SilhouetteModule 5.0


Does anyone have a good SilhouetteModule example using the new 5.0 release candidate? A number of things have changed including: ExecutionContext injection, introduction of AuthenticatorEncoder, move to SocialStateHandler inside {Facebook, Google, etc.}Providers.

Would be great to have an example of the standard bindings for the community, similar to what is in


Yep…this one is hard to figure out without examples. The architecture of 5.0 vs. 4.0 has changed pretty fundamentally, wherein you need to match a Crypter (since Play has done away with Crypters), a SocialStateHandler, and all the associated settings.

Would love to see one of the seed projects upgraded to 5.0 so that the rest of us can figure this out!


There is no fundamental change from 4 to 5. The crypto implementation has also not changed from 4 to 5. The parts mentioned in the migration guide plus the social state handler part has changed. The changes itself should be really straight forward if you look at the constructor signatures of the classes.

Anyway, I’ll see if I find the time, to polish the documentation and update the seed template for 5.0, in the next few days.

Best regards,


Im in the same boat. Probably I’ve bitten off more than I can chew by trying to learn Scala/Slick/Play/Silhouette all at once. I’ve managed to get the OAuth2 handshake piece working but still having trouble getting a working SocialStateHandler setup so cookies will be created properly etc. Definitely looking forward to an updated SilhouetteModule example :slight_smile:


Also @akkie FWIW, I’m seeing a Base64 decoding issue when trying to use a CsrfStateItemHandler. Probably I’m doing something terribly wrong, but in case its a legitmate bug:

Im stepping through the code and it seems like when CsrfStateItem serializes ItemStructure, it should be base64 encoding but isn’t, which causes deserialization to fail on the round trip. Looking at the commit history I noticed that ItemStructure.toString got renamed to ItemStructure.asString…wondering if that could be causing it.

I extended DefaultSocialStateHandler and overrode serialize to look like this:

override def serialize(state: SocialState): String = {
      .flatMap(i => handlers
        .flatMap(h => h.canHandle(i)

And the cookie started working, more or less, so def seems like a bug.


@halfhp Could you please create an issue or provide a pull request with a fix?


@akkie Like I said, I’m a neophyte when it comes to this stuff so I was hoping to get some guidance on whether or not this was actually a bug or me attempting to use the library incorrectly.

In any case I went ahead and submitted a bug along with a PR for the fix above (applied to DefaultSocialStateHandler instead).



Thanks @akkie. While there may not be many fundamental changes from 4 to 5, for the SilhouetteModule many of us use as an example of Silhouette + dependency injection, the bindings for Crypter, AuthenticatorEncoder, CookieSigner and OAuth2StateProvider/SocialStateHandler, PasswordHasher => PasswordHasherRegistry have changed.

In short, we could use a good working example + .conf file from you :slight_smile:


Waiting for a Play 2.6 compatible release of play-bootstrap.


FYI: Play-bootstrap 2.6 was released yesterday…


Play 2.6 was released over the weekend and I can get my Play project to compile but have a large number of Unable to create injector errors from SilhoutteModule.scala when I try to run it. Will post if I can get it working but in the interim if anybody has a working SilhouetteModule 5.0 it would probably save a lot of people a lot of time.


My template/seed project Boilerplay is now updated to use Scala 2.12 and Play 2.6 with the Silhouette snapshot. I’m still working on one issue, but that should point you in the right direction.


I’ve update the seed template for version Silhouette 5.0.0-RC1. There is an issue with the tests that I must fix in the next week. But overall it should show how the module should be implemented.


Is there an existing seed working with Silhouette 5.0, client-side authentication and any oauth2 framework? I cannot find this combination unfortunately :-(.


No there exists currently no seed.