api

http4k / org.http4k.security / InsecureCookieBasedOAuthPersistence

InsecureCookieBasedOAuthPersistence

class InsecureCookieBasedOAuthPersistence : OAuthPersistence (source)

This is an example implementation which stores CSRF and AccessToken values in an INSECURE client-side cookie. Access-tokens for end-services are fully available to the browser so do not use this in production!

Constructors

Name Summary
<init> InsecureCookieBasedOAuthPersistence(cookieNamePrefix: String, cookieValidity: Duration = Duration.ofHours(1), clock: Clock = Clock.systemUTC())
This is an example implementation which stores CSRF and AccessToken values in an INSECURE client-side cookie. Access-tokens for end-services are fully available to the browser so do not use this in production!

Functions

Name Summary
assignCsrf fun assignCsrf(redirect: Response, csrf: CrossSiteRequestForgeryToken): Response
Assign a CSRF token to this OAuth auth redirection (to the end-service) response. Opportunity here to modify the response returned to the user when the redirection happens.
assignToken fun assignToken(request: Request, redirect: Response, accessToken: AccessToken): Response
Assign the swapped AccessToken returned by the end-service. Opportunity here to modify the response returned to the user when the redirection happens.
authFailureResponse fun authFailureResponse(): Response
Build the default failure response which occurs when a failure occurs during the callback process (eg. a mismatch/missing CSRF or failure occurring when calling into the end-service for the access-token.
retrieveCsrf fun retrieveCsrf(request: Request): CrossSiteRequestForgeryToken?
Retrieve the stored CSRF token for this user request
retrieveToken fun retrieveToken(request: Request): AccessToken?
Retrieve the stored AccessToken token for this user request

Extension Functions

Name Summary
with fun <T> T.with(vararg modifiers: (T) -> T): T