Expose Play Framework calls left secure with securesocial for mobile app

Question

Expose Play Framework calls left secure with securesocial for mobile app

I would like to expose my REST calls in the Play Framework for clients other than my game application.

I would like the mobile app to trigger these secure leisure calls.

At the beginning of the year, I asked the SO question and got an answer, but this only works for OAuth2, and I use only OAuth1

My questions:

Is exposing my Securesocial protected REST calls in my PlayFramework app for non-web clients like mobile apps a good idea?
Is there a way to do this using Securesocial for OAuth1?
Are there any examples except one in the link from my last question?

+4

rest playframework playframework-2.2 securesocial

Shawn vader May 26 '14 at 11:12

source share

2 answers

Silhouette (repo). , .

Silhouette, app , .

+2

Rayron Victor 03 . '15 1:18

Jorge · Accepted Answer · 2014-05-27T15:13:44+0000

Recent changes to master-SNAPSHOT include the LoginApi controller, which allows you to authenticate a user using the API. It supports UsernamePasswordProvider and all OAuth2Providers.

In the case of UsernamePasswordProvider, you can publish user credentials, and if theyre ok, you will get json with a token, which can be used in the X-Auth-Token header to call SecuredActions. For instance:

curl --data "username=some@email.com&password=some_password" http://localhost:9000/auth/api/authenticate/userpass

, OAuth2, JSON accessToken, ( ) . accessToken, , , , , . , . , FortyTwo, , (http://eng.42go.com/mobile-auth-with-play-and-securesocial/).

, test.json accessToken expiresIn, Facebook (: Javascript):

{
"email": "some@email.com",
"info": {
    "accessToken": "an_access_token",
    "expiresIn": a_number_with_expiration_in_seconds
 }
}

:

curl -v --header "Content-Type: application/json" --request POST --data-binary "@test.json" http://localhost:9000/auth/api/authenticate/facebook

json :

{"token":"98b9613dac60890b8e0abf5bc0f77591523df4e6de50b085c832116b8db2cc65511e0de6780f6a49f8755eddabbd46e6afada92160758fd6d4bbb25dc57e0f7b1e4b5b59fbbe543cf80ad1b6d91de7764e3ac1aaa0afac0c312a47bf27258f455606c6c19b1a3d40f8631ce98e6b76e128dddcb29511eb81200ffe9de95cba7a","expiresOn":"2014-05-07T07:43:10.987-03:00"}

:

curl -v --header "Content-Type: application/json" -H "X-Auth-Token: 819a9cb9227d2c82af9c1ee2a62b9e7d35725e235e086ab95ecce0b509f3f7b389f430e217e341306ecaebfd1972ac083de73a32341a26f97150ae71fb0417f0031534d818356b2266ffc100e5ee6a50bd1f9ec76b0f68d2ff8ce4d196b4a86b61e002b29b00532ef166cb2eb8476d3ae008c112891628bc0f444c7512c01345" http://localhost:9000/my-protected-action

Expose Play Framework calls left secure with securesocial for mobile app

More articles: