How to configure JWTAuthenticator with SocialStateHandler without cookies?


for my SPA/Native apps + backend with silhouette I want to establish JWT authentication using OAuth2 providers (google/facebook).

I’ve configured environment with JWTAuthenticator and initialized JWTAuthenticatorService.

Initialization of OAuth2 providers then requires SocialStateHandler. So I initialized DefaultSocialStateHandler and now Silhouette provides me with CsrfStateItemHandler and UserStateItemHandler. Though I probably don’t need neither of them, do I? First one uses cookies, other one requires defined custom state.

Could you explain which item handler (if any) to use for my JWTAuthenticator? Do I need state handler at all?

used Silhouette 5, Play2.6


The CSRF state handler is always useful. If your app cannot handle cookies then it would be possible to implement a CSRF state handler with a cache that can map a user to a stored item.

The user state handler is only needed if you like to transport some user state through the authentication process. It’s mostly used to save the URL the user should redirected after the login. But it could transport arbitrary data.

Best regards,