HTTP Authentication in Scala with Http4s: Passwords, Digests, Sessions, JWTs

This is the kind of content our community, more often than not, completely lacks. Thank you, Daniel, for your huge contribution to Scala's learning ecosystem.

Long time no see.
Glad to hear you again :)

I can't thank you enough Daniel!
The jwt part (~56min+) is exactly what I needed because http4s-jwt-auth lib is a bit thin on documentation.

Yes this is THE content that we need!

it’s funny, this looks similar to the phoenix framework when dealing with routes. I just couldn’t understand elixir very well without types. So this library seems very intriguing to me. I’m not to sure how the type level stack would do in terms of performance though in the frontend. So I’d probably use something else but I’ll checkout the course. Scala looks amazing but it’s kinda scary when you look at a large codebase.

Chapters
00:00 Intro
01:32 Http Server setup
07:00 Basic Authentication
22:40 Digest Authentication
34:00 Sessions
56:45 JWT
01:18:00 Outro

I think there is something wrong with the Session and cookie code. If I execute the suggested curl command with a wrong cookie parameter value, I'm always passing through the endpoint. Is this the correct behaviour? Shouldn't I be blocked?

So much complicated stuff for a simple app :D
But thanks for enlightening Daniel.

I have a question about the authstore, as it uses MD5 and we cannot extend the AuthStore Trait as it is sealed in the package. In the database we are using plaintext passwords, which for any real usecase is a no go. How can I use hashing for the passwords and where would I generate the hash (SHA-256 for example) for the password that's coming from the request? I've been trying to find it myself but am unable.
Also: are you going to come out with a course on HTTP4S?