Skip to content

Add typed OAuth with session support#5567

Draft
zibet27 wants to merge 4 commits intotyped-auth-dslfrom
typed-oauth-with-session
Draft

Add typed OAuth with session support#5567
zibet27 wants to merge 4 commits intotyped-auth-dslfrom
typed-oauth-with-session

Conversation

@zibet27
Copy link
Copy Markdown
Collaborator

@zibet27 zibet27 commented Apr 30, 2026

Subsystem
Server Auth

Motivation
https://github.com/ktorio/ktor-klip/blob/zibet27/auth-3.5/proposals/0006-auth-3.5.md

Why oauthWithSession

The existing OAuth provider is useful for completing the OAuth callback and obtaining an OAuthAccessTokenResponse, but it is easy to read it as a provider that can protect application routes directly.

That is misleading for typical web login flows: OAuth authenticates only the callback request. It does not persist the login state, create an application principal, or protect later requests. Applications still need to map the token response to their own session/principal and then use session authentication for protected routes.

oauthWithSession makes this pattern explicit:

  • OAuth handles the redirect/callback flow.
  • The callback maps the OAuth token response to an application session.
  • Protected routes authenticate via that session and expose a typed principal.

This keeps the OAuth provider focused on OAuth, while giving users a typed, end-to-end login flow that matches how OAuth is commonly used in server-side applications.

This is still a question if we want to just provide typed DSL for oauth or oauthWithSession, as shown in this PR

@zibet27 zibet27 requested review from bjhham, e5l, nomisRev and osipxd April 30, 2026 09:17
@zibet27 zibet27 self-assigned this Apr 30, 2026
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented Apr 30, 2026
edited
Loading

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 30be41e1-ed04-4937-8754-b3bc14a3a90d

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch typed-oauth-with-session

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@zibet27 zibet27 marked this pull request as draft April 30, 2026 09:19
@osipxd
Copy link
Copy Markdown
Member

osipxd commented Apr 30, 2026

Could you pull the latest main? Failing tests seem to be fixed in the main branch.

@zibet27 zibet27 force-pushed the typed-oauth-with-session branch from 686588c to 8a267ac Compare April 30, 2026 15:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@osipxd osipxd Awaiting requested review from osipxd

@e5l e5l Awaiting requested review from e5l

@nomisRev nomisRev Awaiting requested review from nomisRev

@bjhham bjhham Awaiting requested review from bjhham

Assignees

@zibet27 zibet27

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@zibet27 @osipxd