What are you using for authentication and authorization?

I have a 2.5 Play app and I cannot upgrade to the latest Play because my authentication library has not updated and there is no update in the near future. What are you all using for authentication and authorization?

I need username/password (via DB), oauth1 and oauth2. My Play app is in Java. Any recommendations?


1 Like

You could look into https://github.com/pac4j/play-pac4j …appears that is working for 2.6.

I started on java/play-authenticate, then scala/play2-auth (which also struggles with current version support) and then ultimately to silhouette. I would personally recommend going to scala/silhouette. If pac4j doesn’t work, you could consider keeping your core functionality in java and have lean scala/silhouette controllers as a migration step.


I’ve used pac4j in a couple of play projects, both java and scala based.
So I agree with Adam, that is definitely worth checking out.

Play Silhouette is pretty much perfect. Might seem to be not as easy to grasp at first, unlike Play2 Auth (which I guess that you are using), but it’s very customizable.

1 Like

Play Silhouette is a really nice library. However its scala only.

1 Like

None of the existing solutions catered for an independent oauth2 authorization server so I have built my own, check it out at https://github.com/bekce/oauthly

Since I only need username/password in my app, I followed the OWASP recommendations for authentication. It’s pretty straightforward and keeps me from having to add a dependency that might not be updated in the future.