Created
March 30, 2024 15:01
-
-
Save RaheemJnr/2f5028a4423a25ce287fd9bd79e06ef1 to your computer and use it in GitHub Desktop.
JwtControllerPlugin.kt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* configureSecurity Function | |
* fun Application.configureSecurity(jwtController: JwtController) { ... }: This extension function is defined for the Application class, taking a JwtController instance as an argument. It's responsible for configuring the security aspects of the Ktor application, particularly JWT authentication. | |
* Authentication Configuration | |
* install(Authentication) { ... }: Installs the Authentication feature into the Ktor application. This feature is used to secure your application by authenticating requests. | |
* JWT Authentication for Access Tokens | |
* jwt("main_auth_jwt") { ... }: Configures JWT authentication with the name "main_auth_jwt". This is used for authenticating access tokens. | |
* | |
* verifier(...): Sets up the JWT verifier by using the verifyToken method of the jwtController, specifying that it should verify access tokens. The verifier is responsible for validating the signatures of incoming tokens to ensure they were issued by the server and haven't been tampered with. | |
* | |
* validate { credential -> ... }: Defines the logic to validate the claims within the token. It checks if the token's audience matches the expected audience (jwtController.audience) and if the token contains a "User_id" claim. If the validation passes, a JWTPrincipal is returned, carrying the token's payload. Otherwise, null is returned to indicate invalid credentials. | |
* | |
* unauthorized(): Configures the response to unauthorized requests. This is a custom function added to the JWTAuthenticationProvider.Config class. | |
* | |
* JWT Authentication for Refresh Tokens | |
* jwt("refresh_auth_jwt") { ... }: Similar to the previous block, but this one is configured for handling refresh tokens with the name "refresh_auth_jwt". | |
* | |
* It also sets up a verifier specifically for refresh tokens and uses the same validation logic to check the token's audience and claims. | |
* respondUnauthorized Function | |
* private fun JWTAuthenticationProvider.Config.respondUnauthorized() { ... }: This is a utility function that enhances the JWTAuthenticationProvider.Config with a custom response for unauthorized requests. | |
* | |
* challenge { _, _ -> ... }: Defines a challenge that is issued when authentication fails. In this case, it responds with UnauthorizedResponse(), indicating that the request was unauthorized. | |
* | |
* **/ | |
fun Application.configureSecurity( | |
jwtController: JwtController, | |
) { | |
install(Authentication) { | |
// | |
jwt("main_auth_jwt") { | |
verifier( | |
jwtController.verifyToken(tokenType = TokenType.ACCESS_TOKEN.name) | |
) | |
validate { credential -> | |
if (credential.payload.audience.contains(jwtController.audience) && credential.payload.claims.contains("User_id") ) { | |
JWTPrincipal(credential.payload) | |
} else | |
null | |
} | |
unauthorized() | |
} | |
jwt("refresh_auth_jwt") { | |
verifier(jwtController.verifyToken(tokenType = TokenType.REFRESH_TOKEN.name)) | |
validate { credential -> | |
if (credential.payload.audience.contains(jwtController.audience) && credential.payload.claims.contains("User_id") ) { | |
JWTPrincipal(credential.payload) | |
} else | |
null | |
} | |
unauthorized() | |
} | |
} | |
} | |
private fun JWTAuthenticationProvider.Config.unauthorized() { | |
challenge { _, _ -> | |
call.respond(UnauthorizedResponse()) | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment