(In Ktor: 1.6.2)
-
application.conf
... jwt { issuer = "https://cognito-idp.ap-northeast-1.amazonaws.com/__SPECIFY_POOL_ID_HERE__" audience = "__SPECIFY_CLIENT_ID_HERE__" realm = "ktor sample app" }
-
Security.kt
import com.auth0.jwk.JwkProviderBuilder import io.ktor.application.* import io.ktor.auth.* import io.ktor.auth.jwt.* import java.util.concurrent.TimeUnit fun Application.configureSecurity() { authentication { jwt { realm = environment.config.property("jwt.realm").getString() val jwtAudience = environment.config.property("jwt.audience").getString() val issuer = environment.config.property("jwt.issuer").getString() val jwkProvider = JwkProviderBuilder(issuer) .cached(10, 24, TimeUnit.HOURS) .rateLimited(10, 1, TimeUnit.MINUTES) .build() verifier(jwkProvider, issuer) { acceptLeeway(3) } validate { credential -> if (credential.payload.audience.contains(jwtAudience)) JWTPrincipal(credential.payload) else null } } } }