akka-http-session

akka-http-session copied to clipboard

issue refreshing token

7

I am using refreshable and cookie options for session handling. OneOff option works as expected but I am unable to get the refreshable option to work. Setting session max-age to...

colinbes

**Problem** Currently there the API doesn't support different access and refresh tokens transports (for example one should be stored in a HTTP only cookie, while the other in header). **Motivation**...

kamac

Header error regarding JWT implementation

8

First off, Thank you so much for your project (time and effort!). On this moment I'm experiencing some errors regarding the JWT header (name/value) combination. The error throw = `Illegal...

nmolenaar

After invalidateSession I'm able to access secured endpoint with "invalidated" session

7

Hello Looks like the invalidateSession function doesn't invalidate the session as it should. I'll explain below what I mean. If you want to look at steps to reproduce without technical...

Fruzenshtein

Authorizations

7

Great project, thanks! Works effortlessly. Any interest in Shiro as an authorization provider? Other ideas come to mind? This being the Scala world, it strikes me that someone out there...

briantopping

Infinite loop in RefreshTokenManager

3

I'm using akka-http-session 0.4.0 in scastie https://github.com/scalacenter/scastie/blob/master/server/src/main/scala/com.olegych.scastie.web/oauth2/GithubUserSession.scala I have two threads at 100% cpu usage. This the result of jstack: ``` "Web-akka.actor.default-dispatcher-214" #273 prio=5 os_prio=0 tid=0x00007f69fc024000 nid=0x33ba runnable [0x00007f69bfbf8000] java.lang.Thread.State:...

MasseGuillaume

RefreshTokenStorage schedule documentation

5

Hello, I'm interested in using this project, but there are still some obscure undocumented aspects. The first one is the `schedule` method in the `RefreshTokenStorage`. Can you please clarify what...

epifab

requireSession breaks CORS

3

My CORS configuration works perfectly until I use requireSession. I have tried many different configurations with no success in getting both CORS and Sessions working together. I'm guessing that requireSession...

andrewresearch

ScalatestRouteTest does not support session test

6

in my example: there are three route: login, upload, download to test it, the client must login first to upload then with the result from previous upload, can only the...

epiphyllum

TouchRequiredSession generates new refresh token when access token is expired

5

I am using touchRequiredSession with refresh tokens and custom headers. I am noticing that the refresh-token is rotated when the access token is expired and the refresh token is not....

jonnycatlett