Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Securing REST API on Play framework and OAuth2

Tags:

oauth

scala

oauth-2.0

playframework

playframework-2.0

I am developing an application with Play 2.0 and Scala that exposes some REST API. These APIs will be used by different applications, web, mobile or desktop, so the OAuth protocol (OAuth2) seems the most suitable.

Also I would initially use an external OAuth Provider such as Facebook.

My question is: what is the exact flow to authorize the individual REST call? What should I expect on the server side for each call and what I should check with the external provider?

With OAuth1 I knew that the client sent the token with all the signed request, but with Oauth2 I think not so, I imagine that if a token is not signed is not trusted and therefore I do not think this is the flow.

like image 800
Marco Avatar asked Jul 07 '12 09:07

Marco

People also ask

How does OAuth 2.0 work in REST API?

In OAuth 2.0, the following three parties are involved: The user, who possesses data that is accessed through the API and wants to allow the application to access it. The application, which is to access the data through the API on the user's behalf. The API, which controls and enables access to the user's data.

Is OAuth2 more secure than oauth1?

OAuth 2.0 is much more usable, but much more difficult to build securely. Much more flexible. OAuth 1.0 only handled web workflows, but OAuth 2.0 considers non-web clients as well.

Is oauth1 OAuth2 compatible?

OAuth 2.0 is not backwards compatible with OAuth 1.0 or 1.1, and should be thought of as a completely new protocol. OAuth 1.0 was largely based on two existing proprietary protocols: Flickr's authorization API and Google's AuthSub.

Should I use OAuth2 for my API?

Its really good in building API based request. For your question: If you are building just a basic API, with simple GET and POST requests, then you might want to ask yourself if the data that you are displaying or manipulating requires "security". If not then most likely, you don't need to implement OAuth.

1 Answers

You could use a module called SecureSocial.

https://github.com/jaliss/securesocial/

This one is quite refined and many people in Play community seem to be aware/using this module.

For authorization might be useful. https://github.com/schaloner/deadbolt-2/

For end to end scala stuff, https://github.com/t2v/play20-auth

like image 138
Rakesh Waghela Avatar answered Sep 19 '22 19:09

Rakesh Waghela
Sign in to Comment

Related questions

How to cast Long to Int in Scala?
What are the Spark transformations that causes a Shuffle?
Function parameter types and =>
Scala foreach strange behaviour
How to set hadoop configuration values from pyspark
How to set amount of Spark executors?
How can I pattern match on a range in Scala?
Increment for-loop by 2 in Scala
How to define an Ordering in Scala?
Why Some(null) isn't considered None?
Most elegant repeat loop in Scala
Scala maps -> operator
Capitalize the first letter of every word in Scala
Aggregating multiple columns with custom function in Spark
Running Java gives "Error: could not open `C:\Program Files\Java\jre6\lib\amd64\jvm.cfg'"
Using the "Prolog in Scala" to find available type class instances
Static return type of Scala macros
Is there a good GnuPG encryption library for Java/Scala? [closed]
Are Options and named default arguments like oil and water in a Scala API?
How to investigate objects/types/etc. from Scala REPL?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!