mohiva/play-silhouette

Silhouette is an authentication library for Play Framework applications that supports several authentication methods, including OAuth1, OAuth2, OpenID, Credentials or custom authentication schemes.

Phillip Taylor

@PhillipTaylor

Here's a new example project I wrote on connecting Silhouette to a Keycloak backend. https://github.com/philliptaylorpro/keycloak-seed . I hope people find it useful. There's a new Provider that I think it might be nice for you to adopt. Any interest in cleaning it up and taking it into the mainline product?

Christian Kaps

@akkie

@LLCampos When using a JWTAuthenticator for the FakeRequestSilhouette uses the [FakeJWTAuthenticatorService|https://github.com/mohiva/play-silhouette/blob/master/silhouette-testkit/app/com/mohiva/play/silhouette/test/Fakes.scala#L155]. This uses a shared secret which gets randomly set every time a FakeJWTAuthenticatorService is instantiated. So you must be sure that only one environment will be used in your test.

@PhillipTaylor That would be awesome :+1:

Luís Campos

@LLCampos

Thanks, @akkie, will have a try!

patrickalexanderross

@patrickalexanderross

logging on the latest silhouette doesn't seem to work, I've tried implementing all the official play 2.8 methods(https://www.playframework.com/documentation/2.8.x/ScalaLogging), even removing logging from scc components and adding, I'm going to try using sl4j next, but thought I'd check here, as I thought logs should work out of the box, but they don't register on the command console.

patrickalexanderross

@patrickalexanderross

patrickalexanderross

@patrickalexanderross

I needed to change root level to INFO in the logback.xml config file

gavinbaumanis

@gavinbaumanis

@akkie : do you have any enthusiasm for including LDAP?
At the moment I am using;
https://github.com/pingidentity/ldapsdk

But it would be nice to have all my authentication options in the same place.
I am happy to create a simple app with the wrappers I use… But it is really “tight” in its usage: in that I am not using every feature, so it might be of limited use.

Christian Kaps

@akkie

@gavinbaumanis my spare free time goes to the framework agnostic version of Silhouette. But contributions are always welcome

gavinbaumanis

@gavinbaumanis

@akkie I am happy to provde what I have, but like I said it is not a lot. It is simply the parts “I” use - not a complete implementation of LDAP.
The ldapSDK (that I use) is an open-sourced Java library for LDAP queries.
LDAP is simply a protocol, and not a framework. Microsoft has their Active Dirrectory version, the now defunct, Novell Netware had theirs and there are plenty of Linux distros with their flavour, too. _ Perhaps - I don't think I understand your "framework agnostic” comment in this context : Sorry.
And I realise it might seem like I am just being lazy and trying to pass the work off onto someone else - but it really is a matter of skill-level, not enthusiasm.

gobandoGH

@gobandoGH

Hi @Akkie: I have a Silhouette 6.1 based project using Webjars b3. After some weeks untouched, I did some modifications to the code and was able to build, compile a few times and execute it without errors. Suddenly, the following compile error occurred:
“sbt.librarymanagement.ResolveException: unresolved dependency: com.adrianhurt#play-bootstrap_2.12;1.5-P27-B3-SNAPSHOT: not found”.
Why this error might happen ?
Appreciate your help
Thank you

It seems that I have a library search problem

after building the project, I guess

gobandoGH

@gobandoGH

Solved, @akkie. Changed to dependency to: "com.adrianhurt" %% "play-bootstrap" % "1.6-P27-B3-SNAPSHOT
I noticed your latest Silhouette Seed Template example is based on play-bootstrap 4. The AbstractAuthController class is single injected with SilhouetteControllerComponents and constructors mechanism for html´s has also changed.
What are the benefits of those changes and where I could find a migration documentation on this ?
Thank you

Serhii Dashko

@sergeda

Hello everyone. Is it possible to use this library with http4s server?

Christian Kaps

@akkie

@sergeda With minutemen/silhouette#32 it will

I currently replace the HTTP client part with sttp. Then I think it will have a good status to merge the PR. With some help, a first release would be possible in the next few months

Serhii Dashko

@sergeda

Great. Thank you @akkie Looking forward to that release

Michael Pigott

@mikepigott

Hello, I just published https://github.com/ironhorsesoftware/silhouette which is a set of Slick DAOs and Repositories for storing CasInfo, GoogleTotpInfo, OAuth1Info, OAuth2Info, OpenIDInfo, PasswordInfo, BearerTokenAuthenticator, CookieAuthenticator, and JWTAuthenticator instances in a relational database.

It’s a project that I put on hold until recently, so right now the only GitHub package is for Scala 2.12 / Play 2.7 / Silhouette 6.0

(I plan to update these in the next week or so. I’m still figuring out how to use GitHub packages effectively.)

