Ktor Role based Auth
This library provides a Ktor plugin to handle role based authorization in ktor
Features
- minimal and fast
- supports ktor 2.0.0+ unlike other similar plugins
- supports JWT/Session or any custom mechanism to retrieve roles
Installation
Step 1. Add the JitPack repository
repositories {
maven { url "https://jitpack.io" }
}
Step 2. Add the dependency
dependencies {
implementation("com.github.omkar-tenkale:ktor-role-based-auth:0.1.0")
}
Usage
Initialize when setting up application, tell the plugin how to extract roles from a principal
fun Application.module(){
installRoleBasedAuthPlugin{
extractRoles{ principal ->
//Return roles for this request
//For example in JWT authentication retrieve roles from jwt payload
(principal as JWTPrincipal).payload.claims?.get("roles")?.asList(String::class.java)?.toSet() ?: emptySet()
}
}
}
Then you can authorize any route like:
fun Application.routing() {
route("/posts/") {
method(HttpMethod.Get) {
call.respondText("Any user can access this route")
}
method(HttpMethod.Post) {
//Also available: withAllRoles(), withoutRoles() and withAnyRole()
withRole("admin") {
call.respondText("Only user with admin role can access this route, others will get a HTTP 403 (Forbidden) response")
}
}
}
}
Thanks
- Joris Portegies Zwart – Original implementation with pipelines and phases for older ktor versions