• Home
• org.zalando
• play-zhewbacca_2.11
• 0.1.0
• source code
• OAuth2AuthProvider.scala

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.zalando.zhewbacca.OAuth2AuthProvider.scala Maven / Gradle / Ivy

package org.zalando.zhewbacca

import javax.inject.{Inject, Singleton}

import play.api.Logger
import play.api.libs.concurrent.Execution.Implicits._

import scala.concurrent.Future

/**
  * Authorization provider which uses Zalando's IAM API to verify given OAuth2 token.
  */
@Singleton
class OAuth2AuthProvider @Inject() (getTokenInfo: (OAuth2Token) => Future[Option[TokenInfo]])
    extends AuthProvider {

  val logger: Logger = Logger("security.OAuth2AuthProvider")

  private val bearerTokenType = "Bearer"

  override def valid(token: Option[OAuth2Token], scope: Scope): Future[AuthResult] =
    token.map(validateToken(_, scope)).getOrElse(Future.successful(AuthTokenEmpty))

  private def validateToken(token: OAuth2Token, scope: Scope): Future[AuthResult] =
    getTokenInfo(token).map(tokenInfoOpt =>
      tokenInfoOpt.map(validateTokenInfo(_, token, scope)).getOrElse(invalid(token)))

  private def validateTokenInfo(tokenInfo: TokenInfo, token: OAuth2Token, scope: Scope): AuthResult = {
    tokenInfo match {
      case TokenInfo(`token`.value, thatScope, `bearerTokenType`, _) if scope.in(thatScope) => AuthTokenValid(tokenInfo)
      case _ =>
        logger.info(s"Token '${token.toSafeString} has insufficient scope or wrong type.'")
        invalid(token)
    }
  }

  private def invalid(token: OAuth2Token): AuthResult = {
    logger.debug(s"Token '${token.toSafeString} is not valid'")
    AuthTokenInvalid
  }
}