Typed Auth DSL

[zibet27]

Subsystem
Server

Motivation
(ktorio/ktor-klip#6)

Solution
The PR can be reviewed commit by commit

Deviations from the KLIP

• Chose the typed provider DSL direction, but implemented schemes as provider-owning objects created by top-level builders (basic<P>(), jwt<P>(), etc.). authenticateWith lazily registers the provider when the scheme is used. This avoids name drift, extra install(Authentication) wiring, and overload pressure on existing builders.

• Kept the API in existing modules instead of adding ktor-server-typesafe-auth: core DSL in ktor-server-auth, JWT in ktor-server-auth-jwt, API key in ktor-server-auth-api-key.

• Extended AuthScheme from AuthScheme<P> to AuthScheme<P, C>, where C is the authenticated route context. This allows custom typed contexts, not only principal/roles.

• Replaced authenticateWith(vararg schemes) with explicit authenticateWithAnyOf(...) for multi-scheme auth. This makes “any of these schemes” clearer and avoids overload/type inference ambiguity.

• Replaced authenticateWithOptional(...) and orAnonymous(...) with scheme.optional() and scheme.optional { anonymous }, then regular authenticateWith(...). Optionality is now encoded in the scheme type.

• onUnauthorized receives AuthenticationFailedCause; multi-scheme auth receives per-scheme failure causes. This lets custom handlers distinguish missing credentials from invalid credentials.

• Role support includes built-in PerCall / PerKey caching and scheme-level or route-level onForbidden. The cache strategy is sealed for now to keep semantics narrow.

• Typed configs intentionally expose onUnauthorized instead of provider-level challenge, while preserving default provider challenges when no custom handler is configured.

• Provider coverage differs slightly: this PR adds typed Basic, Bearer, Form, Session, Digest, JWT, and API Key. OAuth is intentionally left for the follow-up typed-oauth-with-session PR.

• transformPrincipal is not implemented. The KLIP marks its caching/null behavior as TBD, so it is left out of this first PR.

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 41396583-20fa-49be-ae78-400b51eb3bd8

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Introduces a new typesafe authentication framework for Ktor server plugins, including typed configuration classes for API key, JWT, and digest auth, core abstractions for typed auth schemes and contexts, route builders with multi-scheme support, optional/anonymous/role-based auth layers, and comprehensive test coverage. Enables context receiver compiler flag across affected modules.

