Package

com.gu

googleauth

Permalink

package googleauth

Visibility
  1. Public
  2. All

Type Members

  1. case class AntiForgeryChecker(signingSecret: String, signatureAlgorithm: SignatureAlgorithm, sessionIdKeyName: String = "play-googleauth-session-id") extends Product with Serializable

    Permalink

    When the OAuth callback returns to our app, we need to ensure that this is the end of a valid authentication sequence that we initiated, and not a forged redirect.

    When the OAuth callback returns to our app, we need to ensure that this is the end of a valid authentication sequence that we initiated, and not a forged redirect. Rather than use a nonce, we use a signed session id in a short-lifetime Json Web Token, allowing us to cope better with concurrent authentication requests from the same browser session.

    "One good choice for a state token is a string of 30 or so characters constructed using a high-quality random-number generator. Another is a hash generated by signing some of your session state variables with a key that is kept secret on your back-end." - https://developers.google.com/identity/protocols/OpenIDConnect#createxsrftoken

    The design here is partially based on a IETF draft for "Encoding claims in the OAuth 2 state parameter ...": https://tools.ietf.org/html/draft-bradley-oauth-jwt-encoded-state-01

  2. class AuthAction[A] extends ActionBuilder[UserIdentityRequest, A] with ActionRefiner[Request, UserIdentityRequest] with UserIdentifier

    Permalink

    This action ensures that the user is authenticated and their token is valid.

    This action ensures that the user is authenticated and their token is valid. Is a user is not logged in or their token has expired then they will be authenticated.

    The AuthenticatedRequest will always have an identity.

  3. case class DiscoveryDocument(authorization_endpoint: String, token_endpoint: String, userinfo_endpoint: String) extends Product with Serializable

    Permalink

  4. case class Error(errors: Seq[ErrorInfo], code: Int, message: String) extends Product with Serializable

    Permalink

  5. case class ErrorInfo(domain: String, reason: String, message: String) extends Product with Serializable

    Permalink

  6. case class FilterExemption(path: String) extends Product with Serializable

    Permalink

  7. trait Filters extends UserIdentifier

    Permalink

  8. case class GoogleAuthConfig extends Product with Serializable

    Permalink

    The configuration class for Google authentication

  9. class GoogleAuthException extends Exception

    Permalink

  10. class GoogleGroupChecker extends AnyRef

    Permalink

    The Directory API can tell you what groups (ie Google Group) a user is in.

    The Directory API can tell you what groups (ie Google Group) a user is in.

    You can use a Service Account to access the Directory API (in fact, non-Service access, ie web-user, doesn't seem to work?). The Service Account needs the following scope: https://www.googleapis.com/auth/admin.directory.group.readonly

    You also need a separate domain user account (eg [email protected]), which will be 'impersonated' when making the calls.

  11. case class GoogleServiceAccount(email: String, privateKey: PrivateKey, impersonatedUser: String) extends Product with Serializable

    Permalink

    A Service Account calls Google APIs on behalf of your application instead of an end-user.

    A Service Account calls Google APIs on behalf of your application instead of an end-user. https://developers.google.com/identity/protocols/OAuth2#serviceaccount

    You can create a service account in the Google Developers Console:

    https://developers.google.com/identity/protocols/OAuth2ServiceAccount#creatinganaccount

    email

    email address of the Service Account

    privateKey

    the Service Account's private key - from the P12 file generated when the Service Account was created

    impersonatedUser

    the email address of the user the application will be impersonating

  12. case class JsonWebToken(jwt: String) extends Product with Serializable

    Permalink

  13. case class JwtClaims(iss: String, sub: String, azp: String, email: String, at_hash: String, email_verified: Boolean, aud: String, hd: Option[String], iat: Long, exp: Long) extends Product with Serializable

    Permalink

  14. trait LoginSupport extends AnyRef

    Permalink

  15. case class Token(access_token: String, token_type: String, expires_in: Long, id_token: String) extends Product with Serializable

    Permalink

  16. trait UserIdentifier extends AnyRef

    Permalink

  17. case class UserIdentity(sub: String, email: String, firstName: String, lastName: String, exp: Long, avatarUrl: Option[String]) extends Product with Serializable

    Permalink

  18. case class UserInfo(gender: Option[String], sub: Option[String], name: String, given_name: String, family_name: String, profile: Option[String], picture: Option[String], email: String, locale: String, hd: Option[String]) extends Product with Serializable

    Permalink

Value Members

  1. object Actions

    Permalink

  2. object AntiForgeryChecker extends Serializable

    Permalink

  3. object AuthAction

    Permalink

  4. object AuthenticatedRequest

    Permalink

  5. object DiscoveryDocument extends Serializable

    Permalink

  6. object Error extends Serializable

    Permalink

  7. object ErrorInfo extends Serializable

    Permalink

  8. object GoogleAuth

    Permalink

  9. object GoogleAuthConfig extends Serializable

    Permalink

  10. object GoogleAuthFilters

    Permalink

  11. object JwtClaims extends Serializable

    Permalink

  12. object Token extends Serializable

    Permalink

  13. object UserIdentity extends Serializable

    Permalink

  14. object UserInfo extends Serializable

    Permalink

Ungrouped