Giters

t2v / play2-auth

Play2.x Authentication and Authorization module

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Using play2-auth application as oauth

marius-carp opened this issue · comments

commented

Hi I have some questions. I am trying to use my application like an oauth provider, for example I want to authenticate with myApplication to play2AuthApplication (making a POST call), what should I do to respond to myApplication with a valid PLAY2AUTH_SESS_ID (if I understood well, this is the session_id that play2-auth needs to authorize users).

Is possible to user header instead of cookie?
Is PLAY2AUTH_SESS_ID enough to access a secured action like authorizedAction(parse.json, NormalUser) from myApplication?

I'll later need to make other calls to play2AuthApplication from myApplication.
I,m using play2-auth version 0.12.0, and Redis as cache.

Thank you.

commented

Hi
play2-auth 0.12.0 can not use header instead of cookie.
However play2-auth 0.13.2 can do it 😄

play2-auth 0.13.2 intoroduce TokenAccessor.
You can create a custom TokenAccessor and override tokenAccessor in AuthConfigImpl.

default implementation is CookieTokenAccesor

There is HTTP basic authorization example here

best regard,

commented

Thanks, works great!

Though, I have another question. I moved from 0.12.0 to 0.13.2. and it says that "object authorizedAction in trait AsyncAuth is deprecated: AuthActionBuilder#AuthorizationAction should be preferred". I tried to find a substitute for this Action, couldn't find one that takes a BodyParser and an Authority.

I'm using authorizedAction, like this:

def updateUser = authorizedAction(parse.json, Admin){ auth: AuthEntity => implicit rs =>
    rs.body.validate[UpdateAccount].map {
      case c: UpdateAccount =>
        //code 
    }.recoverTotal {
      e =>
        BadRequest("Detected error" + JsError.toFlatJson(e))
    }
  }

Thank you for your time!

commented

AuthActionBuilder#AuthorizationAction takes Authority and returns an ActionBuilder
So you can write as follows

  def updateUser = AuthorizationAction(Admin)(parse.json){ implicit rs =>
    rs.body.validate[UpdateAccount].map {
      case c: UpdateAccount =>
        //code 
    }.recoverTotal {
      e =>
        BadRequest("Detected error" + JsError.toFlatJson(e))
    }
  }
commented

Thanks, this is perfect!