mohiva/play-silhouette

Silhouette is an authentication library for Play Framework applications that supports several authentication methods, including OAuth1, OAuth2, OpenID, Credentials or custom authentication schemes.

Rup Shri

@irhspur

Great @akkie thanks

Raghu

@RaghuTw1_twitter

Is there a good way to decode the state when the user denies access? I have a lot of useful information in the state that I need access to. Currently, I get an exception and it doesn’t seem to have the state information in there. I can see that the request sent back from the OAuth provider has the state variable.
It would’ve been really nice if the state extraction was separate from the handling of the received code or status. Looking thru the code, looks like it’s a protected resource.

nafg

@nafg

Can you give some more context?

Raghu

@RaghuTw1_twitter

When a user authenticates with an OAuth provider and decides in the flow to decline, the provider will call me with access denied. This shows up as AccessDenied exception. I need to get at the state so I can figure out a decent way of handling the error - like redirecting someplace.

Taylor Robison

@trobison

Hey there @akkie Big thanks for making Silhouette available to the world! I'm working on a project and one of the things I can't figure out is whether I can use the auth data obtained by silhouette to call Google APIs after the user has logged into google using Silhouette. I can't seem to find a way to do that but it seems like a common case. Am I looking in the wrong place? As an example, if one wanted to fetch detailed information about the logged in user one might use something similar to this: https://developers.google.com/admin-sdk/directory/v1/quickstart/java But that would trigger another auth flow, which seems silly.

Giovanni Azua

@bravegag

Hi everyone, I'm looking at moving to Silhouette from PA. I have over time built a seed for apps but since PA is Java native and I need Scala then the result is a bit hacky (e.g. creating JavaContext for Scala). Anyway, what's the closest (and latest Play 2.7) Silhouette seed to what I have https://github.com/bravegag/play-authenticate-usage-scala including: username/password authentication with email integration, social authentication, Slick backend and DAO with Postgres DB, Google recaptcha TOTP, Remember Me using cookies or otherwise. TIA!

Christian Kaps

@akkie

The latest official Silhouette seed currently uses Silhouette 6.0.0 Snapshot which is basically the same as 6.0.0-RC1. Version 6 is based an Play 2.7. The features for this seed are documented in the readme. TOTP isn't currently not supported by Silhouette.

Giovanni Azua

@bravegag

@akkie Hi! thanks for letting me know!

How do you implement sudo Actions in Silhouette? by sudo I mean when we need to re-auth the user because of trying to access sensitive information such as billing or security settings. Sudo activates when the user logged in using a cookie and then attempts to access (view or edit) sensitive information.

Christian Kaps

@akkie

@bravegag I'll post the link to the forum post, so that others can follow the discussion. http://discourse.silhouette.rocks/t/how-do-you-solve-in-silouette-the-sudo-actions-use-case/340/4

mcallisto

@mcallisto

Hi, anyone knows if play-silhouette-persistence-reactivemongo latest release 5.0.6 is compatible with play-silhouette latest 6.0.x?

mcallisto

@mcallisto

I would say no, the former is based on Play 2.6, while the latter on 2.7

Christian Kaps

@akkie

@mcallisto Yes they are not compatible at the moment. A PR is welcome

Saskia Gennrich

@pektinasen

Hello everyone. Is it possible to have different custom error handlers per Environment?

Albaro Pereyra

@AlbaroPereyra

Yes!

https://www.playframework.com/documentation/2.5.x/ScalaErrorHandling

Saskia Gennrich

@pektinasen

Sorry, I wasn't clear. I meant the com.mohiva.play.silhouette.api.actions.SecuredErrorHandler

I can overwrite the defaultSecuredErrorHandler in every Action, but I was wondering if there was another way

Christian Kaps

@akkie

@pektinasen The silhouette stack can be bound per environment and so the global error handler can also be bound per environment. https://github.com/mohiva/play-silhouette/blob/master/silhouette/app/com/mohiva/play/silhouette/api/Silhouette.scala#L30

Raghu

@RaghuTw1_twitter

When is 6.0.x likely to make it out into the wild?

Christian Kaps

@akkie

I'll release it tomorrow

Alex Henning Johannessen

@ahjohannessen

@akkie Play 2.7.3 supports Scala 2.13.0, any chance to bump Play and do a 2.13.0 release?

Christian Kaps

@akkie

@ahjohannessen sure, any PR is welcome

Alex Henning Johannessen

@ahjohannessen

@akkie Here you go: mohiva/play-silhouette#564

Alex Henning Johannessen

@ahjohannessen

travis is a bit flaky in that it does not always to succeed to resolve some dependencies

Alex Henning Johannessen

@ahjohannessen

@akkie Could you please reset the travis ci cache and restart the build for #564 ? As you can see here: https://travis-ci.org/mohiva/play-silhouette/builds/551340681 everything is green, but then here: https://travis-ci.org/mohiva/play-silhouette/builds/551349791 Scala 2.12.8/jdk8 has issues resolving dependencies. I think it is a result of something weird with caching.

Alex Henning Johannessen

@ahjohannessen

@akkie Got things stable wrt. CI, so no need to clear cache - Updated sbt-runner to latest sbt-extras and CI is consistently green now :)

nafg

@nafg

@ahjohannessen I just had that. Maybe travis is having some hiccups. It doesn't normally happen to me.

setrar

@setrar

https://github.com/CollegeBoreal/play-silhouette-slick-mysql.g8

I am upgrading this g8 project to Play 2.7.3 supports Scala 2.13.0 but I am having classTag issue with the new DelegableAuthInfoDAO trait

play-silhouette-slick-mysql/app/daos/password/PasswordDAO.scala:16:7: class PasswordDAO needs to be abstract. Missing implementation for:
[error]   val classTag: scala.reflect.ClassTag[com.mohiva.play.silhouette.api.util.PasswordInfo] // inherited from trait DelegableAuthInfoDAO

https://github.com/CollegeBoreal/play-silhouette-slick-mysql.g8/blob/master/src/main/g8/app/daos/password/PasswordDAO.scala#L15

setrar

@setrar

A follow up to my question, I instantiate the Password DAO using the below Injection scheme in Silhouette 5.0.3

@Singleton
class PasswordDAO @Inject()(
    protected val dbConfigProvider: DatabaseConfigProvider,
    loginDao: LoginDAO)(implicit executionContext: ExecutionContext)
    extends DelegableAuthInfoDAO[PasswordInfo]
    with PasswordDTO
    with HasDatabaseConfigProvider[JdbcProfile] {
...

The Silhouette Module Binding follows the below snippet

class SilhouetteModule extends AbstractModule with ScalaModule {

  override def configure(): Unit = {
   ...
    // @provides provideAuthInfoRepository
    bind[DelegableAuthInfoDAO[PasswordInfo]].to[PasswordDAO]
}

Unfortunately, the new DelegableAuthInfoDAO trait doesn't seem to allow the same instantiation.

val silhouetteVersion = "6.0.1"

trait DelegableAuthInfoDAO[T <: AuthInfo] extends AuthInfoDAO[T] {

  /**
   * The class tag for the type parameter.
   */
  val classTag: ClassTag[T]
}

The previous DelegableAuthInfoDAO implementation used an abstract class.

val silhouetteVersion = "5.0.3"

abstract class DelegableAuthInfoDAO[T <: AuthInfo](implicit val classTag: ClassTag[T]) extends AuthInfoDAO[T]

What would be the new way to instantiate PasswordDAO?

I looked into the Change Log and couldn't find any new explanation regarding the new trait implementation.

Let me know if the chat is not the place to talk about this item, I will move it to the forum. Thanks, and please help

Christian Kaps

@akkie

@setrar Do you get a compile error? For the new implementation you must pass an implicit class tag. The abstract class has done this implicitly. Now you must pass it explicitly

setrar

@setrar

@akkie yes, I do get a compile Error

play-silhouette-slick-mysql/app/daos/password/PasswordDAO.scala:16:7: class PasswordDAO needs to be abstract. Missing implementation for:
[error]   val classTag: scala.reflect.ClassTag[com.mohiva.play.silhouette.api.util.PasswordInfo] // inherited from trait DelegableAuthInfoDAO

I then tried to mimic InMemoryAuthInfoDAO

  override def configure(): Unit = {
       ...
      bind[DelegableAuthInfoDAO[PasswordInfo]]
            .toInstance(new PasswordDAO[PasswordInfo])
  }

But it looks like I need to use .toInstance to create a new DelegableAuthInfoDAO

That doesn't sit well with the Injected dbConfig

class PasswordDAO[T <: AuthInfo] @Inject()(
    protected val dbConfigProvider: DatabaseConfigProvider,
    loginDao: LoginDAO)(implicit val classTag: ClassTag[T])
    extends DelegableAuthInfoDAO[T]
    with PasswordDTO
    with HasDatabaseConfigProvider[JdbcProfile] {
   ...

any workaround?

Christian Kaps

@akkie

You could use a Guice provider. The official seed template does use this already for some services. With a provider you can instantiate complex classes

Christian Kaps

@akkie

Could you post the code of your Dao?

setrar

@setrar

@akkie Thanks, I will look into the Provider solution from the seed.

