Authentication/authorization are two crucial components of web apps. I find it very surprising that Play doesn’t have out-of-the-box support for handling them, i.e. ready to use components that you can plug into your app, depending on your requirements. If you look at vertx - https://vertx.io/docs/#authentication-and-authorization - they provide various components for different needs. Spring is the same.
Granted, there are libraries written by third-party developers that support Play (they can be found here: https://www.playframework.com/documentation/2.8.x/ModuleDirectory), but it’s hard to choose. In some cases you can hear the crickets - those components are not developed anymore, or the respective devs don’t have time/funding to continue and those components support older versions of Play.
Can someone from Lightbend please comment? Do you provide such components for subscribers only? Just curious. What do people use for authentication and authorization these days?
In our case some routes - Actions need to be secure and some not - example sign up may not and some other actions may - so gives us better control of the Actions. So just replaced Action.async with authenticate.authAsync so this route authenticates the call.
Sometimes i feel the same, in Play open source ecosystem there are some “gaps in completeness”. Propably they have philosophy “do it yourself, it is simple with Play”.
I use pac4j with deadbolt 2, both projects are third party-community driven-one man show library and i hope the libs will be still alive in next years…
@petahathub I took over the deadbolt 2 project from the original maintainer. I know the documentation isn’t up to date because of lack of time, however I definitely will release new versions in the future.
It has been in constant development/release for years and the lead developer is still delivering new features, bug fixes, and keeping all the pieces current.