root
API
Generated with
root/play/play.api/play.api.libs/play.api.libs.crypto/CSRFTokenSigner

CSRFTokenSigner

play.api.libs.crypto.CSRFTokenSigner
trait CSRFTokenSigner

Cryptographic utilities for generating and validating CSRF tokens.

This trait should not be used as a general purpose encryption utility.

Attributes

Graph
Supertypes
class Object
trait Matchable
class Any
Known subtypes

Members list

Value members

Abstract methods

def compareSignedTokens(tokenA: String, tokenB: String): Boolean

Compare two signed tokens

Compare two signed tokens

Attributes

def extractSignedToken(token: String): Option[String]

Extract a signed token that was signed by signToken(String).

Extract a signed token that was signed by signToken(String).

Value parameters

token

The signed token to extract.

Attributes

Returns

The verified raw token, or None if the token isn't valid.

def generateSignedToken: String

Generates a signed token.

Generates a signed token.

Attributes

def generateToken: String

Generates a cryptographically secure token.

Generates a cryptographically secure token.

Attributes

def signToken(token: String): String

Sign a token. This produces a new token, that has this token signed with a nonce.

Sign a token. This produces a new token, that has this token signed with a nonce.

This primarily exists to defeat the BREACH vulnerability, as it allows the token to effectively be random per request, without actually changing the value.

Value parameters

token

The token to sign

Attributes

Returns

The signed token

Generated with