Auth0 decoupled client-side / server-side

0
votes

I am developing an App that has a server side using Play Framework Scala, and a client side AngularJS.

I want to manage authentication only on the server side because I will have to secure both the API and the application itself and I want to keep the sessions "centralized" on my server.

But since I am not using Play Framework view templating (to keep my client side and my server side independant), I cannot pass the user profile information to the client side as it is done in the examples.

I tried to list my Cache and my Cookie keys on my Angular template but I can't seem to find anything there.

Is there any way I can grab the session information using Angular? having the session requested and managed by Play Framework ? (I cannot find it anywhere on the docs)

Here is how I render my Angular client side front page (Play framework only does the API routing and this front page routing)

  def frontPage() = AuthenticatedAction {
    request =>
      val idToken = request.session.get("idToken").get
      val profile = cache.get[JsValue](idToken + "profile").get
      Ok.sendFile(content = new File("./public/layout.html"), inline = true).as("text/html")
  }

Here is how it is done on the docs example :

def index = AuthenticatedAction { request =>
  val idToken = request.session.get("idToken").get
  val profile = Cache.getAs[JsValue](idToken + "profile").get
  Ok(views.html.user(profile))
}

I would need to get that "profile" across to my template, but I don't want to have scala html templates : I want to keep using pure Angular templates to keep my client / server sides independants (only communicating through an API)

EDIT 21/06/2016: I did not find a way to grab my session information directly from Angular, but I was able to return it by extending my API and I like that solution better ! see https://stackoverflow.com/a/37942787/4884034

2
angularjsscalaplayframeworkauth0

2 Answers

1
votes

You can render it to the client side with:

Ok
  .sendFile(content = new File("./public/layout.html"), inline = true).as("text/html")
  .withSession(session)

or .withCookies(cookie)

0
votes

So, thanks to @Simon for pointing me in the right direction.

I am now sending a session after the login :

  Ok.sendFile(content = new File("./public/layout.html"), inline = true).as("text/html").withSession("connected" -> profile.toString())

I was not able to get the session directly from Angular, so what I did instead is I updated my API to have an action returning the Session information :

  def getSession = Action { request =>
    request.session.get("connected").map {
      user => Ok(Json.parse(user))
    }.getOrElse {
      Unauthorized("Oops, you are not connected")
    }
  }

(in routes :

## USER SESSION
GET        /api/session                      controllers.Callback.getSession

)

That way I can call the API to get my session information on my client side, may it be Angular, a mobile app or any kind of application that reads JSON.

Example of JSON returned :

{"email":"[email protected]","email_verified":false,"clientID":"MvM2wHRX2rMKp5s3UXXXXXXXX","updated_at":"2016-06-21T10:59:49.730Z","picture":"https://s.gravatar.com/avatar/e91d5ae3XXXXXXXXXXX?s=480&r=pg&d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fda.png","user_id":"auth0|5XXXXXXXXX47b1b07d","name":"[email protected]","nickname":"XXX","identities":[{"user_id":"5767bea338XXXXXX","provider":"auth0","connection":"Username-Password-Authentication","isSocial":false}],"created_at":"2016-06-20T10:00:03.921Z","sub":"auth0|5767beXXXXXXX"}

I hope it will help anyone trying to have a decoupled Play Framework server side from its client side !