuthServerSettings?, urlProvider: ApplicationCall.(OAuthServerSettings) -> String)

Installs both OAuth1a and OAuth2 authentication helpers that redirects to an OAuth server authorization page and handles corresponding callbacks.

actual suspend fun PipelineContext<Unit, ApplicationCall>.oauth(client: HttpClient, dispatcher: CoroutineDispatcher, providerLookup: ApplicationCall.() -> OAuthServerSettings?, urlProvider: ApplicationCall.(OAuthServerSettings) -> String)

Installs both OAuth1a and OAuth2 authentication helpers that redirects to an OAuth server authorization page and handles corresponding callbacks.

Link copied to clipboard
expect suspend fun PipelineContext<Unit, ApplicationCall>.oauthHandleCallback(client: HttpClient, dispatcher: CoroutineDispatcher, provider: OAuthServerSettings, callbackUrl: String, loginPageUrl: String, block: suspend (OAuthAccessTokenResponse) -> Unit)

Handles an OAuth callback. Usually it leads to requesting an access token.

expect suspend fun PipelineContext<Unit, ApplicationCall>.oauthHandleCallback(client: HttpClient, dispatcher: CoroutineDispatcher, provider: OAuthServerSettings, callbackUrl: String, loginPageUrl: String, configure: HttpRequestBuilder.() -> Unit = {}, block: suspend (OAuthAccessTokenResponse) -> Unit)

Handles an OAuth callback.

actual suspend fun PipelineContext<Unit, ApplicationCall>.oauthHandleCallback(client: HttpClient, dispatcher: CoroutineDispatcher, provider: OAuthServerSettings, callbackUrl: String, loginPageUrl: String, block: suspend (OAuthAccessTokenResponse) -> Unit)

Handles an OAuth callback. Usually it leads to requesting an access token.

actual suspend fun PipelineContext<Unit, ApplicationCall>.oauthHandleCallback(client: HttpClient, dispatcher: CoroutineDispatcher, provider: OAuthServerSettings, callbackUrl: String, loginPageUrl: String, configure: HttpRequestBuilder.() -> Unit, block: suspend (OAuthAccessTokenResponse) -> Unit)

Handles an OAuth callback.

actual suspend fun PipelineContext<Unit, ApplicationCall>.oauthHandleCallback(client: HttpClient, dispatcher: CoroutineDispatcher, provider: OAuthServerSettings, callbackUrl: String, loginPageUrl: String, block: suspend (OAuthAccessTokenResponse) -> Unit)

Handles an OAuth callback. Usually it leads to requesting an access token.

actual suspend fun PipelineContext<Unit, ApplicationCall>.oauthHandleCallback(client: HttpClient, dispatcher: CoroutineDispatcher, provider: OAuthServerSettings, callbackUrl: String, loginPageUrl: String, configure: HttpRequestBuilder.() -> Unit, block: suspend (OAuthAccessTokenResponse) -> Unit)

Handles an OAuth callback.

Link copied to clipboard
expect suspend fun PipelineContext<Unit, ApplicationCall>.oauthRespondRedirect(client: HttpClient, dispatcher: CoroutineDispatcher, provider: OAuthServerSettings, callbackUrl: String)

Responds with OAuth redirect.

actual suspend fun PipelineContext<Unit, ApplicationCall>.oauthRespondRedirect(client: HttpClient, dispatcher: CoroutineDispatcher, provider: OAuthServerSettings, callbackUrl: String)

Responds with OAuth redirect.

actual suspend fun PipelineContext<Unit, ApplicationCall>.oauthRespondRedirect(client: HttpClient, dispatcher: CoroutineDispatcher, provider: OAuthServerSettings, callbackUrl: String)

Responds with OAuth redirect.

Link copied to clipboard

Parses an authorization header from a ApplicationRequest returning a HttpAuthHeader.

Link copied to clipboard

Retrieves an authenticated Principal for this call.

inline fun <P : Principal> ApplicationCall.principal(provider: String?): P?

Retrieves an authenticated Principal for this call from provider with name provider

Link copied to clipboard
inline fun <T : Principal> AuthenticationConfig.session(name: String? = null)
inline fun <T : Any> AuthenticationConfig.session(name: String? = null, configure: SessionAuthenticationProvider.Config<T>.() -> Unit)

Installs the session Authentication provider. This provider provides the ability to authenticate a user that already has an associated session.

Link copied to clipboard

Signs an HTTP auth header.

Link copied to clipboard

Builds an OAuth1a signature base string as per RFC.

Link copied to clipboard
suspend fun DigestCredential.verifier(method: HttpMethod, digester: MessageDigest, userNameRealmPasswordDigest: suspend (String, String) -> ByteArray?): Boolean

Verifies that credentials are valid for a given method, digester, and userNameRealmPasswordDigest.

Link copied to clipboard

Implements Resource Owner Password Credentials Grant.

Properties

Link copied to clipboard
Link copied to clipboard

A plugin that authenticates calls. Usually used via the authenticate function inside routing.

Link copied to clipboard

An OAuth provider key.

Link copied to clipboard

A key used to register authentication challenge.