Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

HTTP-client auth with Bearer token

See original GitHub issue

Subsystem Client/Server, particular relevant ktor module(s) if applicable. ktor HTTP-client, auth

Is your feature request related to a problem? Please describe. Currently, Ktor HTTP-client supports only 2 types of providers: Basic and Digest. But in a real-life project is a standard to use Bearer token pair - access and refresh. So it will be great to add support of Bearer tokens to multiplatform Ktor’s HTTP-client. So the problem itself can be split into 4 sub-tasks:

Persist token pair in a safe place
Add them to auth headers
In case when the request with access token returns 401, 3.1. pause all present requests 3.2 refresh it with refresh token… and so on, regular flow. 3.3 restart interrupted requests from 3.1

Describe the solution you’d like Create BearerAuthConfig, BearerAuthProvider like its Basic and Digest versions. Update Auth class to be able to save, load and refresh tokens. Something like this:

fun provide(): HttpClient = HttpClient {
        install(Auth) {
            bearer {
                refresh = TODO("lambda function that get new access token and return a string"),
                revoke = TODO("lambda function that removes tokens")
            }
        }
    }

Motivation to include to ktor Add support of Bearer tokens for clients.

Issue Analytics

State:
Created 3 years ago
Reactions:18
Comments:21 (13 by maintainers)

Top GitHub Comments

9reactions

e5lcommented, May 6, 2021

Merged in main. Will be available in Ktor 1.6.0

6reactions

Ololoshechkincommented, Jun 25, 2020

Thanks for the feature request! What you suggest is actually 2 features:

Bearer (jwt) support in HttpClient
Automatic token refresh.

The first one should be added as a part of Auth feature and we’ll be working on that. And the second one (token renewal) is currently a bit out of our scope but we’ll keep our eye on it in future.