Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Jun 22 2020 01:20
    asazernik commented #579
  • Jun 22 2020 01:07
    asazernik edited #579
  • Jun 22 2020 01:01
    asazernik opened #579
  • May 04 2020 11:09

    akkie on gh-pages

    updated site (compare)

  • May 04 2020 10:58

    akkie on gh-pages

    updated site (compare)

  • May 04 2020 10:56

    akkie on gh-pages

    updated site (compare)

  • May 04 2020 10:45

    akkie on master

    Fixed Auth0ProfileParser to get… (compare)

  • May 04 2020 10:45
    akkie closed #578
  • May 04 2020 10:44
    akkie commented #578
  • May 03 2020 03:23
    coveralls commented #578
  • May 03 2020 03:02
    ymotchi opened #578
  • Feb 27 2020 17:45
    rorygraves commented #569
  • Feb 27 2020 16:39

    akkie on gh-pages

    updated site (compare)

  • Feb 27 2020 16:33

    akkie on gh-pages

    updated site (compare)

  • Feb 27 2020 16:30
    akkie closed #569
  • Feb 27 2020 16:30
    akkie commented #569
  • Feb 27 2020 16:28

    akkie on 7.0.0

    (compare)

  • Feb 27 2020 16:25

    akkie on master

    Release version 7.0.0 (compare)

  • Feb 10 2020 19:05
    akkie commented #569
  • Feb 10 2020 19:04

    akkie on 7.0.0-RC1

    (compare)

Wally Baggaley
@walbag
After rereading the OIDC spec, I do note that the format of Access Tokens is not specified and that verification is specified as using an at_hash field, if present, in the ID token. Though not part of the spec, it is customary to use a JWT for an Access Token, making it possible to validate the Access Token directly with a known public key, which is the intent of this change.
Wally Baggaley
@walbag
Just to clarify, Play would be the resource server in this case.
gobandoGH
@gobandoGH
JWT authentication is fully supported in Silhouette. There are plenty of examples and projects using JWT token. I just have used myself in a project that combines Cookie and JWT authentication in the same app without issues.
Silhouette provides the ability to secure endpoints by using several authentication methods which save a lot of boilerplate code in doing it so. @maxwellmattryan: I suggest to carefully check your code against Silhouette documentation. I have found this kind of problems coming from configuration errors most of the time.
Wally Baggaley
@walbag
Well, I ended up creating a RequestProvider (as authentication was required by the framework -- though from the outside it might seem this could be avoided) and an Authorization for this -- in case someone else comes across this and needs the same at least these pointers might help. Thanks!
Johannes Ebbighausen
@johannes-ebbighausen
Hi,
I'm copying from the vue-js starter. I'm using a SessionAuthenticator, but after SignOut the old session is still valid and able to access a secured endpoint. What am I missing?
Andrey Ladniy
@AndreyLadniy
Hi, what is the main reason for storing loginInfo against userId in JWTAuthenticator? If several login forms used (password, phone, sosial accounts) by one user, it doesn't matter how he logged in. It is enough to save its ID in the token.
Andrey Ladniy
@AndreyLadniy
As I understand it correctly, loginInfois used to get identity for every request. WHY?! JWT is designed to stateless server side, it can store frequently used information, including the ID in contrast for simple unique tokens.
Andrey Ladniy
@AndreyLadniy
If I try implement one service as authentication service that returns JWT, the second service as a resource service without any authentication info and only depends on the JWT information, it can not be implemented with play-silhouette?
David Bouyssié
@david-bouyssie
Hi there. I would like to define my Identity based class as a value class (extends AnyVal). But it's not possible since the Identity trait doesn't extend Any. Do you think this could be changed in a future version?
totibi
@totibi
Hello.
Is there any examples Single-sign-on authentication (kerber) povered by silhouette? Application should recognise person somehow by kerberos, we have they logins in base, but how extract information and pass along is not clear. We allready using silhoutte for auth, but looking for "silhoutte kerberos" there is nothing... Can't get why
David Bouyssié
@david-bouyssie
@totibi I have never used Kerberos and I'm not sure to understand your issue but I think you can easilly implement your own DAO: https://github.com/mohiva/play-silhouette-seed/blob/master/app/models/daos/UserDAOImpl.scala
totibi
@totibi
@david-bouyssie thx for answer! I'm really can implement UserDAO, but real issue is: how to get login info provided by kerber to my application and save it on client side.
David Bouyssié
@david-bouyssie
@totibi maybe you can use cookies to serialize some keberos related stuffs, but I fear I'm lacking knowledge in this area to provide appropriate answers
JulianPani
@julian-pani
@AndreyLadniy you can disable the check against the loginInfo and manage the JWT completely stateless. However, therr are some uaes
@AndreyLadniy ... However in somw use cases its useful to save the tokens state, for example to be able to deactivate tokena immediately (instead of waiting for them to expire). Depends on your use case.
Andrey Ladniy
@AndreyLadniy
@julian-pani if I understand correctly , I can't disable disable it
RequestHandlerBuilder

protected def handleAuthentication[B](implicit request: Request[B]): Future[(Option[Either[E#A, E#A]], Option[E#I])] = {
    environment.authenticatorService.retrieve.flatMap {
      // A valid authenticator was found so we retrieve also the identity
      case Some(a) if a.isValid  => environment.identityService.retrieve(a.loginInfo).map(i => Some(Left(a)) -> i)
JulianPani
@julian-pani

@AndreyLadniy I see what you mean.
Maybe other people here can help better, but here are my thoughts.

