Authenticators
CookieAuthenticator
To configure the CookieAuthenticator service you must use the CookieAuthenticatorSettings class. This class has the following form:
case class CookieAuthenticatorSettings(
cookieName: String = "id",
cookiePath: String = "/",
cookieDomain: Option[String] = None,
secureCookie: Boolean = Play.isProd,
httpOnlyCookie: Boolean = true,
useFingerprinting: Boolean = true,
cookieMaxAge: Option[Int] = Some(12 * 60 * 60),
authenticatorIdleTimeout: Option[Int] = Some(30 * 60),
authenticatorExpiry: Int = 12 * 60 * 60)
| Property | Description |
|---|---|
cookieName | The cookie name |
cookiePath | The cookie path |
cookieDomain | The cookie domain |
secureCookie | Whether this cookie is secured, sent only for HTTPS requests. Default to sending only for HTTPS in production, but not for development and test |
httpOnlyCookie | Whether this cookie is HTTP only, i.e. not accessible from client-side JavaScript code |
useFingerprinting | Indicates if a fingerprint of the user should be stored in the authenticator |
cookieMaxAge | The cookie expiration date in seconds, None for a transient cookie. Defaults to 12 hours |
authenticatorIdleTimeout | The time in seconds an authenticator can be idle before it timed out. Defaults to 30 minutes |
authenticatorExpiry | The expiry of the authenticator in seconds. Defaults to 12 hours |
SessionAuthenticator
To configure the SessionAuthenticator service you must use the SessionAuthenticatorSettings class. This class has the following form:
case class SessionAuthenticatorSettings(
sessionKey: String = "authenticator",
encryptAuthenticator: Boolean = true,
useFingerprinting: Boolean = true,
authenticatorIdleTimeout: Option[Int] = Some(30 * 60),
authenticatorExpiry: Int = 12 * 60 * 60)
| Property | Description |
|---|---|
sessionKey | The key of the authenticator in the session |
encryptAuthenticator | Indicates if the authenticator should be encrypted in session |
useFingerprinting | Indicates if a fingerprint of the user should be stored in the |
authenticatorIdleTimeout | The time in seconds an authenticator can be idle before it timed out. Defaults to 30 minutes |
authenticatorExpiry | The expiry of the authenticator in seconds. Defaults to 12 hours |
BearerTokenAuthenticator
To configure the BearerTokenAuthenticator service you must use the BearerTokenAuthenticatorSettings class. This class has the following form:
case class BearerTokenAuthenticatorSettings(
headerName: String = "X-Auth-Token",
authenticatorIdleTimeout: Option[Int] = Some(30 * 60),
authenticatorExpiry: Int = 12 * 60 * 60)
| Property | Description |
|---|---|
headerName | The name of the header in which the token will be transfered |
authenticatorIdleTimeout | The time in seconds an authenticator can be idle before it timed out. Defaults to 30 minutes |
authenticatorExpiry | The expiry of the authenticator in seconds. Defaults to 12 hours |
JWTAuthenticator
To configure the JWTAuthenticator service you must use the JWTAuthenticatorSettings
class. This class has the following form:
case class JWTAuthenticatorSettings(
headerName: String = "X-Auth-Token",
issuerClaim: String = "play-silhouette",
encryptSubject: Boolean = true,
authenticatorIdleTimeout: Option[Int] = None,
authenticatorExpiry: Int = 12 * 60 * 60,
sharedSecret: String)
| Property | Description |
|---|---|
headerName | The name of the header in which the token will be transfered |
issuerClaim | The issuer claim identifies the principal that issued the JWT |
encryptSubject | Indicates if the subject should be encrypted in JWT |
authenticatorIdleTimeout | The time in seconds an authenticator can be idle before it timed out. This feature is disabled by default to prevent the generation of a new JWT on every request |
authenticatorExpiry | The expiry of the authenticator in seconds. Defaults to 12 hours |
sharedSecret | The shared secret to sign the JWT |
Updated less than a minute ago