应该可以使用更明确的模型，并结合对路由或底层服务中的模型进行验证（取决于这被视为域逻辑还是API逻辑）
对于基本auth，它看起来有点像：

sealed interface PrincipalResult {
    data class User(/* ... */): PrincipalResult

    object NoUserProvided: PrincipalResult

    // This might be replaced with a null result to conform with the Ktor API
    // I prefer making it explicit and communicate what's going on
    // and not just accept a null that means everything and nothing.
    //
    // This can also be made into a data class and expanded
    // with additional information, allowing for better errors and richer debugging
    object InvalidUserCredentials: PrincipalResult
}

install(Authentication) {
    basic("stuart-auth") {
        realm = "Access to the '/' path"
        validate { credentials ->
            if (credentials.isMissing()) {
                PrincipalResult.NoUserProvided
            } else if (credentials.isValid() {
                PrincipalResult.User(/* ... */)
            } else {
                PrincipalResult.InvalidUserCredentials
            }
        }
    }
}

现在可以做到：

authenticate(Constants.myAuthScope) {
    post("/my-route") {
        val request = call.receive<MyRouteRequest>()
        val principalResult = call.principal<PrincipalResult>()

        when (principalResult) {
            is PrincipalResult.User ->
            is PrincipalResult.NoUserProvided ->
            is PrincipalResult.InvalidUserCredentials ->
        }
        // ...
    }
}

当然，这种模式应该应用于您实际使用的任何身份验证方案，例如JWT，OAuth，LDAP等。

尝试authenticate的optional参数，如

authenticate(Constants.myAuthScope, optional = true) {
    post("/my-route") {}
}