Ktor gives me 404 on all authenticated routes

So, I’ve been working on a server-side application with Ktor, which has both normal and authenticated routes inside the routing block. For some reason, I now get a 404 whenever I try to send a request to an authenticated endpoint.

The authentication I use is just basic, and I also checked that the credentials are not the problem here, by letting the validation in "basicAuth" always return a Principal. It still doesn’t work.

Basically, the structure is like this:

install(Authentication) {
    basic("basicAuth") {
        realm = "Ktor Server"
        validate { object : Principal {} } // to make sure the credentials don't matter in the test

routing {
    // some endpoints, including static ones
    authenticate("basicAuth") {
        // authenticated endpoints which always return 404

Now, when I try to access an endpoint that was defined inside of autheticate, I get the following response:

HTTP/1.1 404 Not Found
Vary: Origin
Date: [Date]
X-Engine: Ktor
Server: ktor-server-core/1.5.1 ktor-server-core/1.5.1
Content-Length: 0
Connection: keep-alive

<Response body is empty>

Response code: 404 (Not Found); Time: 45ms; Content length: 0 bytes

I have validated that any request from the authenticate block will magically work again when I put it in the outer routing block instead. With breakpoints, I found out that the handler code of the requested endpoint does not get executed at all, however, when installing CallLogging, the server will log:

[date and time] [DefaultDispatcher-worker-1] INFO  Application - 404 Not Found: GET - [requested endpoint]

So the server somehow recognizes the request but fails to map it to an endpoint, although there’s one right there in the authenticate block.

The weirdest thing is that I remember testing those endpoints earlier and everything worked fine…

Anyway, if you know what the issue here could be, please let me know!


Seems more like a question that should be asked in ktor project, not here.

Can you try with no arguments for both basic and autheticate (remove the basicAuth) and use validate { null } ?

Ideally make a small git* project that doesnt work.