OAuth2 based providers
To configure OAuth2 based providers you must use the OAuth2Settings class. This class has the following form:
case class OAuth2Settings(
authorizationURL: Option[String] = None,
accessTokenURL: String,
redirectURL: String,
apiURL: Option[String] = None,
clientID: String,
clientSecret: String,
scope: Option[String] = None,
authorizationParams: Map[String, String] = Map.empty,
accessTokenParams: Map[String, String] = Map.empty,
customProperties: Map[String, String] = Map.empty)
| Property | Description |
|---|---|
authorizationURL | The authorization URL provided by the OAuth provider. This isn't needed when using Silhouette in conjunction with client side authentication frameworks |
accessTokenURL | The access token URL provided by the OAuth provider |
redirectURL | The redirect URL to the application after a successful authentication on the OAuth provider. The URL can be a relative path which will be resolved against the current request's host |
apiURL | The URL to fetch the profile from the API. Can be used to override the default URL hardcoded in every provider implementation. |
clientID | The client ID provided by the OAuth provider |
clientSecret | The client secret provided by the OAuth provider |
scope | The OAuth2 scope parameter provided by the OAuth provider |
authorizationParams | Additional params to add to the authorization request |
accessTokenParams | Additional params to add to the access token request |
customProperties | A map of custom properties for the different providers |
Redirect URL
The redirectURL must point to your action which is responsible for the authentication over your defined providers. So if you define the following route as example:
GET /authenticate/:provider @controllers.SocialAuthController.authenticate(provider)
Then your redirectURL must have the following format:
redirectURL="https://your.domain.tld/authenticate/facebook"
Example
auth0 {
authorizationURL="https://*.auth0.com/authorize"
accessTokenURL="https://*.auth0.com/oauth/token"
apiURL="https://*.auth0.com/userinfo"
redirectURL="https://your.domain.tld/authenticate/auth0"
clientID="your.client.id"
clientSecret="your.client.secret"
}
clef {
accessTokenURL="https://clef.io/api/v1/authorize"
redirectURL="https://your.domain.tld/authenticate/clef"
clientID="your.client.id"
clientSecret="your.client.secret"
}
dropbox {
authorizationURL="https://www.dropbox.com/1/oauth2/authorize"
accessTokenURL="https://api.dropbox.com/1/oauth2/token"
redirectURL="https://your.domain.tld/authenticate/dropbox"
clientID="your.client.id"
clientSecret="your.client.secret"
}
facebook {
authorizationURL="https://graph.facebook.com/v2.3/oauth/authorize"
accessTokenURL="https://graph.facebook.com/v2.3/oauth/access_token"
redirectURL="https://your.domain.tld/authenticate/facebook"
clientID="your.client.id"
clientSecret="your.client.secret"
scope=email
}
foursquare {
authorizationURL="https://foursquare.com/oauth2/authenticate"
accessTokenURL="https://foursquare.com/oauth2/access_token"
redirectURL="https://your.domain.tld/authenticate/foursquare"
clientID="your.client.id"
clientSecret="your.client.secret"
}
github {
authorizationURL="https://github.com/login/oauth/authorize"
accessTokenURL="https://github.com/login/oauth/access_token"
redirectURL="https://your.domain.tld/authenticate/github"
clientID="your.client.id"
clientSecret="your.client.secret"
}
gitlab {
authorizationURL="https://gitlab.com/oauth/authorize"
accessTokenURL="https://gitlab.com/oauth/token"
redirectURL="https://your.domain.tld/authenticate/gitlab"
clientID="your.client.id"
clientSecret="your.client.secret"
scope="api"
}
google {
authorizationURL="https://accounts.google.com/o/oauth2/auth"
accessTokenURL="https://accounts.google.com/o/oauth2/token"
redirectURL="https://your.domain.tld/authenticate/google"
clientID="your.client.id"
clientSecret="your.client.secret"
scope="profile email"
}
instagram {
authorizationURL="https://api.instagram.com/oauth/authorize"
accessTokenURL="https://api.instagram.com/oauth/access_token"
redirectURL="https://your.domain.tld/authenticate/instagram"
clientID="your.client.id"
clientSecret="your.client.secret"
}
linkedin {
authorizationURL="https://www.linkedin.com/uas/oauth2/authorization"
accessTokenURL="https://www.linkedin.com/uas/oauth2/accessToken"
redirectURL="https://your.domain.tld/authenticate/linkedin"
clientID="your.client.id"
clientSecret="your.client.secret"
}
vk {
authorizationURL="http://oauth.vk.com/authorize"
accessTokenURL="https://oauth.vk.com/access_token"
redirectURL="https://your.domain.tld/authenticate/vk"
clientID="your.client.id"
clientSecret="your.client.secret"
scope="email"
}
auth0 {
authorizationURL="https://mydomain.eu.auth0.com/authorize"
accessTokenURL="https://mydomain.eu.auth0.com/oauth/token"
apiURL="https://mydomain.eu.auth0.com/userinfo"
redirectURL="https://your.domain.tld/authenticate/auth0"
clientID="your.client.id"
clientSecret="your.client.secret"
scope="openid name email picture"
}
To get the clientId/clientSecret keys you need to log into the developer site of each service and register your application.
Override the configuration locally
Basically the configuration of the providers will be done globally on provider instantiation. But in some circumstances it is necessary to override this globally configuration with other values. This can be done with the withSettings method that every SocialProvider has implemented. The withSettings methods accepts a function which gets the current configuration as parameter and which must return a new configuration.
provider.withSettings { config =>
config.copy("new-value")
}.authenticate()
Updated less than a minute ago
What’s Next