Example of REST API with JWT authentication with Play 2.6

1,448 views
Skip to first unread message

Diego

unread,
Jun 25, 2017, 7:17:24 PM6/25/17
to Play Framework
Hello everybody,

According to the release notes, Play supports JWT now. From my understanding, this means that I will no longer need an external library (such as scala-jwt) to implement JWT in a REST API.

However, I can't find an example of JWT authentication with Play 2.6 in scala. I was able to find several examples on the internet but all of them were using Play 2.5 or previous versions, so I am guessing there should be a better and easier way to implement authentication now on 2.6 since JWT is now fully supported.


Do you guys have an example to share?

thank you for your help,
Diego

Will Sargent

unread,
Jun 26, 2017, 6:43:28 AM6/26/17
to play-fr...@googlegroups.com
Play uses JWT as a cookie encoding -- this isn't the same thing as authentication, because Play doesn't have a user/principal concept.

If you check out Silhouette, that provides the authentication piece.

-- 
Will Sargent
--
You received this message because you are subscribed to the Google Groups "Play Framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to play-framewor...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/play-framework/6090451b-df8a-4f2d-a809-bf550171a285%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Marino Borra

unread,
Feb 9, 2018, 3:59:35 PM2/9/18
to Play Framework
Hi @Will, I'm confused, a JWT is used only as an encoding format? I can't use it to check and *authorize* a Token?

Thanks
Marino

henrym...@gmail.com

unread,
Feb 15, 2018, 1:32:39 PM2/15/18
to Play Framework

I am reading the page and it indicates play uses JWT for signing cookies... any cookie that you set within the play session. The play JWT cookie encoding functionality has nothing to do with authentication.

JWT comes with a number of advantages, notably automatic signing with HMAC-SHA-256, and support for automatic “not before” and “expires after” date checks which ensure the session cookie cannot be reused outside of a given time window. 
https://www.playframework.com/documentation/2.6.x/Migration26

For using JWT for authentication: you still have to pull in a third party library such as Silhouette (https://www.silhouette.rocks/docs/authenticator#section-jwtauthenticator)

Franz

unread,
Feb 16, 2018, 1:28:43 AM2/16/18
to Play Framework
I have made a small project that shows how to do JSON Web Token authentication in Play Framework 2.6 using Java. Might give you some hints on how to get started. 


Br,
Franz
Reply all
Reply to author
Forward
0 new messages