Hi,
We need to implement OAuth2 authorization code flow in an AkkaHttp 
microservice.
The way that I know it traditionally works needs a logical session managed 
with a cookie or similar: the microservice does the flow, obtains the 
access/refresh tokens and caches the tokens for future use until they need 
to be re-emitted due to expiration approaching.
This logical session would be in cassandra ideally for us, to enable 
scalability. I guess this is why the http session is no longer offered by 
AkkaHttp itself, but there are separate authors offering http session 
implementations for AkkaHttp.
As a background where I am coming from, in a Servlet/Spring environment, at 
one time Spring-Session offered support to transparently store session in 
certain dbs.
The only alternative I see is to manually manage a cookie from my code and 
work with Cassandra. I can check how a cookie like the traditional 
JSESSIONID is configured (e.g. HttpOnly).
The second alternative is to go to authorization server every request and 
it will issue new tokens, or offered a cached version of them if it does, 
but seems overkill.
Please advise how would you do, what alternatives do you see,
Thanks,
Nicu Marasoiu

-- 
>>>>>>>>>>      Read the docs: http://akka.io/docs/
>>>>>>>>>>      Check the FAQ: 
>>>>>>>>>> http://doc.akka.io/docs/akka/current/additional/faq.html
>>>>>>>>>>      Search the archives: https://groups.google.com/group/akka-user
--- 
You received this message because you are subscribed to the Google Groups "Akka 
User List" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to akka-user+unsubscr...@googlegroups.com.
To post to this group, send email to akka-user@googlegroups.com.
Visit this group at https://groups.google.com/group/akka-user.
For more options, visit https://groups.google.com/d/optout.

Reply via email to