Changes

Cohort / File(s)	Summary
API Surface Extensions ktor-server-auth/api/ktor-server-auth.api, ktor-server-auth/api/ktor-server-auth.klib.api, ktor-server-auth-api-key/api/ktor-server-auth-api-key.api, ktor-server-auth-api-key/api/ktor-server-auth-api-key.klib.api, ktor-server-auth-jwt/api/ktor-server-auth-jwt.api	Exports new typesafe auth API surface including AuthScheme, AuthenticatedContext, DefaultAuthScheme, typed configuration classes (TypedBasicAuthConfig, TypedBearerAuthConfig, TypedFormAuthConfig, TypedSessionAuthConfig, TypedApiKeyAuthConfig, TypedJwtAuthConfig), and route builders (authenticateWith, authenticateWithAnyOf) with support for optional, anonymous, and role-based schemes.
Core Typesafe Framework ktor-server-auth/common/src/io/ktor/server/auth/typesafe/AuthScheme.kt, ktor-server-auth/common/src/io/ktor/server/auth/typesafe/Scopes.kt, ktor-server-auth/common/src/io/ktor/server/auth/typesafe/RouteBuilders.kt, ktor-server-auth/common/src/io/ktor/server/auth/typesafe/SchemeRegistration.kt, ktor-server-auth/common/src/io/ktor/server/auth/typesafe/TypedAuthInterceptors.kt	Implements core typesafe auth abstractions: AuthScheme interface, AuthenticatedContext hierarchy, route builder helpers for single/multi-scheme routes, scheme registration deduplication, and route-scoped typed authentication interceptor plugins.
Optional and Role-Based Auth ktor-server-auth/common/src/io/ktor/server/auth/typesafe/OptionalAuthScheme.kt, ktor-server-auth/common/src/io/ktor/server/auth/typesafe/RoleBasedAuthScheme.kt	Adds optional auth adapters for nullable principals and anonymous fallback principals, plus role-based auth layer with AuthRole contracts, RolesCacheStrategy options (PerCall/PerKey), and forbidden handlers.
Basic/Bearer/Form/Session Typed Config ktor-server-auth/common/src/io/ktor/server/auth/typesafe/TypedBasicAuthConfig.kt, ktor-server-auth/common/src/io/ktor/server/auth/typesafe/TypedBearerAuthConfig.kt, ktor-server-auth/common/src/io/ktor/server/auth/typesafe/TypedFormAuthConfig.kt, ktor-server-auth/common/src/io/ktor/server/auth/typesafe/TypedSessionAuthConfig.kt, ktor-server-auth/common/src/io/ktor/server/auth/typesafe/BasicTypedProvider.kt	Configuration classes and factory functions for typed Basic, Bearer, Form, and Session auth schemes with validation hooks and unauthorized handlers.
API Key Plugin Typed Support ktor-server-auth-api-key/common/src/io/ktor/server/auth/typesafe/TypedApiKeyAuthConfig.kt, ktor-server-auth-api-key/common/src/io/ktor/server/auth/typesafe/ApiKeyTypedProvider.kt, ktor-server-auth-api-key/common/src/io/ktor/server/auth/apikey/ApiKeyAuth.kt	Adds TypedApiKeyAuthConfig configuration class, apiKey typed factory function, and updates auth success path to include provider name when setting principal.
JWT Plugin Typed Support ktor-server-auth-jwt/jvm/src/io/ktor/server/auth/typesafe/TypedJwtAuthConfig.kt, ktor-server-auth-jwt/jvm/src/io/ktor/server/auth/typesafe/JwtTypedProvider.kt	Introduces TypedJwtAuthConfig with multiple JWT verifier overloads (direct, suspend-based, JWK provider variants, issuer-based discovery) and jwt typed factory function.
Digest Plugin Typed Support ktor-server-auth/jvm/src/io/ktor/server/auth/typesafe/TypedDigestAuthConfig.kt, ktor-server-auth/jvm/src/io/ktor/server/auth/typesafe/DigestTypedProvider.kt	Adds TypedDigestAuthConfig with configurable realm, algorithms, QOP, nonce manager, digest/userhash providers, and strict RFC 7616 mode support; includes digest typed factory function.
Build Configuration ktor-server-auth/build.gradle.kts, ktor-server-auth-api-key/build.gradle.kts, ktor-server-auth-jwt/build.gradle.kts	Enables -Xcontext-parameters Kotlin compiler flag; auth module adds test dependency on ktor-server-test-host.
Test Utilities and Helpers ktor-server-auth/common/test/io/ktor/tests/auth/typesafe/TestUtils.kt, ktor-server-auth-api-key/common/test/io/ktor/server/auth/apikey/ApiKeyAuthTest.kt	Provides reusable test helpers for authentication headers, scheme factories, and test models; updates existing API key test to access authentication error state.
Typesafe Auth Integration Tests ktor-server-auth/common/test/io/ktor/tests/auth/typesafe/BasicSchemesTest.kt, ktor-server-auth/common/test/io/ktor/tests/auth/typesafe/MultipleSchemeTest.kt, ktor-server-auth/common/test/io/ktor/tests/auth/typesafe/NestedRoutesTest.kt, ktor-server-auth/common/test/io/ktor/tests/auth/typesafe/OptionalAndAnonymousAuthTest.kt, ktor-server-auth/common/test/io/ktor/tests/auth/typesafe/RoleBasedAuthTest.kt, ktor-server-auth/common/test/io/ktor/tests/auth/typesafe/UnauthorizedAndChallengesTest.kt, ktor-server-auth/common/test/io/ktor/tests/auth/typesafe/LegacyApiCoexistenceTest.kt, ktor-server-auth/common/test/io/ktor/tests/auth/typesafe/DiagTest.kt	Comprehensive integration test suites validating typesafe schemes in isolation (basic, bearer, form, session), multi-scheme scenarios, nested routes, optional/anonymous auth, role-based authorization, unauthorized/challenge handling, and interoperability with legacy auth API.
Plugin-Specific Tests ktor-server-auth-api-key/common/test/io/ktor/server/auth/apikey/TypedApiKeyAuthTest.kt, ktor-server-auth-jwt/jvm/test/io/ktor/server/auth/jwt/TypedJwtAuthTest.kt, ktor-server-auth/jvm/test/io/ktor/tests/auth/typesafe/DigestAuthTest.kt	Plugin-level integration tests for typed API key, JWT, and digest authentication schemes with credential validation, multi-scheme aggregation, and custom header/scheme configuration.
Core Auth Infrastructure ktor-server-auth/common/src/io/ktor/server/auth/AuthenticationInterceptors.kt	Changes visibility of AuthenticationContext.executeChallenges overloads from private to internal.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• PR #5532 — Updates authentication success handling to pass provider name alongside principal (context.principal(name, principal)) which aligns with this PR's principal registration changes.
• PR #5243 — Introduces ApiKey authentication components and configuration that form the foundation for this PR's TypedApiKeyAuthConfig extension.
• PR #5348 — Adds DigestAlgorithm/DigestQop and RFC 7616 changes that the new TypedDigestAuthConfig depends on.

