Silhouette

OAuth1 token secret

CookieSecret

To configure the CookieSecret provider you must use the CookieSecretSettings class. This class has the following form:

case class CookieSecretSettings(
  cookieName: String = "OAuth1TokenSecret",
  cookiePath: String = "/",
  cookieDomain: Option[String] = None,
  secureCookie: Boolean = true,
  httpOnlyCookie: Boolean = true,
  expirationTime: FiniteDuration = 5 minutes)
PropertyDescription
`cookieNameThe cookie name
cookiePathThe cookie path
cookieDomainThe cookie domain
secureCookieWhether this cookie is secured, sent only for HTTPS requests

Note:
This should be disabled for testing on localhost without SSL, otherwise cookie couldn't be set
httpOnlyCookieWhether this cookie is HTTP only, i.e. not accessible from client-side JavaScript code
expirationTimeSecret expiration. Defaults to 5 minutes which provides sufficient time to log in, but not too much. This is a balance between convenience and security

Example

oauth1TokenSecretProvider.cookieName = "OAuth1TokenSecret"
oauth1TokenSecretProvider.cookiePath = "/"
oauth1TokenSecretProvider.secureCookie = false
oauth1TokenSecretProvider.httpOnlyCookie = true
oauth1TokenSecretProvider.expirationTime = 5 minutes

Updated less than a minute ago


OAuth1 token secret


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.