Hi, We need to implement OAuth2 authorization code flow in an AkkaHttp microservice. The way that I know it traditionally works needs a logical session managed with a cookie or similar: the microservice does the flow, obtains the access/refresh tokens and caches the tokens for future use until they need to be re-emitted due to expiration approaching. This logical session would be in cassandra ideally for us, to enable scalability. I guess this is why the http session is no longer offered by AkkaHttp itself, but there are separate authors offering http session implementations for AkkaHttp. As a background where I am coming from, in a Servlet/Spring environment, at one time Spring-Session offered support to transparently store session in certain dbs. The only alternative I see is to manually manage a cookie from my code and work with Cassandra. I can check how a cookie like the traditional JSESSIONID is configured (e.g. HttpOnly). The second alternative is to go to authorization server every request and it will issue new tokens, or offered a cached version of them if it does, but seems overkill. Please advise how would you do, what alternatives do you see, Thanks, Nicu Marasoiu
-- >>>>>>>>>> Read the docs: http://akka.io/docs/ >>>>>>>>>> Check the FAQ: >>>>>>>>>> http://doc.akka.io/docs/akka/current/additional/faq.html >>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user --- You received this message because you are subscribed to the Google Groups "Akka User List" group. To unsubscribe from this group and stop receiving emails from it, send an email to akka-user+unsubscr...@googlegroups.com. To post to this group, send email to akka-user@googlegroups.com. Visit this group at https://groups.google.com/group/akka-user. For more options, visit https://groups.google.com/d/optout.