These docs are for v2.0. Click to read the latest docs for v7.0.

OAuth2 state

CookieState

To configure the CookieState provider you must use the CookieStateSettings class. This class has the following form:

case class CookieStateSettings(
  cookieName: String = "OAuth2State",
  cookiePath: String = "/",
  cookieDomain: Option[String] = None,
  secureCookie: Boolean = Play.isProd,
  httpOnlyCookie: Boolean = true,
  expirationTime: Int = 5 * 60)

Property

Description

cookieName

The cookie name

cookiePath

The cookie path

cookieDomain

The cookie domain

secureCookie

Whether this cookie is secured, sent only for HTTPS requests. Default to sending only for HTTPS in production, but not for development and test

httpOnlyCookie

Whether this cookie is HTTP only, i.e. not accessible from client-side JavaScript code

expirationTime

State expiration. Defaults to 5 minutes which provides sufficient time to log in, but not too much. This is a balance between convenience and security