
Research
Security News
Lazarus Strikes npm Again with New Wave of Malicious Packages
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
com.nulab-inc:scala-oauth2-core_2.12
Advanced tools
OAuth 2.0 server-side implementation written in Scala
The OAuth 2.0 server-side implementation written in Scala.
This provides OAuth 2.0 server-side functionality and supporting function for Play Framework and Akka HTTP.
The idea of this library originally comes from oauth2-server which is Java implementation of OAuth 2.0.
This library supports all grant types.
and an access token type called Bearer.
See the project
See the project
Add scala-oauth2-core
library dependencies of your project.
In this case, you need to implement your own OAuth provider working with web framework you use.
libraryDependencies ++= Seq(
"com.nulab-inc" %% "scala-oauth2-core" % "1.6.0"
)
Whether you use Play Framework or not, you have to implement DataHandler
trait and make it work with your own User
class that may be already defined in your application.
case class User(id: Long, name: String, hashedPassword: String)
class MyDataHandler extends DataHandler[User] {
def validateClient(maybeClientCredential: Option[ClientCredential], request: AuthorizationRequest): Future[Boolean] = ???
def findUser(maybeClientCredential: Option[ClientCredential], request: AuthorizationRequest): Future[Option[User]] = ???
def createAccessToken(authInfo: AuthInfo[User]): Future[AccessToken] = ???
def getStoredAccessToken(authInfo: AuthInfo[User]): Future[Option[AccessToken]] = ???
def refreshAccessToken(authInfo: AuthInfo[User], refreshToken: String): Future[AccessToken] = ???
def findAuthInfoByCode(code: String): Future[Option[AuthInfo[User]]] = ???
def findAuthInfoByRefreshToken(refreshToken: String): Future[Option[AuthInfo[User]]] = ???
def deleteAuthCode(code: String): Future[Unit] = ???
def findAccessToken(token: String): Future[Option[AccessToken]] = ???
def findAuthInfoByAccessToken(accessToken: AccessToken): Future[Option[AuthInfo[User]]] = ???
}
If your data access is blocking for the data storage, then you just wrap your implementation in the DataHandler
trait with Future.successful(...)
.
For more details, refer to Scaladoc of DataHandler
.
DataHandler
returns AuthInfo
as authorized information.
AuthInfo
is made up of the following fields.
case class AuthInfo[User](
user: User,
clientId: Option[String],
scope: Option[String],
redirectUri: Option[String],
codeChallenge: Option[String] = None,
codeChallengeMethod: Option[CodeChallengeMethod] = None
)
user
is authorized by DataHandlerclientId
which is sent from a client has been verified by DataHandler
clientId
as below
val clientId = authInfo.clientId.getOrElse(throw new InvalidClient())
FAQs
OAuth 2.0 server-side implementation written in Scala
We found that com.nulab-inc:scala-oauth2-core_2.12 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
Security News
Socket CEO Feross Aboukhadijeh discusses the open web, open source security, and how Socket tackles software supply chain attacks on The Pair Program podcast.
Security News
Opengrep continues building momentum with the alpha release of its Playground tool, demonstrating the project's rapid evolution just two months after its initial launch.