One idea you could use is to create a custom action that extends SecuredAction and does not require login info... by changing this part in SecuredAction#invokeBlock:

      // An authenticator but no user was found. The request will ask for authentication and the authenticator will be discarded
      case (Some(authenticator), None, _) =>

In a previous job I used two different setups. Sharing in case it helps.
In one setup, I used Silohuette as a "login/auth server" and then other microservices just validated the JWT tokens using a shared key with the login server. The other servers didn't have sillohuette - they used a scala jwt library to decode and validate the tokens using a custom Play action I created.
In another setup, I wasn't expecting high traffic, so I implemented the "login/auth service" as a REST api and had a sort of proxy that validated every external request against the auth server before redirecting to the destination microservice.

Andrey Ladniy
@AndreyLadniy

I try implement Bearer token (as refresh) and JWT (as access token). So I implement two Environments. Problem with disabling I solve = :

IdentityService

override def retrieve(loginInfo: LoginInfo): Future[Option[String]] = {
    Future.successful(Some(loginInfo.providerKey))
  }

but when I try store JWT in httpOnly secured cookie, I understand something going wrong, so JWTbyCookieAuthenticationService needed and so on.
I'm already leaning towards the number one solution like yours. The resource server does not need a large Silhouette library.

Coline Thomas
@colineto
I everyone, I’m using SocialProviderRegistry to connect with google and was wondering if there was a way to pass a state when requesting the authentication. because I have different pages calling for that google auth and would like to know which one did
Coline Thomas
@colineto
Okay got my answer from documentation :)
Nicolas Bétheuil
@wadouk
Hi, I try to override the fields in a silhouette cookie to override the domain to set from tld of host instead of the configured one in play session, tried with Filters but it's done twice
Christian Kaps
@akkie
@wadouk you can set the cookie params per Silhouette config: https://www.silhouette.rocks/docs/config-authenticators
epot
@epot
does anyone have a working client side authentication example with google? I had something that worked before but is broken at the moment
I am hitting CORS issues (more details at the end of https://discourse.silhouette.rocks/t/cross-origin-issues-in-jwt-auth/358/8)
epot
@epot
I just tried the angularjs seed out of curiosity but it's broken, as it's relying on a legacy google api :(
chaallengerr
@chaallengerr

@akkie the second snippet (without using the type parameter [T]) does compile but it gives an Error. The same error is thrown when using the type parameter [T]. 

[error] application - 

! @7cm23k6mg - Internal server error, for (GET) [/] ->

play.api.UnexpectedException: Unexpected exception[CreationException: Unable to create injector, see the following errors:

1) No implementation for scala.reflect.ClassTag<com.mohiva.play.silhouette.api.util.PasswordInfo> was bound.
  while locating scala.reflect.ClassTag<com.mohiva.play.silhouette.api.util.PasswordInfo>
    for the 3rd parameter of daos.password.PasswordDAO.<init>(PasswordDAO.scala:18)
  at modules.SilhouetteModule.configure(SilhouetteModule.scala:78) (via modules: com.google.inject.util.Modules$OverrideModule -> modules.SilhouetteModule)

I have run to the very exact same problem. How did you end up solving it? Do you mind sending a code snippet, please?

class PersistedAuthInfoDAO @Inject() (db: Database)
(implicit executionContext: DatabaseExecutionContext, 
implicit val classTag: ClassTag[PasswordInfo]) 
extends DelegableAuthInfoDAO[PasswordInfo] {
chaallengerr
@chaallengerr
Then in SilhouetteModule 
@Provides
  def providesAuthInfoDAO(authInfoDAO: PersistedAuthInfoDAO, classTag: ClassTag[PasswordInfo])(

    implicit
    ex: ExecutionContext): DelegableAuthInfoDAO[PasswordInfo] = {
    authInfoDAO
  }
chaallengerr
@chaallengerr
I ended up solving the problem like this 
@Provides
  def providesAuthInfoDAO(db: Database)(
                          implicit ex: DatabaseExecutionContext): DelegableAuthInfoDAO[PasswordInfo] = {
    new PersistedAuthInfoDAO(db)
  }