5

I started integrating SecureSocial in my play/scala app, but I don't really like all the redirects it does between it's different views.

example - try to login from it's default login page and if you put in a wrong pass you will be redirected to a different page (url) but with the same login form. the only thing that is different is that there is an error message...

I want a simple login form (user/password provider) at the corner of my main page that submits it's data using ajax, this data is validated on the server and a response is made to either display error message/s or change the window.location. Next to this form I will put a link to go to a more advanced login page that adds the option to use other providers like fb/twitter etc.. But from that page I also want to use ajax to submit the details and get the response.

I tried to browse into the SecureSocial source but got a little lost in there.

Can any one give me an idea how to use SecureSocial's but without using any of it's views?

NOTE: I'm not interested in customizing their views, It's not just a CSS/design issue, I want to handle the login details Ajaxly and not with normal form submission followed by redirects...

Ben Reich
  • 16,222
  • 2
  • 38
  • 59
samz
  • 1,592
  • 3
  • 21
  • 37

1 Answers1

2

After some more rummaging around in SecureSocial code I got a better understanding of how it operates.

You can use any of the providers you listed in the play.plugins file seperatly to authenthicate the user's info from your own login/auth code. just make sure you send the right parameters that the provider needs.

I liked the way SecureSocial's ProviderController class dynamically decided what provider to use, based on a parameter. But I didn't like the responses it made - redirect.. I wanted to respond to an ajax request with some data and let the client side js handle it.

This is my solution:

pretty much copy all of ProviderController code to my own Auth.scala file (a Controller). Changed the redirects related to "case ex, case _", kept the redirect on successful auth as it adds the SecureSocial session key related to the user. Removed all the SecureSocial related routes from my routes file. Put an additional hidden field with the logintype (userpass/google/fb/etc...) and configured my login ajax post to sent this along with the post to my Auth controller.

If you need more info comment here and I'll edit the answer.

samz
  • 1,592
  • 3
  • 21
  • 37
  • I am interested... basically, because I'm showing the login screen in a popup, and if the user logs in or cancels I don't want to reload the page (and lose the user's inputs)... I just want to close the popup and update login state if necessary. I guess I need an Ajax login to achieve this. – User Aug 23 '13 at 21:23
  • Sorry for the somewhat late comment. Yeah you need ajax and secure social works with page normal requests and redirects... eventually I stopped using it and created my own couple of auth classes inspired by the auth20 module. It's not too complicated and is most flexible that way :) – samz Sep 02 '13 at 13:25
  • I've exactly the same issue. I want to remove all the HTML templates from my Play application (including SecureSocial custom templates) and replace them with JSON/JavaScript. I started reworking a bit the SecureSocial sources... but since I just need a username/password provider I think is worth creating my own solution. Could you provide me with some hints on how you solved the issue? Is there any good tutorial or sample that could help me in writing a decent auth api? Thanks. – j3d Oct 20 '13 at 20:48
  • Sure, I used play-auth as a base to start from: https://github.com/t2v/play2-auth . if you only need user-password like it is great for you. It gives you more control than secure social. you can define what action happens on succ/failed login, define how to authenticate a login and more. the downside (or up) is that you have to make the login screen yourself. I went further and also changed the login token mechanism some. the cookie mechanism was not good for our product. we needed someting that would work for a mobile app. you can find lots auth advise on stackoveflow. I did it that way. – samz Oct 25 '13 at 20:14
  • Did you come across an issue with "java.lang.ClassNotFoundException: securesocial.controllers.ReverseProviderController". I've taken your advise and copied the ProviderController. Logging in with the correct credentials now works but if the credentials are wrong SecureSocial tries to instantiate this generated class that for some reason isn't being generated now (even though I've kept the referenced to it in my routes file). – glidester Jul 11 '14 at 10:02