Type Members

1.  case class BearerTokenAuthenticator(id: String, loginInfo: LoginInfo, lastUsedDateTime: ZonedDateTime, expirationDateTime: ZonedDateTime, idleTimeout: Option[FiniteDuration]) extends StorableAuthenticator with ExpirableAuthenticator with Product with Serializable

   An authenticator that uses a header based approach with the help of a bearer token.

   An authenticator that uses a header based approach with the help of a bearer token. It works by transporting a token in a user defined header to track the authenticated user and a server side backing store that maps the token to an authenticator instance.

   The authenticator can use sliding window expiration. This means that the authenticator times out after a certain time if it wasn't used. This can be controlled with the idleTimeout property.

   Note: If deploying to multiple nodes the backing store will need to synchronize.

   id

   The authenticator ID.

   loginInfo

   The linked login info for an identity.

   lastUsedDateTime

   The last used date/time.

   expirationDateTime

   The expiration date/time.

   idleTimeout

   The duration an authenticator can be idle before it timed out.

2.  class BearerTokenAuthenticatorService extends AuthenticatorService[BearerTokenAuthenticator] with api.Logger

   The service that handles the bearer token authenticator.

3.  case class BearerTokenAuthenticatorSettings(fieldName: String = "X-Auth-Token", requestParts: Option[Seq[api.util.RequestPart.Value]] = Some(Seq(RequestPart.Headers)), authenticatorIdleTimeout: Option[FiniteDuration] = None, authenticatorExpiry: FiniteDuration = 12.hours) extends Product with Serializable

   The settings for the bearer token authenticator.

   The settings for the bearer token authenticator.

   fieldName

   The name of the field in which the token will be transferred in any part of the request.

   requestParts

   Some request parts from which a value can be extracted or None to extract values from any part of the request.

   authenticatorIdleTimeout

   The duration an authenticator can be idle before it timed out.

   authenticatorExpiry

   The duration an authenticator expires after it was created.

4.  case class CookieAuthenticator(id: String, loginInfo: LoginInfo, lastUsedDateTime: ZonedDateTime, expirationDateTime: ZonedDateTime, idleTimeout: Option[FiniteDuration], cookieMaxAge: Option[FiniteDuration], fingerprint: Option[String]) extends StorableAuthenticator with ExpirableAuthenticator with Product with Serializable

   An authenticator that uses a stateful as well as stateless, cookie based approach.

   An authenticator that uses a stateful as well as stateless, cookie based approach.

   It works either by storing an ID in a cookie to track the authenticated user and a server side backing store that maps the ID to an authenticator instance or by a stateless approach that stores the authenticator in a serialized form directly into the cookie. The stateless approach could also be named “server side session”.

   The authenticator can use sliding window expiration. This means that the authenticator times out after a certain time if it wasn't used. This can be controlled with the idleTimeout property.

   With this authenticator it's possible to implement "Remember Me" functionality. This can be achieved by updating the expirationDateTime, idleTimeout or cookieMaxAge properties of this authenticator after it was created and before it gets initialized.

   Note: If deploying to multiple nodes the backing store will need to synchronize.

   id

   The authenticator ID.

   loginInfo

   The linked login info for an identity.

   lastUsedDateTime

   The last used date/time.

   expirationDateTime

   The expiration date/time.

   idleTimeout

   The duration an authenticator can be idle before it timed out.

   cookieMaxAge

   The duration a cookie expires. None for a transient cookie.

   fingerprint

   Maybe a fingerprint of the user.

5.  class CookieAuthenticatorService extends AuthenticatorService[CookieAuthenticator] with api.Logger

   The service that handles the cookie authenticator.

   The service that handles the cookie authenticator.

   Annotations

   @SuppressWarnings()

6.  case class CookieAuthenticatorSettings(cookieName: String = "id", cookiePath: String = "/", cookieDomain: Option[String] = None, secureCookie: Boolean = true, httpOnlyCookie: Boolean = true, sameSite: Option[SameSite] = Some(Cookie.SameSite.Lax), useFingerprinting: Boolean = true, cookieMaxAge: Option[FiniteDuration] = None, authenticatorIdleTimeout: Option[FiniteDuration] = None, authenticatorExpiry: FiniteDuration = 12.hours) extends Product with Serializable

   The settings for the cookie authenticator.

   The settings for the cookie authenticator.

   cookieName

   The cookie name.

   cookiePath

   The cookie path.

   cookieDomain

   The cookie domain.

   secureCookie

   Whether this cookie is secured, sent only for HTTPS requests.

   httpOnlyCookie

   Whether this cookie is HTTP only, i.e. not accessible from client-side JavaScript code.

   sameSite

   The SameSite attribute for this cookie (for CSRF protection).

   useFingerprinting

   Indicates if a fingerprint of the user should be stored in the authenticator.

   cookieMaxAge

   The duration a cookie expires. None for a transient cookie.

   authenticatorIdleTimeout

   The duration an authenticator can be idle before it timed out.

   authenticatorExpiry

   The duration an authenticator expires after it was created.

