play-authenticate icon indicating copy to clipboard operation
play-authenticate copied to clipboard

Published 20 hours ago verified publisher icon joscha

How to implement REST based authentication for Mobile Apps for providers?

Open thandaanda opened this issue 9 years ago • 7 comments

I have a scenario where front end/ mobile app gets access token via authenticating users from different providers. Now I want to send access token with provider name to play-authenticate and store it in database. How can I implement it? I got few leads from securesocial where they have one route for api authentication. Can we do it for this module?

thandaanda avatar Aug 02 '14 06:08 thandaanda

Hi @joscha : If you have any thoughts on how to implement it in module, let me know I will implement. We can create one extra endpoint, which will receive provider name, access token, secret(for oauth 1), also username and password, so that it can be used for mobile device and REST requests and returns JSON.

thandaanda avatar Aug 12 '14 07:08 thandaanda

right now it appears that play-authenticate is hardcoded to work with browsers alone

oexza avatar Nov 03 '14 07:11 oexza

@oexza no, you can just switch the html views with json views and it should work.

joscha avatar Nov 03 '14 09:11 joscha

@joscha yeah i know that but then then json response will not work well with browsers as the browser still needs the html views for authentication. i don't see a way to check if a request for authentication is from a mobile app or from a browser so we can serve either json views or html views based on the check.

oexza avatar Nov 03 '14 21:11 oexza

@oexza what would your perfect solution look like? Maybe we can come up with something to solve this.

joscha avatar Nov 08 '14 11:11 joscha

the first thing that comes to mind would be the resolver. you could set a custom request header that will be set to true if json views are required like so:

in the Global.java

@Override
public Call login() {
    // Your login page
    if Context.current().request().hasHeader("custom header name") && Context.current().request().getHeader("custom header name")=="true"){
        routes.Application.jsonLogin;
    }
    return routes.Application.login()
}

of course i set the other resolver calls accordingly, and all the controllers that handle authentication in the application then check for the same request header and return the necessary views. Also i tweaked the deadbolt handler to do the same check. This is my rough work around for both ajax authentication and android apps for now.

oexza avatar Nov 25 '14 15:11 oexza

Hi there, just stumbled upon this... shouldn't you be able to do this using HTTP content negotiation (i.e. Accept headers)? Or am I missing the point here?

danbim avatar Jul 09 '15 07:07 danbim