How to implement stateless cookie authentication using Play Silhouette?

Question

The below link says that you can use CookieAuthenticator as stateless or stateful.

http://silhouette.mohiva.com/docs/authenticator

But I cannot see any options to make the choice at the below link.

http://silhouette.mohiva.com/v3.0/docs/config-authenticators#cookieauthenticator

I have copied the implementation for the below example. Is this stateless or stateful? If its stateful how can I implement stateless authentication?

https://github.com/mohiva/play-silhouette-seed

Answer 1

It's all correct.

look into the CookieAuthenticator.scala source on the github: https://github.com/mohiva/play-silhouette/blob/master/silhouette/app/com/mohiva/play/silhouette/impl/authenticators/CookieAuthenticator.scala

/**
 * The service that handles the cookie authenticator.
 *
 * @param settings The cookie settings.
 * @param repository The repository to persist the authenticator. Set it to None to use a stateless approach.
 * @param fingerprintGenerator The fingerprint generator implementation.
 * @param idGenerator The ID generator used to create the authenticator ID.
 * @param clock The clock implementation.
 * @param executionContext The execution context to handle the asynchronous operations.
 */
class CookieAuthenticatorService(
  settings: CookieAuthenticatorSettings,
  repository: Option[AuthenticatorRepository[CookieAuthenticator]],
  fingerprintGenerator: FingerprintGenerator,
  idGenerator: IDGenerator,
  clock: Clock)(implicit val executionContext: ExecutionContext)
  extends AuthenticatorService[CookieAuthenticator]

So you just need to create CookieAuthenticatorService with the repository defined.

In your example, you can find a string

new CookieAuthenticatorService(config, None, fingerprintGenerator, idGenerator, clock)

The repository parameter here is None so CookieAuthenticator is stateless.