Suggested labels

👍 ship!

Suggested reviewers

• bjhham
• e5l
• osipxd

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 27.42% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title "Typed Auth DSL" clearly and concisely summarizes the main change—introducing a typed authentication DSL for the Ktor server. It is specific, descriptive, and directly relates to the primary feature being added.
Description check	✅ Passed	The PR description follows the template with Subsystem and Motivation sections, provides clear context via a KLIP reference, and thoroughly documents the solution with detailed deviations from the KLIP design. All key sections are present and well-explained.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch typed-auth-dsl

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 8

🧹 Nitpick comments (3)

ktor-server/ktor-server-plugins/ktor-server-auth-api-key/common/test/io/ktor/server/auth/apikey/ApiKeyAuthTest.kt (1)

108-111: This allErrors access is not exercised in this test path.

The test only sends a valid API key, so the challenge lambda won’t run; this line currently adds no coverage signal. Consider removing it here or moving the assertion into an invalid-credentials test that executes the challenge.

Possible cleanup in this test

             challenge { call ->
-                call.authentication.allErrors
                 call.respond(errorStatus)
             }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@ktor-server/ktor-server-plugins/ktor-server-auth-api-key/common/test/io/ktor/server/auth/apikey/ApiKeyAuthTest.kt`
around lines 108 - 111, The test's challenge block is referencing
call.authentication.allErrors but that path isn't exercised by the valid-key
test, so remove the unused access or move the assertion into the test that
triggers the challenge (the invalid-credentials flow). Locate the challenge
lambda in ApiKeyAuthTest.kt (the block containing "challenge { call ->
call.authentication.allErrors call.respond(errorStatus) }") and either delete
the call.authentication.allErrors line here, or relocate that assertion into the
test which sends an invalid API key so the challenge actually runs and validates
authentication errors.

ktor-server/ktor-server-plugins/ktor-server-auth/common/src/io/ktor/server/auth/typesafe/Scopes.kt (1)

96-98: Make roles() fail like the principal accessors do.

roles() indexes the attribute bag directly, so a missing value becomes a generic missing-key failure. Using getOrNull + checkNotNull here would keep misuse errors as actionable as principal().

