by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Dan Di Spaltro
    @dispalt
    Nice library!
    Adam Warski
    @adamw
    great to hear - thanks! :)
    aappddeevv
    @aappddeevv
    Can this library be used to handle sessions (claims based, JWT via the Microsoft java adal4j) that require refresh tokens in "clients" versus "servers?" I need to add bearer tokens to requests when using akka-http future based client-side calls as well as client-side flow based client styles. The adal4j for use with azure is oauth2.
    Adam Warski
    @adamw
    currently only the server api is supported, nothing for clients
    but you still need to obtain the bearer token from somewhere in the first place, right?
    aappddeevv
    @aappddeevv
    Yes. But I can get through the AD library. For a client, its really a question of what refresh strategy, if any, you want to use. The token's expire fairly fast from AD and I'm not sure that can be changed.
    Guillaume Massé
    @MasseGuillaume
    Hey how do you set a session with a Future[T] ?
    concerned3rdparty
    @concerned3rdparty
    Hi, how can i redirect a request without a session to the login path?
    Adam Warski
    @adamw
    in akka-http? I think you can use the redirect directive
    Robert Andersson
    @Kemichal

    Hi!

    I have a question about jwt using headers.

    I have the following routes defined.

        path("login") {
          post {
            entity(as[LoginInput]) { in =>
              onSuccess(UserService.authenticate(in.username, in.password)) {
                case None => reject(AuthorizationFailedRejection)
                case Some(userId) =>
                  val session = SessionData(userId)
                  setSession(oneOff, usingHeaders, session) {
                    complete(userId.toJson)
                  }
              }
            }
          }
        } ~
          path("secure") {
            get {
              logger.debug("get")
              requiredSession(oneOff, usingHeaders) { session =>
                logger.debug(s"Current session $session")
                complete {
                  "secret"
                }
              }
            }
          }

    I login with curl like this

    curl -v -X POST -H "Content-Type: application/json" -d '{
      "username": "kemichal",
      "password": "test"
    }' "http://localhost:9000/login"

    And then I copy the JWT string from the Set-Authorization header into this

    curl -X GET -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7InVzZXJJZCI6N30sImV4cCI6MTQ2NTA4ODYzNn0=.EbOAfdLMa/ywyv9n3D2KKRzwcp2MJUzSY/N7J/ZjCOU=" "http://localhost:9000/secure"

    but I keep getting 'The supplied authentication is not authorized to access this resource'.
    I do get the log message from logger.debug("get") but nothing else on the server.

    Am I missing something? I have never used auth via JWT before.

    Adam Warski
    @adamw
    @Kemichal that should work I think ... can you try using the session directive instead of requiredSession, which should give you a more detailed description of what goes wrong during decoding of the session?
    Robert Andersson
    @Kemichal
    It's some kind of deserialization error I guess 20:27:08.513 INFO c.k.t.Server$ - Current session Corrupt(org.json4s.package$MappingException: No usable value for $outer No constructor for type Service, JNothing)
    The swt contains
    {
      "data": {
        "userId": 7
      },
      "exp": 1465088636
    }
    The SessionData in my example looks like this case class SessionData(userId: Long)
    The exception is from line 36 in JValueSessionSerializer
    Robert Andersson
    @Kemichal
    the com.softwaremill.session.SessionManagerJwtEncoderTest works fine on my computer too... weird
    Robert Andersson
    @Kemichal
    I fixed it! My SessionData case class was defined inside the same object where I had my routes. It started working as soon as I moved it out :)
    the deserializer probably couldn't find it in scope or something :) Thanks for the help!
    Adam Warski
    @adamw
    heh, must be some json4s pecularity
    thanks for checking, hope things will work fine now :)
    Christian Neverdal
    @flyrev
    I have the "core" and "jwt" dependencies, yet I can't find JValueSessionSerializer?
    SessionManager seems to be found, however, in com.softwaremill.session
    "object JValueSessionSerializer is not a member of package com.softwaremill.session"
    These two should be all I need, right?

    libraryDependencies += "com.softwaremill.akka-http-session" %% "core" % "0.2.5"

    libraryDependencies += "com.softwaremill.akka-http-session" %% "jwt" % "0.2.5"