Michael Pigott

@mikepigott

That same package is now available on the Maven Central Repository: https://search.maven.org/artifact/com.ironhorsesoftware.silhouette/silhouette-persistence_2.12/0.6.0/jar

Christian Kaps

@akkie

@mikepigott :+1:

Tudor Anastasiu

@skypper

Hey guys, check out https://github.com/skypper/play-scala-rest-boilerplate.g8, my brand new Play framework template for REST applications which heavily uses Silhouette framework. I would appreciate any feedback.

gobandoGH

@gobandoGH

Hi, it seems that akka-quartz-scheduler version in Silhouette Seed Template
should be "1.8.3-akka-2.6.x" as per enragedginger documentation For Akka 2.6.x and Scala 2.13.x.
Cheers

Christian Kaps

@akkie

@gobandoGH could you please create a PR?

gobandoGH

@gobandoGH

Done

Christian Kaps

@akkie

Thanks

gobandoGH

@gobandoGH

Hi, successful migration to Silhouette 7.0.0. No pain. Thank you

Christian Kaps

@akkie

:+1:

Szymon Smykała

@SzymonSmykala

Is there any working example for Silhouette 7.0.0 with REST controller? I found a lot of examples that are 3-4 years old and there are failing during build.

Aidar

@SunPj

@SzymonSmykala You can check out my sample project https://github.com/SunPj/silhouette-vuejs-app

Aidar

@SunPj

Oh sorry I didn't see that you need Silhouette 7.0.0. I hope I will have some free time to update my sample

Victor Paraschiv

@vicpara

@SzymonSmykala You can check out my sample project https://github.com/SunPj/silhouette-vuejs-app

sbt seems to fail loading this project. Did anyone try to run it recently ?

Aidar

@SunPj

@vicpara I saw git issue your created. It's due to using openjdk 14.0.1 try version openjdk version "1.8.0_242" it works fine. Anyway I will check it using 14 when I have some free time

gobandoGH

@gobandoGH

Hi, I am working a Silhouette based app that uses Cookies and JWT for authentication. CSFR filter are disable for JWT endpoints by the nocsfr tag.
Using Postman for testing, JWT is not authenticating in Silhouette secure endpoints leading to execution of the OnNotAuthenticated method in CustomerSecureErrorHandler class
What might I being doing wrong ?
Thank you

Aidar

@SunPj

Try to set Cookies header implicitly when using Postman

Victor Paraschiv

@vicpara

@vicpara I saw git issue your created. It's due to using openjdk 14.0.1 try version openjdk version "1.8.0_242" it works fine. Anyway I will check it using 14 when I have some free time

Thank you for clarifying. I tried to investigate myself but got stuck.

gobandoGH

@gobandoGH

@SunPj , thank you. Could you please provide an example of that ?

gobandoGH

@gobandoGH

@SunPj : Cookie authentication works fine. The issue arises only with JWT authentication of Silhouette endpoints.

Aidar

@SunPj

@vicpara Did you manage to get it working?

@gobandoGH It worked for me once I set Cookies header implicitly. (open headers tab in postman and set Cookie header using your cookies from browser). Does it make sense?

gobandoGH

@gobandoGH

@SunPj : JWT endpoints are intended for use from a Mobile phone. Works fine for unsecure endpoints, but not for secure ones. Cookies seem not having role here.
Postman returns 200 OK message, but Silhouette remain protecting the endpoint and fails with an authentication error.

Christian Kaps

@akkie

@gobandoGH have you enabled debug logging?

gobandoGH

@gobandoGH

@akkie : From Play documentation it follows that CSRF check arise when executing a POST method with an authorization header, both conditions set on the current JWT authentication issue.
Postman 403 Forbidden messages might be explained because no Cookie is provided in the request.
Disabling the CSRF filter adding nocsrf before the route, makes Postman to reply a 200 Ok message.
Enabling the logger level to TRACE in the logback file, provide the following:
[trace] p.a.m.PlayBodyParsers - Parsing AnyContent as json
[trace] p.a.m.ActionBuilder

KaTeX parse error: Can't use function '$' in math mode at position 5: anon$̲9 - Invoking ac…: anon$9 - Invoking action with request: POST /paymentToken
User not authenticated!
[trace] p.filters.CSRF - [CSRF] No check necessary
[trace] p.a.m.ActionBuilder

anon$9 - Invoking action with request: GET /signIn

Stuck here!

gobandoGH

@gobandoGH

JWT authentication working. Had a setting problem in JWT authenticator configuration.
Thank you

Glenn Liwanag

@nogurenn

Is there something like a silhouette-core module I can use for non-play projects?

Christian Kaps

@akkie

@nogurenn Yes https://github.com/minutemen/silhouette

But, work in progress.

Where communities thrive

People

Repo info

Activity