Possible fix

     public fun roles(context: RoutingContext): Set<R> {
-        return context.call.attributes[rolesKey]
+        return checkNotNull(context.call.attributes.getOrNull(rolesKey)) {
+            "Roles not found. This should not happen inside a role-based authenticateWith block."
+        }
     }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@ktor-server/ktor-server-plugins/ktor-server-auth/common/src/io/ktor/server/auth/typesafe/Scopes.kt`
around lines 96 - 98, The roles(context: RoutingContext) function currently
indexes attributes[rolesKey] directly which yields a generic missing-key
exception; change it to read the attribute via
context.call.attributes.getOrNull(rolesKey) and wrap that result with
checkNotNull(... ) providing a clear message (similar to how principal() does)
so misuse produces the same actionable missing-principal style failure;
reference the rolesKey symbol and the roles(context: RoutingContext) function
when applying the change.

ktor-server/ktor-server-plugins/ktor-server-auth/common/src/io/ktor/server/auth/typesafe/RouteBuilders.kt (1)

139-172: Keep route-level onForbidden handlers typed to R.

ForbiddenHandler erases the concrete role type to AuthRole, so route-level handlers lose the same type information that withRoles(...) preserves at scheme level. Making this alias generic would keep the route API aligned with the typed DSL.

Possible direction

- public typealias ForbiddenHandler = suspend (ApplicationCall, Set<AuthRole>) -> Unit
+ public typealias ForbiddenHandler<R> = suspend (ApplicationCall, Set<R>) -> Unit

 public fun <P : Any, R : AuthRole> Route.authenticateWith(
     scheme: RoleBasedAuthScheme<P, R, *>,
     roles: Set<R>,
     onUnauthorized: UnauthorizedHandler? = null,
-    onForbidden: ForbiddenHandler? = null,
+    onForbidden: ForbiddenHandler<R>? = null,
     build: AuthenticatedRouteBuilder<RoleBasedContext<P, R>>
 ): Route {

You'd also want the matching RoleBasedAuthScheme.validateRoles(...) parameter to use ForbiddenHandler<R>?.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@ktor-server/ktor-server-plugins/ktor-server-auth/common/src/io/ktor/server/auth/typesafe/RouteBuilders.kt`
around lines 139 - 172, The route-level ForbiddenHandler currently erases the
concrete role type to AuthRole, losing type-safety; make ForbiddenHandler
generic (e.g., ForbiddenHandler<R : AuthRole>) so it accepts suspend
(ApplicationCall, Set<R>) -> Unit, update the Route.authenticateWith signature
to use ForbiddenHandler<R>? for its onForbidden parameter, and change
RoleBasedAuthScheme.validateRoles(...) (and any other usages) to accept
ForbiddenHandler<R>? so route-level handlers preserve the same typed role
parameter produced by withRoles(...).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@ktor-server/ktor-server-plugins/ktor-server-auth/api/ktor-server-auth.klib.api`:
- Line 141: The public buildProvider(kotlin/String) bridge method
(TypedBasicAuthConfig.buildProvider) is leaking wiring internals; change its
visibility to internal or annotate it as opt-in/internal API and do the same for
the other similar methods reported (the entries at lines 161, 180, 194) so the
typed-config → raw-provider assembly plumbing is not part of the stable public
ABI; update the symbol declarations (TypedBasicAuthConfig.buildProvider and the
corresponding Typed*Config.buildProvider methods) to non-public visibility or
add the internal/ExperimentalWiring opt-in annotation so callers still using the
top-level DSL remain unaffected.
- Line 801: The generated public API exposes
Application.registerSchemeIfNeeded(DefaultAuthScheme<*, *>) which freezes
internal lazy-registration plumbing into the public surface; change its
visibility to internal (or annotate with an internal/opt-in marker such as
`@InternalAPI`) so it is not part of the public .api contract, update the function
declaration for
io.ktor.server.application.Application.registerSchemeIfNeeded(io.ktor.server.auth.typesafe.DefaultAuthScheme<*,
*>) accordingly, and adjust any call sites in auth modules to reside in the same
module or use the internal marker/opt-in mechanism so only intended Ktor auth
modules can invoke it.

In
`@ktor-server/ktor-server-plugins/ktor-server-auth/common/src/io/ktor/server/auth/typesafe/AuthScheme.kt`:
- Around line 23-36: The file currently uses `@OptIn`(ExperimentalKtorApi::class)
and leaves UnauthorizedHandler unannotated; update the API exposure by
annotating the top-level typealias UnauthorizedHandler and the interface
AuthScheme with `@ExperimentalKtorApi` so the experimental status is part of the
public API (remove the `@OptIn` usage on the interface declaration and apply the
`@ExperimentalKtorApi` annotation to both UnauthorizedHandler and AuthScheme to
match the rest of the typed-auth public APIs).

