问题
I'm having issues with using JWT Authentication using guides for older versions but I'd like to focus on the new Play 2.6
According to the official documentation, JWT is now used under the hood.
It seems like there would be an easier way instead of creating an ActionBuilder and a bunch of other classes or importing third-party libraries but I can't figure out what I would need to do.
Can anyone give me guidance on how to create JWT tokens/secrets with 2.6? Preferably Java but I could make my way through Scala as well.
回答1:
Can anyone give me guidance on how to create JWT tokens/secrets with 2.6? Preferably Java but I could make my way through Scala as well.
JWT is baked into the session cookie. You don't need to do anything at all for that. There is no user visible JWT header in Play, but you can use the JJWT library https://github.com/jwtk/jjwt which Play uses under the hood to create your own JWT and use that.
There is an example project at https://github.com/franzgranlund/play-java-jwt which uses a slightly different JWT library for headers, but gives the idea.
The main thing to do is verify that the JWT you get back is using the same algorithm you sent out, i.e. no-one has sent you an alg=NONE or something silly, and ensure you're using a decent algorithm, i.e. HMAC-SHA256 with AES-GCM.
If you're interested in using encryption/signing generally, there's an example in https://github.com/playframework/play-scala-secure-session-example/ which should help.
来源:https://stackoverflow.com/questions/47335787/using-jwt-authentication-with-play-framework-2-6