root
API
Generated with
root/play/play.api/play.api.libs/play.api.libs.crypto/CSRFTokenSigner

CSRFTokenSigner

play.api.libs.crypto.CSRFTokenSigner
See theCSRFTokenSigner companion object
trait CSRFTokenSigner

Cryptographic utilities for generating and validating CSRF tokens.

This trait should not be used as a general purpose encryption utility.

Attributes

Companion
object
Graph
Supertypes
class Object
trait Matchable
class Any
Known subtypes

Members list

Value members

Abstract methods

def compareSignedTokens(tokenA: String, tokenB: String): Boolean

Compare two signed tokens

Compare two signed tokens

Attributes

def extractSignedToken(token: String): Option[String]

Extract a signed token that was signed by signToken(String).

Extract a signed token that was signed by signToken(String).

Value parameters

token

The signed token to extract.

Attributes

Returns

The verified raw token, or None if the token isn't valid.

def generateSignedToken: String

Generates a signed token.

Generates a signed token.

Attributes

def generateToken: String

Generates a cryptographically secure token.

Generates a cryptographically secure token.

Attributes

def signToken(token: String): String

Sign a token. This produces a new token, that has this token signed with a nonce.

Sign a token. This produces a new token, that has this token signed with a nonce.

This primarily exists to defeat the BREACH vulnerability, as it allows the token to effectively be random per request, without actually changing the value.

Value parameters

token

The token to sign

Attributes

Returns

The signed token

Deprecated methods

def constantTimeEquals(a: String, b: String): Boolean

Constant time equals method.

Constant time equals method.

Given a length that both Strings are equal to, this method will always run in constant time. This prevents timing attacks.

Attributes

Deprecated

Please use java.security.MessageDigest.isEqual(a.getBytes("utf-8"), b.getBytes("utf-8")) over this method.

Generated with