In
`@ktor-server/ktor-server-plugins/ktor-server-auth/common/src/io/ktor/server/auth/typesafe/RoleBasedAuthScheme.kt`:
- Around line 49-70: PerKey currently caches roles solely by
extractKey(principal) which lets a roles resolver that depends on
ApplicationCall (e.g., tenant/header/path or revocations) return stale results
across requests; update the design in RolesCacheStrategy.PerKey to either (1)
restrict caching to resolvers that only depend on the principal (document and
enforce that PerKey is only used when resolve is call-independent), or (2) make
the cache key include call-derived scope (e.g., add a call-scoped token) and add
eviction/invalidation (time-based TTL or explicit invalidation hooks) so role
resolution that uses ApplicationCall cannot be incorrectly reused; change
references to RolesCacheStrategy.PerKey, its extractKey, and the role resolution
path (resolve) accordingly and ensure the cache is bounded (size or TTL) to
avoid unbounded growth.

In
`@ktor-server/ktor-server-plugins/ktor-server-auth/common/src/io/ktor/server/auth/typesafe/TypedAuthInterceptors.kt`:
- Around line 148-149: The per-scheme failure aggregation uses
schemeContext.allFailures.firstOrNull(), which can pick an earlier cause instead
of the provider’s final failure; change to use the final failure (e.g.,
schemeContext.allFailures.lastOrNull()) when populating failures[scheme.name],
falling back to AuthenticationFailedCause.NoCredentials, so onUnauthorized
receives the provider's final failure result for that scheme.

In
`@ktor-server/ktor-server-plugins/ktor-server-auth/common/test/io/ktor/tests/auth/typesafe/DiagTest.kt`:
- Around line 39-50: The test currently only prints response statuses for the
two requests to client.get("/nested") (using bearerAuthHeader("valid") and
basicAuthHeader("user")) so add assertions that validate the expected outcomes:
assert that resp.status (the response from the bearer request) equals the
expected HttpStatusCode (e.g., HttpStatusCode.OK) and likewise assert
resp2.status (the response from the basic auth request) equals the expected
HttpStatusCode; update the DiagTest.kt test to replace or accompany the println
lines with assertions referencing resp, resp2, bearerAuthHeader, basicAuthHeader
and ensure HttpStatusCode is imported/used.

In
`@ktor-server/ktor-server-plugins/ktor-server-auth/jvm/src/io/ktor/server/auth/typesafe/TypedDigestAuthConfig.kt`:
- Around line 123-135: The two digestProvider(...) overloads write to different
backing fields (legacyDigestProviderFn and digestProviderFn) so calling both can
silently override the V2 provider in buildProvider; update each setter so it
clears the other field when invoked: in the DigestProviderFunction setter
(public fun digestProvider(digest: DigestProviderFunction)) null out
digestProviderFn before assigning legacyDigestProviderFn, and in the
DigestProviderFunctionV2 setter (public fun digestProvider(digest:
DigestProviderFunctionV2)) null out legacyDigestProviderFn before assigning
digestProviderFn; also apply the same mutual-clear behavior to the analogous
pair referenced at lines 171-172.

In
`@ktor-server/ktor-server-plugins/ktor-server-auth/jvm/test/io/ktor/tests/auth/typesafe/DigestAuthTest.kt`:
- Around line 48-57: The Authorization header in DigestAuthTest.kt uses a Digest
`uri` of "/dir/index.html" while the actual request is sent with
client.get("/"); update the Digest header to use uri="/" (or alternatively
change client.get to request the path used in the header) so the
`client.get("/")` call and the header's uri value align; edit the header block
where HttpHeaders.Authorization is set in the test to change the uri="..." to
the matching request path.

