play-v30
API
Generated with
play-v30/com.gu.googleauth

com.gu.googleauth

package com.gu.googleauth

Members list

Packages

package com.gu.googleauth.internal

Type members

Classlikes

object Actions

Attributes

Supertypes
class Object
trait Matchable
class Any
Self type
Actions.type
case class AntiForgeryChecker(secretsProvider: SnapshotProvider, signatureAlgorithm: SignatureAlgorithm, sessionIdKeyName: String) extends Logging

When the OAuth callback returns to our app, we need to ensure that this is the end of a valid authentication sequence that we initiated, and not a forged redirect. Rather than use a nonce, we use a signed session id in a short-lifetime Json Web Token, allowing us to cope better with concurrent authentication requests from the same browser session.

When the OAuth callback returns to our app, we need to ensure that this is the end of a valid authentication sequence that we initiated, and not a forged redirect. Rather than use a nonce, we use a signed session id in a short-lifetime Json Web Token, allowing us to cope better with concurrent authentication requests from the same browser session.

"One good choice for a state token is a string of 30 or so characters constructed using a high-quality random-number generator. Another is a hash generated by signing some of your session state variables with a key that is kept secret on your back-end."

The design here is partially based on a IETF draft for "Encoding claims in the OAuth 2 state parameter ...": https://tools.ietf.org/html/draft-bradley-oauth-jwt-encoded-state-01

Value parameters

secretsProvider

see https://github.com/guardian/play-secret-rotation

signatureAlgorithm

defaults to a sensible value, but you can consider using AntiForgeryChecker#signatureAlgorithmFromPlay

Attributes

Companion
object
Supertypes
trait Serializable
trait Product
trait Equals
trait Logging
class Object
trait Matchable
class Any
Show all
object AntiForgeryChecker

Attributes

Companion
class
Supertypes
trait Product
trait Mirror
class Object
trait Matchable
class Any
Self type
object AuthAction

Attributes

Companion
class
Supertypes
class Object
trait Matchable
class Any
Self type
AuthAction.type
class AuthAction[A](val authConfig: GoogleAuthConfig, loginTarget: Call, bodyParser: BodyParser[A])(implicit val executionContext: ExecutionContext) extends ActionBuilder[UserIdentityRequest, A], ActionRefiner[Request, UserIdentityRequest], UserIdentifier

This action ensures that the user is authenticated and their token is valid. Is a user is not logged in or their token has expired then they will be authenticated.

This action ensures that the user is authenticated and their token is valid. Is a user is not logged in or their token has expired then they will be authenticated.

The AuthenticatedRequest will always have an identity.

Value parameters

loginTarget

The target that should be redirected to in order to carry out authentication

Attributes

Companion
object
Supertypes
trait ActionRefiner[Request, UserIdentityRequest]
trait ActionBuilder[UserIdentityRequest, A]
trait ActionFunction[Request, UserIdentityRequest]
class Object
trait Matchable
class Any
Show all
object AuthenticatedRequest

Attributes

Supertypes
class Object
trait Matchable
class Any
Self type
case class DiscoveryDocument(authorization_endpoint: String, token_endpoint: String, userinfo_endpoint: String)

Attributes

Companion
object
Supertypes
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object DiscoveryDocument

Attributes

Companion
class
Supertypes
trait Product
trait Mirror
class Object
trait Matchable
class Any
Self type
case class Error(errors: Seq[ErrorInfo], code: Int, message: String)

Attributes

Companion
object
Supertypes
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object Error

Attributes

Companion
class
Supertypes
trait Product
trait Mirror
class Object
trait Matchable
class Any
Self type
Error.type
case class ErrorInfo(domain: String, reason: String, message: String)

Attributes

Companion
object
Supertypes
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object ErrorInfo

Attributes

Companion
class
Supertypes
trait Product
trait Mirror
class Object
trait Matchable
class Any
Self type
ErrorInfo.type
case class FilterExemption(path: String)

Attributes

Supertypes
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
trait Filters extends UserIdentifier, Logging

Attributes

Supertypes
trait Logging
class Object
trait Matchable
class Any
object GoogleAuth

Attributes

Supertypes
class Object
trait Matchable
class Any
Self type
GoogleAuth.type
case class GoogleAuthConfig(clientId: String, clientSecret: String, redirectUrl: String, domains: List[String], maxAuthAge: Option[Duration], enforceValidity: Boolean, prompt: Option[String], antiForgeryChecker: AntiForgeryChecker, twoFactorAuthChecker: Option[TwoFactorAuthChecker])

