I’m currently integrating silhouette into our frontend application. Before we simply used Play’s session to store an identifier and a token to use when querying against our backend system. We are planning on adding a “Remember Me”-functionality, but it is not the cookie-cutter kind, where you can just alter the cookies expiration.
The issue I am having, is that we use a third-party authentication service not a social site, think government. And now I’m using the CookieAuthenticator instead of Play’s session handling. I’m using the stateful cookie approach, since I have to send the token to the backend system for it to authenticate the request. And I therefore can’t one way hash the token on the frontend server. Therefore I’m serializing information to JSON to store in the LoginInfo providerKey. (which feels kind of like a hack, but I have no other way to store information in the cookie.)
Well the migration of that part works fine, but now I want to issue a Remember Me Cookie in addition to the other cookie. But this isn’t supported by Silhouette? The only way to specify which cookie is handled is when the CookieAuthenticatorService is created. The reason I want two cookies, is that the “Remember Me”-functionality only lets you use our login, instead of using the third-party authentication service. I’m not much for mutating the cookie excessively, and therefore would rather have two cookies, is this the wrong mindset?
I thought at first I’d just make two different Environments one for the Login cookie, and one for the Remember Me cookie. But injecting two Silhouette Stacks with different Environments into a controller doesn’t seem intended. Also how would I then handle the SecuredAction for the one cookie compared to the other.
At the moment I’ve done a crazy thing, where my Identity is a case class with just one value which is an Either, and I’ve then made a RequestProvider which checks if the Remember Me cookie is set and the other cookie isn’t, which then returns a Left. The problem with this is it makes any kind of handling in my SecuredActions an absolute mess.