1. 首頁
  2. 問答
  3. Akka-http和linkedin的API文檔:set/get cookie without session(scala)

Akka-http和linkedin的API文檔:set/get cookie without session(scala)

2016-12-01 76 views
0

我正在使用akka-http來構建REST API。 (我是構建REST Web服務的新手)。 我不知道如何在不使用會話的情況下獲取和設置Cookie。此cookie必須包含加密令牌訪問權限。我不使用Play或噴霧。 我暫時代碼:Akka-http和linkedin的API文檔:set/get cookie without session(scala)

lazy val signin = path("signin") { 
      get { 

      /* create the OAuthService object with a callback URL*/ 
      val service = buildService() 

      /* get the request token*/ 
      val requestToken = service.getRequestToken 

      /* create the cookie */ 
      val jwtCookieEncrypted = tokenUtil.createLinkedinTokenSecret(requestToken) 
      val cookie = HttpCookie("jwtTokenCookie", jwtCookieEncrypted) 

      /* making the user validate our requestToken by redirecting him to the following URL*/ 
      val authURL = service.getAuthorizationUrl(requestToken) 
      redirect(authURL, StatusCodes.TemporaryRedirect) 

      } 

     } 

lazy val callback = path("callback") { 

      // extract cookie with the jwtTokenCookie name 
      cookie("jwtTokenCookie") { cookiePair => 
      complete(s"The logged in user is '${cookiePair.name}'") 
      } 
      get { 
      parameters('code, 'state) { (code, state) => // must come from cookie and not request parameters 

       /* create the OAuthService object with a callback URL*/ 
       val service = buildService() 

       /* get the request token*/ 
       val requestToken = new Token(code, state) 

       if(state == tokenUtil.decryptLinkedinToken(requestToken.getSecret).getOrElse("")) "continue" else "throw error" 

       val verifier = new Verifier(state) 

       /* get the access token 
       (need to exchange requestToken and verifier for an accessToken which is the one used to sign requests)*/ 
       val accessToken = service.getAccessToken(requestToken, verifier) 

       logger.debug(accessToken.getRawResponse) 

       /* sign request*/ 
       val ResourceUrl = Settings.LinkedIn.ResourceUrl 

       val request = new OAuthRequest(Verb.GET, ResourceUrl) 
       service.signRequest(accessToken, request) 
       val response = request.send 

       if (response.getCode == StatusCodes.OK.intValue) complete(response.getBody) 
       else complete(int2StatusCode(response.getCode)) 
      } 

      } 
     } 

     signin ~ callback

來源

2016-12-01 Samy Zarour

回答

0

檢查阿卡doc。在你的回覆中你可以包含標題。就你而言,也許重定向它並不那麼簡單。但是,您可以完成簽署請求,並返回一個308 Http代碼,其中Location Header指向您的oauth2 Auth服務器。

來源

2016-12-01 12:58:57 EmiCareOfCell44

+0

感謝您的回答。 你是什麼意思?重定向不是一個好方法?我認爲這是Scribe做的那個角色 –

+0

重定向函數用30x代碼創建響應。如果你想添加標題「Set-cookie」,最好是創建「手動」響應而不是調用重定向。 – EmiCareOfCell44

0

更好嗎?

path("signin") { 
      get { 
      val service = buildService() 
      val requestToken = service.getRequestToken 
      val authURL = service.getAuthorizationUrl(requestToken) 
      val requestTokenCrypted = tokenUtil.createLinkedinToken(requestToken) 
      val cookie = HttpCookie("abcde", requestTokenCrypted.getSecret) 

      setCookie(cookie) { 
       complete(HttpResponse(
       status = StatusCodes.TemporaryRedirect, 
       headers = List(Location(authURL)) 
      )) 
      } 
      } 
     }

來源

2016-12-14 12:21:22

相關問題

 相關問題