---

Nitpick comments:
In
`@ktor-server/ktor-server-plugins/ktor-server-auth-api-key/common/test/io/ktor/server/auth/apikey/ApiKeyAuthTest.kt`:
- Around line 108-111: The test's challenge block is referencing
call.authentication.allErrors but that path isn't exercised by the valid-key
test, so remove the unused access or move the assertion into the test that
triggers the challenge (the invalid-credentials flow). Locate the challenge
lambda in ApiKeyAuthTest.kt (the block containing "challenge { call ->
call.authentication.allErrors call.respond(errorStatus) }") and either delete
the call.authentication.allErrors line here, or relocate that assertion into the
test which sends an invalid API key so the challenge actually runs and validates
authentication errors.

In
`@ktor-server/ktor-server-plugins/ktor-server-auth/common/src/io/ktor/server/auth/typesafe/RouteBuilders.kt`:
- Around line 139-172: The route-level ForbiddenHandler currently erases the
concrete role type to AuthRole, losing type-safety; make ForbiddenHandler
generic (e.g., ForbiddenHandler<R : AuthRole>) so it accepts suspend
(ApplicationCall, Set<R>) -> Unit, update the Route.authenticateWith signature
to use ForbiddenHandler<R>? for its onForbidden parameter, and change
RoleBasedAuthScheme.validateRoles(...) (and any other usages) to accept
ForbiddenHandler<R>? so route-level handlers preserve the same typed role
parameter produced by withRoles(...).

In
`@ktor-server/ktor-server-plugins/ktor-server-auth/common/src/io/ktor/server/auth/typesafe/Scopes.kt`:
- Around line 96-98: The roles(context: RoutingContext) function currently
indexes attributes[rolesKey] directly which yields a generic missing-key
exception; change it to read the attribute via
context.call.attributes.getOrNull(rolesKey) and wrap that result with
checkNotNull(... ) providing a clear message (similar to how principal() does)
so misuse produces the same actionable missing-principal style failure;
reference the rolesKey symbol and the roles(context: RoutingContext) function
when applying the change.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 65935e0f-9734-405a-a7af-482e06127b7b

📥 Commits

Reviewing files that changed from the base of the PR and between 3f1bca4 and b918ae1.

📒 Files selected for processing (41)

