I'm having issues with using JWT Authentication using guides for older versions but I'd like to focus on the new Play 2.6
According to the official documentation, JWT is now used under the hood.
It seems like there would be an easier way instead of creating an ActionBuilder and a bunch of other classes or importing third-party libraries but I can't figure out what I would need to do.
Can anyone give me guidance on how to create JWT tokens/secrets with 2.6? Preferably Java but I could make my way through Scala as well.
Although JWT does eliminate the database lookup, it introduces security issues and other complexities while doing so. Security is binary—either it's secure or it's not. Thus making it dangerous to use JWT for user sessions.
JWT stands for JSON Web Token digitally signed using a secret key by a token provider. It helps the resource server to verify the token data using the same secret key. JWT consists of three parts: Header: encoded data of the token type and the algorithm used to sign the data.
Can anyone give me guidance on how to create JWT tokens/secrets with 2.6? Preferably Java but I could make my way through Scala as well.
JWT is baked into the session cookie. You don't need to do anything at all for that. There is no user visible JWT header in Play, but you can use the JJWT library https://github.com/jwtk/jjwt which Play uses under the hood to create your own JWT and use that.
There is an example project at https://github.com/franzgranlund/play-java-jwt which uses a slightly different JWT library for headers, but gives the idea.
The main thing to do is verify that the JWT you get back is using the same algorithm you sent out, i.e. no-one has sent you an alg=NONE or something silly, and ensure you're using a decent algorithm, i.e. HMAC-SHA256 with AES-GCM.
If you're interested in using encryption/signing generally, there's an example in https://github.com/playframework/play-scala-secure-session-example/ which should help.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With