Last active
February 19, 2019 09:18
-
-
Save erip/07405b6fe225027302358a03306964b3 to your computer and use it in GitHub Desktop.
OpenID authentication with Lagom
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import com.lightbend.lagom.scaladsl.api.transport.Forbidden | |
import com.lightbend.lagom.scaladsl.api.{Service, ServiceCall} | |
import com.lightbend.lagom.scaladsl.server.PlayServiceCall | |
import play.api.libs.openid.{OpenIdClient, UserInfo} | |
import play.api.mvc.EssentialAction | |
import scala.concurrent.{ExecutionContext, Future} | |
/** | |
* A trait which will provide OpenID authentication when provided with an OpenID client. | |
*/ | |
trait OpenId { self: Service => | |
/** | |
* The client against which verification will be made. | |
* @return | |
*/ | |
def openIdClient: OpenIdClient | |
/** | |
* A composable service call which will check whether a user exists given the request | |
* headers. In the case the user does not exist, a Forbidden error is returned. In | |
* the case that the user does exist, the returned user information from the OpenID client | |
* is forwarded to the requested service endpoint call. | |
* | |
* @param serviceCall the requested service endpoint which requires authentication. | |
* @tparam Request the type of request the intended service endpoint accepts. | |
* @tparam Response the type of response the intended service endpoint produces. | |
*/ | |
def authenticated[Request, Response]( | |
serviceCall: UserInfo => ServiceCall[Request, Response] | |
)(implicit ec: ExecutionContext) = | |
PlayServiceCall[Request, Response] { wrapCall => | |
EssentialAction { reqHeader => | |
val res: Future[ServiceCall[Request, Response]] = { | |
val user: Future[UserInfo] = openIdClient.verifiedId(reqHeader) | |
user.map(info => serviceCall(info)).recover { | |
case _: Throwable => throw Forbidden("User must be authenticated to access this service call") | |
} | |
} | |
val wrappedAction = wrapCall(res) | |
val accumulator = wrappedAction(reqHeader) | |
accumulator.map(identity) | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is untested.