A DAO's snippet below but you can find the entire gitter8 template here

https://github.com/CollegeBoreal/play-silhouette-slick-mysql.g8

@Singleton
class PasswordDAO @Inject()(
    protected val dbConfigProvider: DatabaseConfigProvider,
    loginDao: LoginDAO)(implicit executionContext: ExecutionContext)
    extends DelegableAuthInfoDAO[PasswordInfo]
    with PasswordDTO
    with HasDatabaseConfigProvider[JdbcProfile] {

  import profile.api._

  val passwords = lifted.TableQuery[PasswordTable]

  def getAll: Future[Seq[Password]] = db.run(passwords.result)

  override def find(loginInfo: LoginInfo): Future[Option[PasswordInfo]] =
    db.run {
      for {
        Some(fields) <- passwords
          .filter(_.password === loginInfo.providerKey)
          .result
          .map(_.headOption)
      } yield
        Some(
          PasswordInfo(hasher = fields.hasher,
                       password = fields.secret,
                       salt = fields.salt))
    }
...

To start a new project: (using play-2.7, scala 2.13 and latest Silhouette) not working

$ sbt new CollegeBoreal/play-silhouette-slick-mysql.g8

The previous SIlhouette 5.03 version

$ sbt new CollegeBoreal/play-silhouette-slick-mysql.g8 --branch play-2.6

Christian Kaps

@akkie

And this code:

class PasswordDAO[T <: AuthInfo] @Inject() (
  protected val dbConfigProvider: DatabaseConfigProvider,
  loginDao: LoginDAO
)(
  implicit 
  val classTag: ClassTag[T],
  executionContext: ExecutionContext
) extends DelegableAuthInfoDAO[T]
    with PasswordDTO
    with HasDatabaseConfigProvider[JdbcProfile] {

Doesn't work if you use:

bind[DelegableAuthInfoDAO[PasswordInfo]].to[PasswordDAO]

Normally, it should

Christian Kaps

@akkie

Normally T isn't really needed here:

class PasswordDAO @Inject() (
  protected val dbConfigProvider: DatabaseConfigProvider,
  loginDao: LoginDAO
)(
  implicit 
  val classTag: ClassTag[PasswordInfo],
  executionContext: ExecutionContext
) extends DelegableAuthInfoDAO[PasswordInfo]
    with PasswordDTO
    with HasDatabaseConfigProvider[JdbcProfile] {

setrar

@setrar

@akkie the second snippet (without using the type parameter [T]) does compile but it gives an Error. The same error is thrown when using the type parameter [T].

[error] application - 

! @7cm23k6mg - Internal server error, for (GET) [/] ->

play.api.UnexpectedException: Unexpected exception[CreationException: Unable to create injector, see the following errors:

1) No implementation for scala.reflect.ClassTag<com.mohiva.play.silhouette.api.util.PasswordInfo> was bound.
  while locating scala.reflect.ClassTag<com.mohiva.play.silhouette.api.util.PasswordInfo>
    for the 3rd parameter of daos.password.PasswordDAO.<init>(PasswordDAO.scala:18)
  at modules.SilhouetteModule.configure(SilhouetteModule.scala:78) (via modules: com.google.inject.util.Modules$OverrideModule -> modules.SilhouetteModule)

Christian Kaps

@akkie

The class tag will be added by the compiler. So it seems that this isn't possible in this case due to the Guice magic. So you should use a Guice provider in this case

setrar

@setrar

@akkie great, I will. Thanks again

1 reply

Shunsuke Wada

@letusfly85

Hi, now I’m implementing a play-silhouette OAuth2 and a Vue.js project.
I’m trying to redirect from the playframework project to the Vue.js project after successing authentication.

But, I cannot handle JWT of the play project on the Vue.js project.

Is there any good way to get X-Auth-Token on Vue.js project.
If I can, I want to use OAuth2 without redirect.

Christian Kaps

@akkie

@letusfly85 For me it's not really clear what you try to achieve. Could be a bit more specific?

Shunsuke Wada

@letusfly85

@akkie

Thank you, I want to like the above.

Christian Kaps

@akkie

@letusfly85 The second part of the OAuth2 flow, where the provider returns the access token (your JWT), is normally the only part Silhouette handles in this scenario. The first part of the OAuth2 flow is mostly handled client side in your Vue.js code. Am I right? So in this case, you start the flow from the client side. Your client redirects the user to the provider, where the authentication against the provider happens. The provider redirects the user to the Silhouette endpoint with the authorization code. Silhouette exchanges the authorization code against the access token. Now you have two possibilities. First you can initiate a Silhouette session (create an authenticator), so that the user is authenticated against your backend. In the second case, you don't need a Silhouette session bur rather the OAuth2 access token from the provider. In both cases your controller which acts as the OAuth2 endpoint in your Play app and which calls the OAuth2Provider.authenticate method, can send a redirect to your client. In this redirect you can include in both cases, the access token (your JWT) which you get as result from the authenticate method.

Altern Egro

@alternegro

Hello, is the 4.0 documentation worth reading or will it lead me down the wrong path?

Shunsuke Wada

@letusfly85

@akkie

Where communities thrive

People

Repo info

Activity