我有以下内容:
def myUserPassAuthenticator(credentials: Credentials): Future[Option[String]] = {
log.info(credentials.toString)
credentials match {
case p@Credentials.Provided(id) if p.verify("a") =>
log.info("Login success!")
Future.successful(Some(id))
case _ =>
log.info("Login failure!")
Future.successful(None)
}
}
val authRoute = path("login") {
authenticateOAuth2Async(realm = "secure site", myUserPassAuthenticator) { userName =>
complete(s"The user is '$userName'")
}
}
导航到该端点并输入凭据时,日志行
log.info(credentials.toString)
变成Missing
。这有什么不对?
请求的内容类型为"application/x-www-form-urlencoded"
数据为"grant_type=password&username=INSERT_USERNAME_HERE&password=INSERT_PWD_HERE"
答案 0 :(得分:4)
你应该用Route.seal
指令包裹你的路线:
val authRoute =
Route.seal {
path("login") {
authenticateOAuth2Async(realm = "secure site", myUserPassAuthenticator) { userName =>
complete(s"The user is '$userName'")
}
}
}
来自documentation的如果身份验证失败,它似乎依赖于默认拒绝
给定一个函数在成功验证后返回Some [T] 否则,分别应用内部路由或拒绝 请求具有AuthenticationFailedRejection拒绝,由 default被映射到401 Unauthorized响应。
而Route.seal完全提供了:
路由可以使用Route.seal“密封”,后者依赖于范围内 RejectionHandler和ExceptionHandler实例转换拒绝 和客户端的适当HTTP响应中的异常。