您的位置: 首页  >  技术问答  >  Akka-http和linkedin的API文档:set/get cookie without session(scala)

Akka-http和linkedin的API文档:set/get cookie without session(scala)

分类: 技术问答 2022-07-16 18:55:23
问题描述:

我正在使用akka-http来构建REST API。 (我是构建REST Web服务的新手)。 我不知道如何在不使用会话的情况下获取和设置Cookie。此cookie必须包含加密令牌访问权限。我不使用Play或喷雾。 我暂时代码:Akka-http和linkedin的API文档:set/get cookie without session(scala)

lazy val signin = path("signin") { 
      get { 

      /* create the OAuthService object with a callback URL*/ 
      val service = buildService() 

      /* get the request token*/ 
      val requestToken = service.getRequestToken 

      /* create the cookie */ 
      val jwtCookieEncrypted = tokenUtil.createLinkedinTokenSecret(requestToken) 
      val cookie = HttpCookie("jwtTokenCookie", jwtCookieEncrypted) 

      /* making the user validate our requestToken by redirecting him to the following URL*/ 
      val authURL = service.getAuthorizationUrl(requestToken) 
      redirect(authURL, StatusCodes.TemporaryRedirect) 

      } 

     } 

lazy val callback = path("callback") { 

      // extract cookie with the jwtTokenCookie name 
      cookie("jwtTokenCookie") { cookiePair => 
      complete(s"The logged in user is '${cookiePair.name}'") 
      } 
      get { 
      parameters('code, 'state) { (code, state) => // must come from cookie and not request parameters 

       /* create the OAuthService object with a callback URL*/ 
       val service = buildService() 

       /* get the request token*/ 
       val requestToken = new Token(code, state) 

       if(state == tokenUtil.decryptLinkedinToken(requestToken.getSecret).getOrElse("")) "continue" else "throw error" 

       val verifier = new Verifier(state) 

       /* get the access token 
       (need to exchange requestToken and verifier for an accessToken which is the one used to sign requests)*/ 
       val accessToken = service.getAccessToken(requestToken, verifier) 

       logger.debug(accessToken.getRawResponse) 

       /* sign request*/ 
       val ResourceUrl = Settings.LinkedIn.ResourceUrl 

       val request = new OAuthRequest(Verb.GET, ResourceUrl) 
       service.signRequest(accessToken, request) 
       val response = request.send 

       if (response.getCode == StatusCodes.OK.intValue) complete(response.getBody) 
       else complete(int2StatusCode(response.getCode)) 
      } 

      } 
     } 

     signin ~ callback

检查阿卡doc。在你的回复中你可以包含标题。就你而言,也许重定向它并不那么简单。但是,您可以完成签署请求,并返回一个308 Http代码,其中Location Header指向您的oauth2 Auth服务器。

+0

感谢您的回答。 你是什么意思?重定向不是一个好方法?我认为这是Scribe做的那个角色 –

+0

重定向函数用30x代码创建响应。如果你想添加标题“Set-cookie”,最好是创建“手动”响应而不是调用重定向。 – EmiCareOfCell44

更好吗?

path("signin") { 
      get { 
      val service = buildService() 
      val requestToken = service.getRequestToken 
      val authURL = service.getAuthorizationUrl(requestToken) 
      val requestTokenCrypted = tokenUtil.createLinkedinToken(requestToken) 
      val cookie = HttpCookie("abcde", requestTokenCrypted.getSecret) 

      setCookie(cookie) { 
       complete(HttpResponse(
       status = StatusCodes.TemporaryRedirect, 
       headers = List(Location(authURL)) 
      )) 
      } 
      } 
     }

相关推荐