by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • May 04 11:09

    akkie on gh-pages

    updated site (compare)

  • May 04 10:58

    akkie on gh-pages

    updated site (compare)

  • May 04 10:56

    akkie on gh-pages

    updated site (compare)

  • May 04 10:45

    akkie on master

    Fixed Auth0ProfileParser to get… (compare)

  • May 04 10:45
    akkie closed #578
  • May 04 10:44
    akkie commented #578
  • May 03 03:23
    coveralls commented #578
  • May 03 03:02
    ymotchi opened #578
  • Feb 27 17:45
    rorygraves commented #569
  • Feb 27 16:39

    akkie on gh-pages

    updated site (compare)

  • Feb 27 16:33

    akkie on gh-pages

    updated site (compare)

  • Feb 27 16:30
    akkie closed #569
  • Feb 27 16:30
    akkie commented #569
  • Feb 27 16:28

    akkie on 7.0.0

    (compare)

  • Feb 27 16:25

    akkie on master

    Release version 7.0.0 (compare)

  • Feb 10 19:05
    akkie commented #569
  • Feb 10 19:04

    akkie on 7.0.0-RC1

    (compare)

  • Feb 10 19:04

    akkie on 7.0.0-RC1

    (compare)

  • Feb 10 19:01

    akkie on 7.0.0-RC1

    Release version 7.0.0-RC1 (compare)

  • Feb 10 18:53

    akkie on gh-pages

    updated site (compare)

