OAuth2 based providers

To configure OAuth2 based providers you must use the OAuth2Settings class. This class has the following form:

case class OAuth2Settings(
  authorizationURL: Option[String] = None,
  accessTokenURL: String,
  redirectURL: String,
  apiURL: Option[String] = None,
  clientID: String,
  clientSecret: String,
  scope: Option[String] = None,
  authorizationParams: Map[String, String] = Map.empty,
  accessTokenParams: Map[String, String] = Map.empty,
  customProperties: Map[String, String] = Map.empty)
PropertyDescription
authorizationURLThe authorization URL provided by the OAuth provider. This isn't needed when using Silhouette in conjunction with client side authentication frameworks
accessTokenURLThe access token URL provided by the OAuth provider
redirectURLThe redirect URL to the application after a successful authentication on the OAuth provider. The URL can be a relative path which will be resolved against the current request's host
apiURLThe URL to fetch the profile from the API. Can be used to override the default URL hardcoded in every provider implementation.
clientIDThe client ID provided by the OAuth provider
clientSecretThe client secret provided by the OAuth provider
scopeThe OAuth2 scope parameter provided by the OAuth provider
authorizationParamsAdditional params to add to the authorization request
accessTokenParamsAdditional params to add to the access token request
customPropertiesA map of custom properties for the different providers

Redirect URL

The redirectURL must point to your action which is responsible for the authentication over your defined providers. So if you define the following route as example:

GET  /authenticate/:provider  @controllers.SocialAuthController.authenticate(provider)

Then your redirectURL must have the following format:

redirectURL="https://your.domain.tld/authenticate/facebook"

Example

auth0 {
  authorizationURL="https://*.auth0.com/authorize"
  accessTokenURL="https://*.auth0.com/oauth/token"
  apiURL="https://*.auth0.com/userinfo"
  redirectURL="https://your.domain.tld/authenticate/auth0"
  clientID="your.client.id"
  clientSecret="your.client.secret"
}

clef {
  accessTokenURL="https://clef.io/api/v1/authorize"
  redirectURL="https://your.domain.tld/authenticate/clef"
  clientID="your.client.id"
  clientSecret="your.client.secret"
}

dropbox {
  authorizationURL="https://www.dropbox.com/1/oauth2/authorize"
  accessTokenURL="https://api.dropbox.com/1/oauth2/token"
  redirectURL="https://your.domain.tld/authenticate/dropbox"
  clientID="your.client.id"
  clientSecret="your.client.secret"
}

facebook {
  authorizationURL="https://graph.facebook.com/v2.3/oauth/authorize"
  accessTokenURL="https://graph.facebook.com/v2.3/oauth/access_token"
  redirectURL="https://your.domain.tld/authenticate/facebook"
  clientID="your.client.id"
  clientSecret="your.client.secret"
  scope=email
}

foursquare {
  authorizationURL="https://foursquare.com/oauth2/authenticate"
  accessTokenURL="https://foursquare.com/oauth2/access_token"
  redirectURL="https://your.domain.tld/authenticate/foursquare"
  clientID="your.client.id"
  clientSecret="your.client.secret"
}

github {
  authorizationURL="https://github.com/login/oauth/authorize"
  accessTokenURL="https://github.com/login/oauth/access_token"
  redirectURL="https://your.domain.tld/authenticate/github"
  clientID="your.client.id"
  clientSecret="your.client.secret"
}

gitlab {
  authorizationURL="https://gitlab.com/oauth/authorize"
  accessTokenURL="https://gitlab.com/oauth/token"
  redirectURL="https://your.domain.tld/authenticate/gitlab"
  clientID="your.client.id"
  clientSecret="your.client.secret"
  scope="api"
}

google {
  authorizationURL="https://accounts.google.com/o/oauth2/auth"
  accessTokenURL="https://accounts.google.com/o/oauth2/token"
  redirectURL="https://your.domain.tld/authenticate/google"
  clientID="your.client.id"
  clientSecret="your.client.secret"
  scope="profile email"
}

instagram {
  authorizationURL="https://api.instagram.com/oauth/authorize"
  accessTokenURL="https://api.instagram.com/oauth/access_token"
  redirectURL="https://your.domain.tld/authenticate/instagram"
  clientID="your.client.id"
  clientSecret="your.client.secret"
}

linkedin {
  authorizationURL="https://www.linkedin.com/uas/oauth2/authorization"
  accessTokenURL="https://www.linkedin.com/uas/oauth2/accessToken"
  redirectURL="https://your.domain.tld/authenticate/linkedin"
  clientID="your.client.id"
  clientSecret="your.client.secret"
}

vk {
  authorizationURL="http://oauth.vk.com/authorize"
  accessTokenURL="https://oauth.vk.com/access_token"
  redirectURL="https://your.domain.tld/authenticate/vk"
  clientID="your.client.id"
  clientSecret="your.client.secret"
  scope="email"
}

auth0 {
  authorizationURL="https://mydomain.eu.auth0.com/authorize"
  accessTokenURL="https://mydomain.eu.auth0.com/oauth/token"
  apiURL="https://mydomain.eu.auth0.com/userinfo"
  redirectURL="https://your.domain.tld/authenticate/auth0"
  clientID="your.client.id"
  clientSecret="your.client.secret"
  scope="openid name email picture"
}

To get the clientId/clientSecret keys you need to log into the developer site of each service and register your application.

Override the configuration locally

Basically the configuration of the providers will be done globally on provider instantiation. But in some circumstances it is necessary to override this globally configuration with other values. This can be done with the withSettings method that every SocialProvider has implemented. The withSettings methods accepts a function which gets the current configuration as parameter and which must return a new configuration.

provider.withSettings { config =>
  config.copy("new-value")
}.authenticate()

What’s Next