Authentication and authorization
Ktor provides the Auth plugin to handle authentication and authorization in your client application. Typical usage scenarios include logging in users and gaining access to specific resources.
Supported authentication types
HTTP provides a general framework for access control and authentication. The Ktor client allows you to use the following HTTP authentication schemes:
Basic - uses
Base64encoding to provide a username and password. Generally is not recommended if not used in combination with HTTPS.
Digest - an authentication method that communicates user credentials in an encrypted form by applying a hash function to the username and password.
Bearer - an authentication scheme that involves security tokens called bearer tokens. For example, you can use this scheme as a part of OAuth flow to authorize users of your application by using external providers, such as Google, Facebook, Twitter, and so on.
To enable authentication, you need to include the
ktor-client-auth artifact in the build script:
To install the
Auth plugin, pass it to the
install function inside a client configuration block:
Now you can configure the required authentication provider.
Step 1: Choose an authentication provider
To use a specific authentication provider (basic, digest, or bearer), you need to call the corresponding function inside the
install block. For example, to use the
basic authentication, call the basic function:
Inside the block, you can configure settings specific to this provider.
Step 2: (Optional) Configure the realm
Optionally, you can configure the realm using the
You can create several providers with different realms to access different resources:
In this case, the client chooses the necessary provider based on the
WWW-Authenticate response header, which contains the realm.
Step 3: Configure a provider
To learn how to configure settings for a specific provider, see a corresponding topic: