Silhouette is an authentication library for Play Framework applications that supports several authentication methods, including OAuth1, OAuth2, OpenID, Credentials or custom authentication schemes.
akkie on gh-pages
updated site (compare)
akkie on gh-pages
updated site (compare)
akkie on gh-pages
updated site (compare)
akkie on gh-pages
updated site (compare)
akkie on master
Fixed Profile URL as v1 resourc… (compare)
akkie on gh-pages
updated site (compare)
@akkie
My silhouette.conf
settings is below.
Should we change from secureCookie
false to true (even if I use JWT..) ?
# CSRF state item handler settings
csrfStateItemHandler.cookieName="OAuth2State"
csrfStateItemHandler.cookiePath="/"
csrfStateItemHandler.secureCookie=false // Disabled for testing on localhost without SSL, otherwise cookie couldn't be set
csrfStateItemHandler.httpOnlyCookie=true
csrfStateItemHandler.expirationTime=5 minutes
This will not work with your scenario!
Oh.. I only want to get code
from the provider and publish login event on silhouette middleware..
If Silhouette initiates the OAuth2 flow, then it sends a token in the OAuth2 state param. And in the second step it validates the token.
Thank you.
So, should I change like the following way.
# CSRF state item handler settings
csrfStateItemHandler.cookieName="OAuth2State"
csrfStateItemHandler.cookiePath="/"
csrfStateItemHandler.secureCookie=false // Disabled for testing on localhost without SSL, otherwise cookie couldn't be set
csrfStateItemHandler.httpOnlyCookie=false
csrfStateItemHandler.expirationTime=5 minutes
SilhouetteModule.scala
like below. @Provides
def provideSocialStateHandler(
@Named("social-state-signer") signer: Signer,
csrfStateItemHandler: CsrfStateItemHandler): SocialStateHandler = {
// new DefaultSocialStateHandler(Set(csrfStateItemHandler), signer)
new DefaultSocialStateHandler(Set(), signer)
}
const code = this.$route.query.code
const scope = this.$route.query.scope
const targetUrl = `http://localhost:9000/authenticate/google`
const params = {
code: code,
scope: scope
}
axios.post(targetUrl, params, (response) => {
console.log(response)
}, (error) => {
console.error(error)
})
com.mohiva.play.silhouette.impl.exceptions.UnexpectedResponseException: [Silhouette][google] Got unexpected response `{
"error": "invalid_grant",
"error_description": "Bad Request"
}`; status code: 400
Thank you, I succeeded sign in,
from vue.js https://accounts.google.com/o/oauth2/auth?response_type=code
and redirect to localhost:9000/authenticate/google
from the provider.
and I can go to the Vue.js project like the following way, but how can I pass the token…? currently I do by queryString
like ?token=……
.
result <- silhouette.env.authenticatorService.embed(
token,
Redirect(s"http://localhost:3000?token=${token}")
Redirect
is a Play Result implementation. You should have the same API to send cookies, headers, ...
Hi @akkie ,
I followed the migration guide but running into another issue.
I removed the bind and added the provider
override def configure(): Unit = {
...
// set your own Environment [Type]
bind[Silhouette[DefaultEnv]].to[SilhouetteProvider[DefaultEnv]]
// @provides provideEnvironment [Implementation]
bind[IdentityService[User]].to[UserDAO]
// @provides provideAuthenticatorService
bind[AuthenticatorRepository[JWTAuthenticator]].to[AuthenticatorDAO]
}
@Provides
def providePasswordDAO(dbConfigProvider: DatabaseConfigProvider,
loginDao: LoginDAO): PasswordDAO =
new PasswordDAO(dbConfigProvider, loginDao)
The project compiles but the AuthInfoRepository
provider doesn't seem to find the DelegableAuthInfoDAO[PasswordInfo]
provider
/**
* Provides the auth info repository.
*
* @param passwordInfoDAO The implementation of the delegable password auth info DAO.
* @return The auth info repository instance.
*/
@Provides
def provideAuthInfoRepository(
passwordInfoDAO: DelegableAuthInfoDAO[PasswordInfo]): AuthInfoRepository =
new DelegableAuthInfoRepository(passwordInfoDAO)
It throws the below error
Unexpected exception
CreationException: Unable to create injector, see the following errors:
1) No implementation for com.mohiva.play.silhouette.persistence.daos.DelegableAuthInfoDAO<com.mohiva.play.silhouette.api.util.PasswordInfo> was bound.
while locating com.mohiva.play.silhouette.persistence.daos.DelegableAuthInfoDAO<com.mohiva.play.silhouette.api.util.PasswordInfo>
for the 1st parameter of modules.SilhouetteModule.provideAuthInfoRepository(SilhouetteModule.scala:182)
at modules.SilhouetteModule.provideAuthInfoRepository(SilhouetteModule.scala:182) (via modules: com.google.inject.util.Modules$OverrideModule -> modules.SilhouetteModule)
I tried to force the connection using a @Named
decorator
@Provides
@Named("password-repository")
def providePasswordDAO(dbConfigProvider: DatabaseConfigProvider,
loginDao: LoginDAO): PasswordDAO =
new PasswordDAO(dbConfigProvider, loginDao)
against the AuthInfoRepository
provider but it's the same issue
@Provides
def provideAuthInfoRepository(
@Named("password-repository")
passwordInfoDAO: DelegableAuthInfoDAO[PasswordInfo]): AuthInfoRepository =
new DelegableAuthInfoRepository(passwordInfoDAO)
please see the project at the below location, sorry, I am not familiar with Guice
https://github.com/CollegeBoreal/play-silhouette-slick-mysql
Thanks
play-silhouette-seed
and managed to get JWT sent back to the client in a Response Header called X-Auth-Token
, however when I'm trying to visit other pages on the site, those pages don't send the token back to the server, so the user always gets redirected to log in again. I've found this problem in the archive and implemented it to save the token as a cookie, but still doesn't work: https://gitter.im/mohiva/play-silhouette/archives/2015/05/30
X-Auth-Token
header. From there on out, the Angular app holds onto the token and sends it for all requests. Now maybe this is a minor nitpick, but when users navigate back to the Play endpoint, it will never detect that they are logged in, because I can't figure out how to get the webpages to send the X-Auth-Token
header on all requests (if it exists in cookies).
Hi all, I am working an app based on Silhouette Seed Template that use CookieAuthenticator. I need to extend current functionality to mobile clients.
Would CookieAuthenticator be a good choice for mobile ? should I consider another Authenticator as JWT for this purpose ?
Thank you!