Silhouette

OAuth2 based providers

Suggest Edits

To configure OAuth2 based providers you must use the OAuth2Settings class. This class has the following form:

case class OAuth2Settings(
  authorizationURL: Option[String] = None,
  accessTokenURL: String,
  redirectURL: String,
  apiURL: Option[String] = None,
  clientID: String,
  clientSecret: String,
  scope: Option[String] = None,
  authorizationParams: Map[String, String] = Map.empty,
  accessTokenParams: Map[String, String] = Map.empty,
  customProperties: Map[String, String] = Map.empty)

Property

Description

authorizationURL

The authorization URL provided by the OAuth provider. This isn't needed when using Silhouette in conjunction with client side authentication frameworks

accessTokenURL

The access token URL provided by the OAuth provider

redirectURL

The redirect URL to the application after a successful authentication on the OAuth provider. The URL can be a relative path which will be resolved against the current request's host

apiURL

The URL to fetch the profile from the API. Can be used to override the default URL hardcoded in every provider implementation.

clientID

The client ID provided by the OAuth provider

clientSecret

The client secret provided by the OAuth provider

scope

The OAuth2 scope parameter provided by the OAuth provider

authorizationParams

Additional params to add to the authorization request

accessTokenParams

Additional params to add to the access token request

customProperties

A map of custom properties for the different providers

The redirectURL must point to your action which is responsible for the authentication over your defined providers. So if you define the following route as example:

GET  /authenticate/:provider  @controllers.SocialAuthController.authenticate(provider)

Then your redirectURL must have the following format:

redirectURL="https://your.domain.tld/authenticate/facebook"


auth0 {
  authorizationURL="https://*.auth0.com/authorize"
  accessTokenURL="https://*.auth0.com/oauth/token"
  apiURL="https://*.auth0.com/userinfo"
  redirectURL="https://your.domain.tld/authenticate/auth0"
  clientID="your.client.id"
  clientSecret="your.client.secret"
}

clef {
  accessTokenURL="https://clef.io/api/v1/authorize"
  redirectURL="https://your.domain.tld/authenticate/clef"
  clientID="your.client.id"
  clientSecret="your.client.secret"
}

dropbox {
  authorizationURL="https://www.dropbox.com/1/oauth2/authorize"
  accessTokenURL="https://api.dropbox.com/1/oauth2/token"
  redirectURL="https://your.domain.tld/authenticate/dropbox"
  clientID="your.client.id"
  clientSecret="your.client.secret"
}

facebook {
  authorizationURL="https://graph..3/oauth/authorize"
  accessTokenURL="https://graph..3/oauth/access_token"
  redirectURL="https://your.domain.tld/authenticate/facebook"
  clientID="your.client.id"
  clientSecret="your.client.secret"
  scope=email
}

foursquare {
  authorizationURL="https://foursquare.com/oauth2/authenticate"
  accessTokenURL="https://foursquare.com/oauth2/access_token"
  redirectURL="https://your.domain.tld/authenticate/foursquare"
  clientID="your.client.id"
  clientSecret="your.client.secret"
}

github {
  authorizationURL="https://github.com/login/oauth/authorize"
  accessTokenURL="https://github.com/login/oauth/access_token"
  redirectURL="https://your.domain.tld/authenticate/github"
  clientID="your.client.id"
  clientSecret="your.client.secret"
}

gitlab {
  authorizationURL="https://gitlab.com/oauth/authorize"
  accessTokenURL="https://gitlab.com/oauth/token"
  redirectURL="https://your.domain.tld/authenticate/gitlab"
  clientID="your.client.id"
  clientSecret="your.client.secret"
  scope="api"
}

google {
  authorizationURL="https://accounts.google.com/o/oauth2/auth"
  accessTokenURL="https://accounts.google.com/o/oauth2/token"
  redirectURL="https://your.domain.tld/authenticate/google"
  clientID="your.client.id"
  clientSecret="your.client.secret"
  scope="profile email"
}

instagram {
  authorizationURL="https://api.instagram.com/oauth/authorize"
  accessTokenURL="https://api.instagram.com/oauth/access_token"
  redirectURL="https://your.domain.tld/authenticate/instagram"
  clientID="your.client.id"
  clientSecret="your.client.secret"
}

linkedin {
  authorizationURL="https://www.linkedin.com/uas/oauth2/authorization"
  accessTokenURL="https://www.linkedin.com/uas/oauth2/accessToken"
  redirectURL="https://your.domain.tld/authenticate/linkedin"
  clientID="your.client.id"
  clientSecret="your.client.secret"
}

vk {
  authorizationURL="http://oauth.vk.com/authorize"
  accessTokenURL="https://oauth.vk.com/access_token"
  redirectURL="https://your.domain.tld/authenticate/vk"
  clientID="your.client.id"
  clientSecret="your.client.secret"
  scope="email"
}

auth0 {
  authorizationURL="https://mydomain.eu.auth0.com/authorize"
  accessTokenURL="https://mydomain.eu.auth0.com/oauth/token"
  apiURL="https://mydomain.eu.auth0.com/userinfo"
  redirectURL="https://your.domain.tld/authenticate/auth0"
  clientID="your.client.id"
  clientSecret="your.client.secret"
  scope="openid name email picture"
}

To get the clientId/clientSecret keys you need to log into the developer site of each service and register your application.

Basically the configuration of the providers will be done globally on provider instantiation. But in some circumstances it is necessary to override this globally configuration with other values. This can be done with the withSettings method that every SocialProvider has implemented. The withSettings methods accepts a function which gets the current configuration as parameter and which must return a new configuration.

provider.withSettings { config =>
  config.copy("new-value")
}.authenticate()

Updated less than a minute ago

What's Next

OAuth2 state