Søren Valentin Silkjær
@SoerenSilkjaer
Hi. Does play-silhouette have a built in mechanism for refreshing tokens when using OAuth2 or OIDC?
Christian Kaps
@akkie
Currently this functionality is one implemented into the framework agnostic version of silhouette. Maybe you can backport it
gobandoGH
@gobandoGH
Hi All,
I am implementing a JWT authenticator in Silhouette 6.1 and having this error: “[Silhouette][jwt-authenticator] Could not init authenticator: JWTAuthenticator”
I have also learned that is error was fixed by updating JWT dependencies in Silhouette 5.0.3.
What this issue might be ?, and how to solve it ?
Appreciate your help
Christian Kaps
@akkie
There must be a more detailed error. Have you enabled debug logging?
gobandoGH
@gobandoGH
@akkie, this is the sequence of the error in the console log:
play.api.http.HttpErrorHandlerExceptions$$anon$1: Execution exception[[AuthenticatorInitializationException: [Silhouette][jwt-authenticator] Could not init authenticator: JWTAuthenticator
….Caused by: com.mohiva.play.silhouette.api.exceptions.AuthenticatorInitializationException: [Silhouette][jwt-authenticator] Could not init authenticator: JWTAuthenticator
….Caused by: com.atlassian.jwt.exception.JwtMalformedSharedSecretException: Failed to create MAC signer with the provided secret key
….Caused by: com.nimbusds.jose.KeyLengthException: The secret length must be at least 256 bits
Thank you
Christian Kaps
@akkie
So the issue is fixed?
gobandoGH
@gobandoGH
No it's not. I'm still working on it. I'll keep you posted
Thank you
gobandoGH
@gobandoGH
@akkie, What provisions should I take from a CSRF play´s perspective for a JWT authenticator to work ?
My app is based on the play-silhouette-seed adding new controllers to the CookieAuthenticator end-points.
Christian Kaps
@akkie
The exception contains the error message: The secret length must be at least 256 bits
This means that the shared secret you have configured for the JWT authenticator should be at least 256 bits long
Christian Kaps
@akkie
So if you use only ASCII characters, your shared secret should be at least 32 chars long
gobandoGH
@gobandoGH
That was. Working now. Thank you @akkie
Tudor Anastasiu
@skypper
Hey, could somebody please clarify to me how social login actually works in Silhouette. As far as I know, it uses the OAuth protocol (or OpenID) to grab the social information such as first name and last name, email, avatar url etc and then create an account in your database. How does it handle the authInfo though? Is it still based on access tokens?
Can it be adapted to work for mobile?
Thanks in advance!
ferrlin
@ferrlin
hey guys, im bumping version for project to use v6.1.0. Though, i can't seem to find artifacts for play-silhouette-persistence-reactivemongo" % "6.0.0".
Tudor Anastasiu
@skypper
Alright, seems that my previous questions didn't get an answer, so I'll ask in a different way. Is there a way to authenticate with a social provider in Silhouette given that I already have an access token?
Meaning that I did the authentication on mobile already and would like to authenticate with the server as well.
Christian Kaps
@akkie
@skypper Silhouette supports the authorization code grant. This means that it uses the client id and client secret to get an authorization code and then exchanging it for an access token. Silhouette uses the concept of an authenticator that will be passed to the client, after a successful authentication with a provider (social password, ...). On subsequent requests, the client passes this authenticator back to Silhouette to authenticate against a special resource endpoint on the server side. This authenticator can be a JWT, but it can currently only handle JWTs that are created and signed by Silhouette itself, because the internal structure of the JWT is the serialized form of the authenticator. It may be possible to create your own authenticator implementation, which can handle an access token and create an authenticator for it.
@ferrlin The play-silhouette-persistence-reactivemongo wasn't updated for the last versions of Silhouette. You can create a PR which fixes that
Tudor Anastasiu
@skypper
I'm trying to authenticate using access token from Facebook android login and I've tried the solution from here: https://discourse.silhouette.rocks/t/solved-authenticate-using-access-token-from-facebook-android-login/31/7. The code successfully creates and embeds an authenticator cookie in the response to the client, however it seems that authentication fails when I try to reach a secured endpoint using that authenticator. Could somebody point out what could be the issue? @akkie?
Christian Kaps
@akkie
Hard to say. Have you enabled the debugging log? If the cookie with the authenticator is sent in the request, there must be an message in the log that something is wrong
Tudor Anastasiu
@skypper
So /authenticateToken/facebook endpoint returns the header Set-Cookie: authenticator=1-c7ab116d120878f98e5b2.... and if I subsequently send a request to a secured endpoint it returns 401 Unauthorized and header Set-Cookie: authenticator=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Path=/.
Christian Kaps
@akkie
If your /authenticateToken/facebook endpoint returns the authenticator, then your mobile client must save this cookie and send it with every subsequent request to the Silhouette protected endpoint. Is this the case?
Tudor Anastasiu
@skypper
I'm using Postman now.
Postman is smart enough to remember the authenticator cookie and pass it to subsequent requests. It works perfectly for credentials authentication.
Tudor Anastasiu
@skypper
So far I've been able to get only this out of logging: "c.m.p.s.a.a.DefaultSecuredErrorHandler [Silhouette] Unauthenticated user trying to access '/' "
with "<logger name="com.mohiva" level="TRACE" />" inside logback.xml
Maybe there is some issue with my configuration, I've been looking at it and comparing it to other seed Silhouette projects and I still can't figure out.
Tudor Anastasiu
@skypper
I have finally debugged the problem. It didn't work because the providerKey provided by Facebook (which in the case of credentials is the email address) is a numeric value. This messed up things.
GarnicaJR
@GarnicaJR
question, silhouette supports play framework 2.8?
Christian Kaps
@akkie
Yes, the latest version of silhouette supports play 2.8
GarnicaJR
@GarnicaJR
thanks @akkie
Remi Guittaut
@remiguittaut
Hi everyone. I have a question about something which should be pretty common use-case, but I can't find any solution. When a user tries to access a protected section of the website, he's naturally redirected to sign-in / sign-up. However, in all examples I could find, once the authentication/registration is successful, he's redirected to the homepage. I would like, as it's natural for the user, that he'd redirected to the page he was requesting instead (problem generally solved by using a "returnUrl" query parameter when redirected to the sign-in page). Do you have any example of solving that problem?
Albaro Pereyra
@AlbaroPereyra
I don’t have an example of that but, I have done this before. One must save the returnUrl adding this to a cookie makes sense. Then before loading the home page look for this returnUrl parameter in the cookie if found clear the value and redirect.
Luís Campos
@LLCampos
Where can I find release notes for 7.0.0? :)
Christian Kaps
@akkie
Silhouette 7 has no new features. It's mainly a Play 2.8 update
Luís Campos
@LLCampos
Right. Is that info anywhere? :) (meaning, that it is only a Play 2.8 update)
Christian Kaps
@akkie
No, there is no release info. If you look at the migration guide, then you can see that there is nothing todo on Silhouette side expect to update the dependencies to version 7.0.0
Please let me know if you have further questions
gobandoGH
@gobandoGH
Hi, can you please advise on existing APIs that provides secure credentials saving/recovery in the android environment ?
Thank you
Christian Kaps
@akkie
Hi, could you please be a bit more detailed?
gobandoGH
@gobandoGH
Yes. In a web environment, user email and password are saved locally on the browser. I like to provide this same facility when login in android . Thanks
Christian Kaps
@akkie
Sorry, I'm not an Android developer. But there must be something
similar in Android
To store the credentials
gobandoGH
@gobandoGH
Thank you
Luís Campos
@LLCampos

Hello :)

For tests. When faking a Env based on JWTAuthenticator do I need to do anything different from what is described on https://www.silhouette.rocks/docs/testing#section-fake-environment?

I can successfully fake a Env based on SessionAuthenticator, but when I switch to JWTAuthenticator, it doesn't work anymore (as in, I start to get 401 responses in my tests), so I suspect I might be missing something.

Phillip Taylor
@PhillipTaylor
Here's a new example project I wrote on connecting Silhouette to a Keycloak backend. https://github.com/philliptaylorpro/keycloak-seed . I hope people find it useful. There's a new Provider that I think it might be nice for you to adopt. Any interest in cleaning it up and taking it into the mainline product?