Skip to content

Instantly share code, notes, and snippets.


amrfarid140/TokenManager.Kt Secret

Created Jan 23, 2020
What would you like to do?
Example Token Manager
package me.amryousef.auth
import com.auth0.jwt.JWT
import com.auth0.jwt.JWTVerifier
import com.auth0.jwt.algorithms.Algorithm
import com.auth0.jwt.interfaces.Payload
import io.ktor.auth.Principal
import me.amryousef.model.TokenType
import me.amryousef.model.User
import me.amryousef.usecase.GetUserByIdUseCase
import java.util.*
import java.util.concurrent.TimeUnit
class JwtTokenManager(private val getUserByIdUseCase: GetUserByIdUseCase) {
private companion object {
private const val secret = "super-secret-stuff"
private const val issuer = "amryousef"
private val refreshTokenValidityInMs = TimeUnit.DAYS.toMillis(7)
private val accessTokenValidityInMs = TimeUnit.HOURS.toMillis(8)
private val algorithm = Algorithm.HMAC512(secret)
private const val ID_CLAIM_KEY = "id"
private const val ROLE_CLAIM_KEY = "role"
private const val AUTHENTICATION_SUBJECT = "Authentication"
private const val REFRESH_SUBJECT = "Refresh"
val verifier: JWTVerifier = JWT.require(algorithm).withIssuer(issuer).build()
fun createToken(user: User) =
accessToken = JWT.create()
.withClaim(ROLE_CLAIM_KEY, { }.joinToString(", "))
refreshToken = JWT.create()
fun isValidToken(token: Payload): TokenValidity {
if (token.expiresAt.before(Date())) {
return TokenValidity.NotValid
return["id"]?.asInt()?.let {
} ?: TokenValidity.NotValid
private fun String.toTokenType() = when (this) {
else -> throw IllegalArgumentException()
private fun getExpiration(validityInMs: Long) = Date(System.currentTimeMillis() + validityInMs)
data class TokenResult(val accessToken: String, val refreshToken: String)
sealed class TokenValidity {
data class Valid(
val user: User,
val tokenType: TokenType
) : TokenValidity(), Principal
object NotValid : TokenValidity()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.