0

I am using akka-http for bulding a REST API. (I am new to build REST web services). I don't know how I can get and set cookie without using a session. This cookie must contain encrypt token access. I don't use Play or spray. My code for the moment is:

lazy val signin = path("signin") {
          get {

            /* create the OAuthService object with a callback URL*/
            val service = buildService()

            /* get the request token*/
            val requestToken = service.getRequestToken

            /* create the cookie */
            val jwtCookieEncrypted = tokenUtil.createLinkedinTokenSecret(requestToken)
            val cookie = HttpCookie("jwtTokenCookie", jwtCookieEncrypted)

            /* making the user validate our requestToken by redirecting him to the following URL*/
            val authURL = service.getAuthorizationUrl(requestToken)
            redirect(authURL, StatusCodes.TemporaryRedirect)

          }

        }

lazy val callback = path("callback") {

          // extract cookie with the jwtTokenCookie name
          cookie("jwtTokenCookie") { cookiePair =>
            complete(s"The logged in user is '${cookiePair.name}'")
          }
          get {
            parameters('code, 'state) { (code, state) => // must come from cookie and not request parameters

              /* create the OAuthService object with a callback URL*/
              val service = buildService()

              /* get the request token*/
              val requestToken = new Token(code, state)

              if(state == tokenUtil.decryptLinkedinToken(requestToken.getSecret).getOrElse("")) "continue" else "throw error"

              val verifier = new Verifier(state)

              /* get the access token
              (need to exchange requestToken and verifier for an accessToken which is the one used to sign requests)*/
              val accessToken = service.getAccessToken(requestToken, verifier)

              logger.debug(accessToken.getRawResponse)

              /* sign request*/
              val ResourceUrl = Settings.LinkedIn.ResourceUrl

              val request = new OAuthRequest(Verb.GET, ResourceUrl)
              service.signRequest(accessToken, request)
              val response = request.send

              if (response.getCode == StatusCodes.OK.intValue) complete(response.getBody)
              else complete(int2StatusCode(response.getCode))
            }

          }
        }

        signin ~ callback
Samy Zarour
  • 9
  • 3

2 Answers2

0

Check the akka doc. In your response you can include the header. In your case, maybe with redirect it´s not so simple. But you could complete the signing request returning a 308 Http code with the Location Header pointing to your oauth2 Auth server.

Emiliano Martinez
  • 4,073
  • 2
  • 9
  • 19
  • Thanks for your answer. What do you mean ? redirect is not a good way ? I thought that was the role of Scribe to do that – Samy Zarour Dec 01 '16 at 14:49
  • The redirect function creates a response with a 30x code. If you want to add the header "Set-cookie" it´s better to create the response "manually" instead calling redirect. – Emiliano Martinez Dec 01 '16 at 15:06
0

Is it better ?

   path("signin") {
          get {
            val service = buildService()
            val requestToken = service.getRequestToken
            val authURL = service.getAuthorizationUrl(requestToken)
            val requestTokenCrypted = tokenUtil.createLinkedinToken(requestToken)
            val cookie = HttpCookie("abcde", requestTokenCrypted.getSecret)

            setCookie(cookie) {
              complete(HttpResponse(
                status = StatusCodes.TemporaryRedirect,
                headers = List(Location(authURL))
              ))
            }
          }
        }
Samy Zarour
  • 9
  • 3