akka-jwt
Library for jwt authentication with akka
Information
This library provides you an akka directive for your route to authenticate your user with jwt. the jwt implementation adapts nimbus JOSE + JWT.
Changelog
1.2.0
1.0.0
- Initial Release
Setup
libraryDependencies += "de.innFactory" %% "akka-jwt" % "1.2.0"
After that you must extend your akka-http Route with JwtAuthDirectives
. Then just implement a AuthService protected val authService: AuthService
After that you can build your route like this:
val route: Route =
(post & path("graphql")) {
authenticate { credentials =>
entity(as[JsValue]) { requestJson ⇒
you see, that you got a new authenticate directive for your route. It extracts the Authentication value from your header and checks it against your jwt validator.
Validator API
The Validator API has just one method validate
, so you can implement your own Validators and use it for your akka Directive. AWS and the generic one were made by guizmaii. Thanks for that!
final case class JwtToken(content: String) extends AnyVal
trait JwtValidator {
def validate(jwtToken: JwtToken): Either[BadJWTException, (JwtToken, JWTClaimsSet)]
}
JwtValidator
implementations
Available 1. ConfigurableJwtValidator
The more flexible implementation of the JwtValidator
interface.
It only requires a JWKSource
instance.
For more information on the different JWKSource
implementations Nimbus provides, look at the classes in the com.nimbusds.jose.jwk.source
package here: https://www.javadoc.io/doc/com.nimbusds/nimbus-jose-jwt
Example of use:
val token: JwtToken = JwtToken(content = "...")
val jwkSet: JWKSource[SecurityContext] = new RemoteJWKSet(new URL(s"https://your.jwks.prodvider.example.com/.well-known/jwks.json"))
val validator = ConfigurableJwtValidator(jwkSet)
For more information on JWKs, you could read:
- Auth0 doc: https://auth0.com/docs/jwks
- Nimbus doc: https://connect2id.com/products/server/docs/api/jwk-set
- AWS Cognito doc: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html#amazon-cognito-identity-user-pools-using-id-and-access-tokens-in-web-api
Other constructor parameters are:
-
maybeCtx: Option[SecurityContext] = None
(Optional) Security context.
Default isnull
(no Security Context). -
additionalChecks: List[(JWTClaimsSet, SecurityContext) => Option[BadJWTException]] = List.empty
(Optional) List of additional checks that will be executed on the JWT token passed.
Default is an empty List.Some "additional checks" are already implemented in the object
ProvidedAdditionalChelcks
.
2. AwsCognitoJwtValidator
Example of use:
val awsRegion = AWSRegion(AWSRegions.Frankfurt)
val cognitoUserPoolId = CognitoUserPoolId(value = "...")
val awsCognitoJwtValidator = AwsCognitoJwtValidator(awsRegion, cognitoUserPoolId)
Need a token generator for aws? Look at
https://innfactory.de/de/blog/34-software-engineering/52-javascript-desktop-app-electron https://github.com/innFactory/aws-session-token-gui
Copyright & Contributers
- Tobias Jonas
- Jules Ivanic
Copyright (C) 2019 innFactory Cloud- & DataEngineering
Published under the Apache 2 License.