7.  final case class DummyAuthenticator(loginInfo: LoginInfo) extends Authenticator with Product with Serializable

   An authenticator that can be used if a client doesn't need an authenticator to track a user.

   An authenticator that can be used if a client doesn't need an authenticator to track a user. This can be useful for request providers, because authentication may occur here on every request to a protected resource.

   loginInfo

   The linked login info for an identity.

8.  class DummyAuthenticatorService extends AuthenticatorService[DummyAuthenticator]

   The service that handles the dummy token authenticator.

9.  case class JWTAuthenticator(id: String, loginInfo: LoginInfo, lastUsedDateTime: ZonedDateTime, expirationDateTime: ZonedDateTime, idleTimeout: Option[FiniteDuration], customClaims: Option[JsObject] = None) extends StorableAuthenticator with ExpirableAuthenticator with Product with Serializable

   An authenticator that uses a header based approach with the help of a JWT.

   An authenticator that uses a header based approach with the help of a JWT. It works by using a JWT to transport the authenticator data inside a user defined header. It can be stateless with the disadvantages that the JWT can't be invalidated.

   The authenticator can use sliding window expiration. This means that the authenticator times out after a certain time if it wasn't used. This can be controlled with the idleTimeout property. If this feature is activated then a new token will be generated on every update. Make sure your application can handle this case.

   id

   The authenticator ID.

   loginInfo

   The linked login info for an identity.

   lastUsedDateTime

   The last used date/time.

   expirationDateTime

   The expiration date/time.

   idleTimeout

   The duration an authenticator can be idle before it timed out.

   customClaims

   Custom claims to embed into the token.

   See also

   http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#Claims

   https://developer.atlassian.com/static/connect/docs/concepts/understanding-jwt.html

10.  class JWTAuthenticatorService extends AuthenticatorService[JWTAuthenticator] with api.Logger

    The service that handles the JWT authenticator.

    The service that handles the JWT authenticator.

    If the authenticator DAO is deactivated then a stateless approach will be used. But note that you will loose the possibility to invalidate a JWT.

11.  case class JWTAuthenticatorSettings(fieldName: String = "X-Auth-Token", requestParts: Option[Seq[api.util.RequestPart.Value]] = Some(Seq(RequestPart.Headers)), issuerClaim: String = "play-silhouette", authenticatorIdleTimeout: Option[FiniteDuration] = None, authenticatorExpiry: FiniteDuration = 12.hours, valueParser: ValueParser = DefaultValueParser, sharedSecret: String) extends Product with Serializable

    The settings for the JWT authenticator.

    The settings for the JWT authenticator.

    fieldName

    The name of the field in which the token will be transferred in any part of the request.

    requestParts

    Some request parts from which a value can be extracted or None to extract values from any part of the request.

    issuerClaim

    The issuer claim identifies the principal that issued the JWT.

    authenticatorIdleTimeout

    The duration an authenticator can be idle before it timed out.

    authenticatorExpiry

    The duration an authenticator expires after it was created.

    valueParser

    A parser that transforms the raw extracted value (e.g., from headers or query string) into a usable token. This is useful for handling formats such as Authorization: Bearer <token>. Defaults to play.silhouette.api.util.DefaultValueParser, which returns the raw string as-is. To support Bearer tokens, use play.silhouette.api.util.BearerValueParser.

    sharedSecret

    The shared secret to sign the JWT.

12.  case class SessionAuthenticator(loginInfo: LoginInfo, lastUsedDateTime: ZonedDateTime, expirationDateTime: ZonedDateTime, idleTimeout: Option[FiniteDuration], fingerprint: Option[String]) extends Authenticator with ExpirableAuthenticator with Product with Serializable

    An authenticator that uses a stateless, session based approach.

    An authenticator that uses a stateless, session based approach. It works by storing a serialized authenticator instance in the Play Framework session cookie.

    The authenticator can use sliding window expiration. This means that the authenticator times out after a certain time if it wasn't used. This can be controlled with the idleTimeout property.

    loginInfo

    The linked login info for an identity.

    lastUsedDateTime

    The last used date/time.

    expirationDateTime

    The expiration date/time.

    idleTimeout

    The duration an authenticator can be idle before it timed out.

    fingerprint

    Maybe a fingerprint of the user.

13.  class SessionAuthenticatorService extends AuthenticatorService[SessionAuthenticator] with api.Logger

    The service that handles the session authenticator.

14.  case class SessionAuthenticatorSettings(sessionKey: String = "authenticator", useFingerprinting: Boolean = true, authenticatorIdleTimeout: Option[FiniteDuration] = None, authenticatorExpiry: FiniteDuration = 12.hours) extends Product with Serializable

    The settings for the session authenticator.

    The settings for the session authenticator.

    sessionKey

    The key of the authenticator in the session.

    useFingerprinting

    Indicates if a fingerprint of the user should be stored in the authenticator.

    authenticatorIdleTimeout

    The duration an authenticator can be idle before it timed out.

    authenticatorExpiry

    The duration an authenticator expires after it was created.