Ktor auth series recap
|

Conquer Authentication with Ktor: Summary

ByTomas Zezula

Our journey of exploring authentication with Ktor has come to an end. Thanks to all of you who have followed along through this tutorial series. Over the past two months and across ten comprehensive posts, we’ve covered a wide array of techniques and best practices to secure Ktor applications effectively. For those who wish to revisit any part of the series or experiment with the code, I’ve compiled everything into a neatly organized GitHub repository.

Below are the published posts. Each post tackles a distinct topic within the series, complete with practical implementation examples to guide you in your own application design.

Authentication with Ktor

Part 0: Launching a Guide to Conquer Authentication with Ktor

An initial post announcing the new series, goals and setting expectations.

Building Ktor with Gradle

Part 1: Getting Started

An overview of the concept of authentication and how it’s handled in Ktor applications.

Basic Authentication with Ktor

Part 2: Basic Authentication

A step-by-step guide to implementing Basic Authentication in your Ktor app.

Form-based auth with Ktor

Part 3: Form-Based Authentication

New Year’s Eve edition! Avoid passing user credentials with each request. Dive into how to secure your Ktor applications using form-based authentication.

Session Management with Ktor

Part 4: Session Management

Learn how to manage user sessions after the initial authentication.

JWT embraces trust

Part 5: Introduction into JSON Web Tokens

Manage sessions more efficiently via JSON Web Tokens (JWT). Promote stateless authentication for improved scalability and make it work across different platforms.

JWT: header, payload, signature

Part 6: Implementing JSON Web Tokens

A practical guide into implementing JWT in Ktor. Follow along as we dive into securing your web application seamlessly and effectively.

JWT token refresh

Part 7: Refreshing an Access Token with Ktor and JWT

What happens once the access token expires? Learn to address this concern and easily refresh an expired token in the background, without asking the user to re-authenticate.

Authorization with Facebook and Google

Part 8: Introducing OAuth 2.0

While JWT primarily ensures secure communication, OAuth 2.0 focuses on the delegation of access. Let’s dissect this widely adopted protocol.

Google OAuth with Ktor

Part 9: Implementing Stateless OAuth in Ktor Using Google and JWT

Social login made easy in a Ktor application with a valuable efficiency tweak! Instead of relying on user session cookies to store access tokens, we’re leveraging JWT to encapsulate the access token. This shifts our authentication to a stateless model, making our server more resource efficient.

CORS inspector

Part 10 : Protect Access with CORS

A well defined CORS policy not only enhances security but also promotes a seamless interaction between different domains. Ktor makes this process easy. In this final part of our series provides examples and guidance.

Similar Posts

JWT token refresh
| |

Refreshing an Access Token with Ktor and JWT

ByTomas Zezula

We’re back with another part of the series Conquer Authentication with KtoRemember where we left off in Part 6? We learned how to implement authentication with JWT but that lingering question remained: What happens once the access token expires? Today, we will address this concern and learn how to easily refresh an expired token in the background, without asking the user to re-authenticate.

Authorization with Facebook and Google
|

Conquer Authentication with Ktor: Part 7 – Introducing OAuth 2.0

ByTomas Zezula

In our previous post, we wrapped up the discussion on Json Web Tokens. We’ve come far in this tutorial, gradually uncovering more complex and practical use cases. Now, we’re turning our attention to a widely adopted authorization protocol – Open Authorization 2.0. While JWT primarily ensures secure communication, OAuth focuses on the delegation of access. Today, we’ll have a closer look at key concepts of this authorization protocol.

Stripe exception handling
| |

Recovering from Failures when Handling Payments with Stripe

ByTomas Zezula

In our previous post we explored webhooks as a reliable means to promptly respond to customer activities, such as checkouts, successful payments or failed transactions. Yet, in practice, we often deal with a variety of unforeseen errors that can present a threat to daily operations of an e-commerce platform. To mitigate service disruptions, it’s crucial to understand how Stripe communicates issues. In this post, we explore common Stripe exceptions and learn about managing network and connection issues.

RAG with SpringAI
| |

Retrieval Augmented Generation with Spring AI

ByTomas Zezula

In our last post, we looked at enriching the OpenAI model with custom data through function calls. While this technique is useful, it has its limitations and performance trade-offs. Today, we explore a more efficient way of incorporating relevant data into prompts to receive accurate and relevant model responses. Retrieval Augmented Generation, or RAG, relies on preprocessed data that is readily available upon request. In this post, we will build an Extract, Transform, Load (ETL) pipeline that stores a large corpus of weather forecasts and learn how to efficiently retrieve relevant information from a vector store.

Function calling to fill in the gaps in data
| | |

Spring AI and Challenges with Function Calling

ByTomas Zezula

Spring AI boosts developer’s productivity by providing seamless integration with a variety of AI models. This post explores enriching the generic model with additional data coming from custom functions. This technique known as function calling allows to elegantly tap into a variety of external data sources. However, it comes with its own challenges and considerations.