The configuration class for Google authentication

The configuration class for Google authentication

Value parameters

antiForgeryChecker

configuration for the checks that ensure the OAuth callback can't be forged

clientId

The ClientID from the developer dashboard

clientSecret

The client secret from the developer dashboard

domains

An optional list of domains to restrict login to (e.g. guardian.co.uk)

enforceValidity

A boolean indicating whether you want a user to be re-authenticated when their session expires

maxAuthAge

An optional duration after which you want a user to be prompted for their password again

prompt

An optional space delimited, case sensitive list of ASCII string values that specifies whether the Authorization Server prompts the End-User for reauthentication and consent

redirectUrl

The URL to return to after authentication has completed

twoFactorAuthChecker

only allow users to authenticate if they have 2FA enabled

Attributes

Companion
object
Supertypes
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object GoogleAuthConfig

Attributes

Companion
class
Supertypes
trait Product
trait Mirror
class Object
trait Matchable
class Any
Self type
class GoogleAuthException(val message: String, val throwable: Throwable) extends Exception

Attributes

Supertypes
class Exception
class Throwable
trait Serializable
class Object
trait Matchable
class Any
Show all
object GoogleAuthFilters

Attributes

Supertypes
class Object
trait Matchable
class Any
Self type
class GoogleGroupChecker(impersonatedUser: String, serviceAccountCredentials: ServiceAccountCredentials)

The Directory API can tell you what groups (ie Google Group) a user is in.

The Directory API can tell you what groups (ie Google Group) a user is in.

You can use a Service Account to access the Directory API (in fact, non-Service access, ie web-user, doesn't seem to work?). The Service Account needs the following scope: https://www.googleapis.com/auth/admin.directory.group.readonly - note that if you're using TwoFactorAuthChecker it requires a different scope: https://www.googleapis.com/auth/admin.directory.user.readonly

So long as you have the Service Account certificate as a string, you can easily make an instance of com.google.auth.oauth2.ServiceAccountCredentials with ServiceAccount.credentialsFrom(java.lang.String).

Value parameters

impersonatedUser

a separate domain-user account email address (eg '[email protected]'), the email address of the user the application will be impersonating when making calls.

Attributes

Supertypes
class Object
trait Matchable
class Any
case class JsonWebToken(jwt: String)

Attributes

Supertypes
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
case class JwtClaims(iss: String, sub: String, azp: String, email: String, at_hash: String, email_verified: Boolean, aud: String, hd: Option[String], iat: Long, exp: Long)

Attributes

Companion
object
Supertypes
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object JwtClaims

Attributes

Companion
class
Supertypes
trait Product
trait Mirror
class Object
trait Matchable
class Any
Self type
JwtClaims.type
trait LoginSupport extends Logging

Attributes

Supertypes
trait Logging
class Object
trait Matchable
class Any
case object ServiceAccountHelper

Attributes

Supertypes
trait Singleton
trait Product
trait Mirror
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
Self type
case class Token(access_token: String, token_type: String, expires_in: Long, id_token: String)

Attributes

Companion
object
Supertypes
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object Token

Attributes

Companion
class
Supertypes
trait Product
trait Mirror
class Object
trait Matchable
class Any
Self type
Token.type
class TwoFactorAuthChecker(googleCredentials: GoogleCredentials)

Uses the isEnrolledIn2Sv field on https://developers.google.com/admin-sdk/directory/reference/rest/v1/users to check the 2FA status of a user.

Uses the isEnrolledIn2Sv field on https://developers.google.com/admin-sdk/directory/reference/rest/v1/users to check the 2FA status of a user.

Value parameters

googleCredentials

must have read-only access to retrieve a User using the Admin SDK Directory API

Attributes

Supertypes
class Object
trait Matchable
class Any
trait UserIdentifier

Attributes

Supertypes
class Object
trait Matchable
class Any
Known subtypes
class AuthAction[A]
trait Filters
case class UserIdentity(sub: String, email: String, firstName: String, lastName: String, exp: Long, avatarUrl: Option[String])

Attributes

Companion
object
Supertypes
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object UserIdentity

Attributes

Companion
class
Supertypes
trait Product
trait Mirror
class Object
trait Matchable
class Any
Self type
case class UserInfo(gender: Option[String], sub: Option[String], name: String, given_name: String, family_name: String, profile: Option[String], picture: Option[String], email: String, locale: Option[String], hd: Option[String])

Attributes

Companion
object
Supertypes
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object UserInfo

Attributes

Companion
class
Supertypes
trait Product
trait Mirror
class Object
trait Matchable
class Any
Self type
UserInfo.type
Generated with