Where communities thrive

  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
Repo info
    Dan Di Spaltro
    Nice library!
    Adam Warski
    great to hear - thanks! :)
    Can this library be used to handle sessions (claims based, JWT via the Microsoft java adal4j) that require refresh tokens in "clients" versus "servers?" I need to add bearer tokens to requests when using akka-http future based client-side calls as well as client-side flow based client styles. The adal4j for use with azure is oauth2.
    Adam Warski
    currently only the server api is supported, nothing for clients
    but you still need to obtain the bearer token from somewhere in the first place, right?
    Yes. But I can get through the AD library. For a client, its really a question of what refresh strategy, if any, you want to use. The token's expire fairly fast from AD and I'm not sure that can be changed.
    Guillaume Massé
    Hey how do you set a session with a Future[T] ?
    Hi, how can i redirect a request without a session to the login path?
    Adam Warski
    in akka-http? I think you can use the redirect directive
    Robert Andersson


    I have a question about jwt using headers.

    I have the following routes defined.

        path("login") {
          post {
            entity(as[LoginInput]) { in =>
              onSuccess(UserService.authenticate(in.username, in.password)) {
                case None => reject(AuthorizationFailedRejection)
                case Some(userId) =>
                  val session = SessionData(userId)
                  setSession(oneOff, usingHeaders, session) {
        } ~
          path("secure") {
            get {
              requiredSession(oneOff, usingHeaders) { session =>
                logger.debug(s"Current session $session")
                complete {

    I login with curl like this

    curl -v -X POST -H "Content-Type: application/json" -d '{
      "username": "kemichal",
      "password": "test"
    }' "http://localhost:9000/login"

    And then I copy the JWT string from the Set-Authorization header into this

    curl -X GET -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7InVzZXJJZCI6N30sImV4cCI6MTQ2NTA4ODYzNn0=.EbOAfdLMa/ywyv9n3D2KKRzwcp2MJUzSY/N7J/ZjCOU=" "http://localhost:9000/secure"

    but I keep getting 'The supplied authentication is not authorized to access this resource'.
    I do get the log message from logger.debug("get") but nothing else on the server.

    Am I missing something? I have never used auth via JWT before.

    Adam Warski
    @Kemichal that should work I think ... can you try using the session directive instead of requiredSession, which should give you a more detailed description of what goes wrong during decoding of the session?
    Robert Andersson
    It's some kind of deserialization error I guess 20:27:08.513 INFO c.k.t.Server$ - Current session Corrupt(org.json4s.package$MappingException: No usable value for $outer No constructor for type Service, JNothing)
    The swt contains
      "data": {
        "userId": 7
      "exp": 1465088636
    The SessionData in my example looks like this case class SessionData(userId: Long)
    The exception is from line 36 in JValueSessionSerializer
    Robert Andersson
    the com.softwaremill.session.SessionManagerJwtEncoderTest works fine on my computer too... weird
    Robert Andersson
    I fixed it! My SessionData case class was defined inside the same object where I had my routes. It started working as soon as I moved it out :)
    the deserializer probably couldn't find it in scope or something :) Thanks for the help!
    Adam Warski
    heh, must be some json4s pecularity
    thanks for checking, hope things will work fine now :)
    Christian Neverdal
    I have the "core" and "jwt" dependencies, yet I can't find JValueSessionSerializer?
    SessionManager seems to be found, however, in com.softwaremill.session
    "object JValueSessionSerializer is not a member of package com.softwaremill.session"
    These two should be all I need, right?

    libraryDependencies += "com.softwaremill.akka-http-session" %% "core" % "0.2.5"

    libraryDependencies += "com.softwaremill.akka-http-session" %% "jwt" % "0.2.5"

    OK, it worked now. I guess I just had to rebuild and refresh everything 100 times.