state

Type Members

1. case class CookieState(expirationDate: DateTime, value: String) extends OAuth2State with Product with Serializable

   

   A state which gets persisted in a cookie.

   A state which gets persisted in a cookie.

   This is to prevent the client for CSRF attacks as described in the OAuth2 RFC.

   expirationDate

   The expiration time.

   value

   A value that binds the request to the user-agent's authenticated state.

   See also

   https://tools.ietf.org/html/rfc6749#section-10.12

2. class CookieStateProvider extends OAuth2StateProvider

   

   Saves the state in a cookie.

3. case class CookieStateSettings(cookieName: String = "OAuth2State", cookiePath: String = "/", cookieDomain: Option[String] = None, secureCookie: Boolean = true, httpOnlyCookie: Boolean = true, expirationTime: FiniteDuration = 5 minutes) extends Product with Serializable

   

   The settings for the cookie state.

   The settings for the cookie state.

   cookieName

   The cookie name.

   cookiePath

   The cookie path.

   cookieDomain

   The cookie domain.

   secureCookie

   Whether this cookie is secured, sent only for HTTPS requests.

   httpOnlyCookie

   Whether this cookie is HTTP only, i.e. not accessible from client-side JavaScript code.

   expirationTime

   State expiration. Defaults to 5 minutes which provides sufficient time to log in, but not too much. This is a balance between convenience and security.

4. case class DummyState() extends OAuth2State with Product with Serializable

   

   A dummy state which can be used to avoid state validation.

   A dummy state which can be used to avoid state validation. This can be useful if the state should be validated on client side.

5. class DummyStateProvider extends OAuth2StateProvider

   

   Handles the dummy state.