• ktor-server/ktor-server-plugins/ktor-server-auth-api-key/api/ktor-server-auth-api-key.api
• ktor-server/ktor-server-plugins/ktor-server-auth-api-key/api/ktor-server-auth-api-key.klib.api
• ktor-server/ktor-server-plugins/ktor-server-auth-api-key/build.gradle.kts
• ktor-server/ktor-server-plugins/ktor-server-auth-api-key/common/src/io/ktor/server/auth/apikey/ApiKeyAuth.kt
• ktor-server/ktor-server-plugins/ktor-server-auth-api-key/common/src/io/ktor/server/auth/typesafe/ApiKeyTypedProvider.kt
• ktor-server/ktor-server-plugins/ktor-server-auth-api-key/common/src/io/ktor/server/auth/typesafe/TypedApiKeyAuthConfig.kt
• ktor-server/ktor-server-plugins/ktor-server-auth-api-key/common/test/io/ktor/server/auth/apikey/ApiKeyAuthTest.kt
• ktor-server/ktor-server-plugins/ktor-server-auth-api-key/common/test/io/ktor/server/auth/apikey/TypedApiKeyAuthTest.kt
• ktor-server/ktor-server-plugins/ktor-server-auth-jwt/api/ktor-server-auth-jwt.api
• ktor-server/ktor-server-plugins/ktor-server-auth-jwt/build.gradle.kts
• ktor-server/ktor-server-plugins/ktor-server-auth-jwt/jvm/src/io/ktor/server/auth/typesafe/JwtTypedProvider.kt
• ktor-server/ktor-server-plugins/ktor-server-auth-jwt/jvm/src/io/ktor/server/auth/typesafe/TypedJwtAuthConfig.kt
• ktor-server/ktor-server-plugins/ktor-server-auth-jwt/jvm/test/io/ktor/server/auth/jwt/TypedJwtAuthTest.kt
• ktor-server/ktor-server-plugins/ktor-server-auth/api/ktor-server-auth.api
• ktor-server/ktor-server-plugins/ktor-server-auth/api/ktor-server-auth.klib.api
• ktor-server/ktor-server-plugins/ktor-server-auth/build.gradle.kts
• ktor-server/ktor-server-plugins/ktor-server-auth/common/src/io/ktor/server/auth/AuthenticationInterceptors.kt
• ktor-server/ktor-server-plugins/ktor-server-auth/common/src/io/ktor/server/auth/typesafe/AuthScheme.kt
• ktor-server/ktor-server-plugins/ktor-server-auth/common/src/io/ktor/server/auth/typesafe/BasicTypedProvider.kt
• ktor-server/ktor-server-plugins/ktor-server-auth/common/src/io/ktor/server/auth/typesafe/OptionalAuthScheme.kt
• ktor-server/ktor-server-plugins/ktor-server-auth/common/src/io/ktor/server/auth/typesafe/RoleBasedAuthScheme.kt
• ktor-server/ktor-server-plugins/ktor-server-auth/common/src/io/ktor/server/auth/typesafe/RouteBuilders.kt
• ktor-server/ktor-server-plugins/ktor-server-auth/common/src/io/ktor/server/auth/typesafe/SchemeRegistration.kt
• ktor-server/ktor-server-plugins/ktor-server-auth/common/src/io/ktor/server/auth/typesafe/Scopes.kt
• ktor-server/ktor-server-plugins/ktor-server-auth/common/src/io/ktor/server/auth/typesafe/TypedAuthInterceptors.kt
• ktor-server/ktor-server-plugins/ktor-server-auth/common/src/io/ktor/server/auth/typesafe/TypedBasicAuthConfig.kt
• ktor-server/ktor-server-plugins/ktor-server-auth/common/src/io/ktor/server/auth/typesafe/TypedBearerAuthConfig.kt
• ktor-server/ktor-server-plugins/ktor-server-auth/common/src/io/ktor/server/auth/typesafe/TypedFormAuthConfig.kt
• ktor-server/ktor-server-plugins/ktor-server-auth/common/src/io/ktor/server/auth/typesafe/TypedSessionAuthConfig.kt
• ktor-server/ktor-server-plugins/ktor-server-auth/common/test/io/ktor/tests/auth/typesafe/BasicSchemesTest.kt
• ktor-server/ktor-server-plugins/ktor-server-auth/common/test/io/ktor/tests/auth/typesafe/DiagTest.kt
• ktor-server/ktor-server-plugins/ktor-server-auth/common/test/io/ktor/tests/auth/typesafe/LegacyApiCoexistenceTest.kt
• ktor-server/ktor-server-plugins/ktor-server-auth/common/test/io/ktor/tests/auth/typesafe/MultipleSchemeTest.kt
• ktor-server/ktor-server-plugins/ktor-server-auth/common/test/io/ktor/tests/auth/typesafe/NestedRoutesTest.kt
• ktor-server/ktor-server-plugins/ktor-server-auth/common/test/io/ktor/tests/auth/typesafe/OptionalAndAnonymousAuthTest.kt
• ktor-server/ktor-server-plugins/ktor-server-auth/common/test/io/ktor/tests/auth/typesafe/RoleBasedAuthTest.kt
• ktor-server/ktor-server-plugins/ktor-server-auth/common/test/io/ktor/tests/auth/typesafe/TestUtils.kt
• ktor-server/ktor-server-plugins/ktor-server-auth/common/test/io/ktor/tests/auth/typesafe/UnauthorizedAndChallengesTest.kt
• ktor-server/ktor-server-plugins/ktor-server-auth/jvm/src/io/ktor/server/auth/typesafe/DigestTypedProvider.kt
• ktor-server/ktor-server-plugins/ktor-server-auth/jvm/src/io/ktor/server/auth/typesafe/TypedDigestAuthConfig.kt
• ktor-server/ktor-server-plugins/ktor-server-auth/jvm/test/io/ktor/tests/auth/typesafe/DigestAuthTest.kt