type AsyncAuthenticatorPF[T] = PartialFunction[Credentials, Future[T]]
def authenticateOAuth2PFAsync[T](realm: String, authenticator: AsyncAuthenticatorPF[T]): AuthenticationDirective[T]


Wraps the inner route with OAuth Bearer Token authentication support using a given AsyncAuthenticatorPF[T]AsyncAuthenticatorPF<T> - Partial function from Optional<ProvidedCredentials> to CompletionStage<User>.

Provides support for extracting the so-called “Bearer Token” from the AuthorizationAuthorization HTTP Header, which is used to initiate an OAuth2 authorization.


This directive does not implement the complete OAuth2 protocol, but instead enables implementing it, by extracting the needed token from the HTTP headers.

Refer to authenticateOAuth2 for a detailed description of this directive.

Its semantics are equivalent to authenticateOAuth2PF ’s, where not handling a case in the Partial Function (PF) leaves the request to be rejected with a AuthenticationFailedRejectionAuthenticationFailedRejection rejection.

See also authenticateOAuth2PF if the authorization operation is rather quick, and does not have to execute asynchronously.

See Credentials and password timing attacks for details about verifying the secret.

For more information on how OAuth2 works see RFC 6750.


Usage in code is exactly the same as authenticateBasicPFAsync, with the difference that one must validate the token as OAuth2 dictates (which is currently not part of Akka HTTP itself).

Found an error in this documentation? The source code for this page can be found here. Please feel free to edit and contribute a pull request.