Authentication and authorization
Ktor provides the Auth plugin to handle authentication and authorization in your client application. Typical usage scenarios include logging in users and gaining access to specific resources.
Supported authentication types
HTTP provides a general framework for access control and authentication. The Ktor client allows you to use the following HTTP authentication schemes:
Basic - uses
Base64
encoding to provide a username and password. Generally is not recommended if not used in combination with HTTPS.Digest - an authentication method that communicates user credentials in an encrypted form by applying a hash function to the username and password.
Bearer - an authentication scheme that involves security tokens called bearer tokens. For example, you can use this scheme as a part of OAuth flow to authorize users of your application by using external providers, such as Google, Facebook, Twitter, and so on.
Add dependencies
To enable authentication, you need to include the ktor-client-auth
artifact in the build script:
You can learn more about artifacts required by the Ktor client from Adding client dependencies.
Install Auth
To install the Auth
plugin, pass it to the install
function inside a client configuration block:
Now you can configure the required authentication provider.
Configure authentication
Step 1: Choose an authentication provider
To use a specific authentication provider (basic, digest, or bearer), you need to call the corresponding function inside the install
block. For example, to use the basic
authentication, call the basic function:
Inside the block, you can configure settings specific to this provider.
Step 2: (Optional) Configure the realm
Optionally, you can configure the realm using the realm
property:
You can create several providers with different realms to access different resources:
In this case, the client chooses the necessary provider based on the WWW-Authenticate
response header, which contains the realm.
Step 3: Configure a provider
To learn how to configure settings for a specific provider, see a corresponding topic: