Abstraction for API auth actions allowing to mix in custom results for each of the different error scenarios.
The auth callback url.
The auth callback url. This is where google will send the user after authentication. This action on this url should invoke processGoogleCallback
Returns true if the authed user is valid in the implementing system (meets your multifactor requirements, you recognise the email etc.).
Returns true if the authed user is valid in the implementing system (meets your multifactor requirements, you recognise the email etc.).
If your implementing application needs to audit logins / register new users etc then this ia also the place to do it (although in this case you should strongly consider setting cacheValidation to true).
true if the user is valid in your app
Action that ensures the user is logged in and validated.
Action that ensures the user is logged in and validated.
This action is for API / XHR type requests where the user can't be sent to the auth provider for auth. In the cases where the auth is not valid response codes are sent to the requesting app and the javascript that initiated the request should handle these appropriately
If the user is not authed then a 401 response is sent, if the auth has expired then a 419 response is sent, if the user is authed but not allowed to perform the action a 403 is sent
If the user is authed or has an expiry extension, a 200 is sent
Action that ensures the user is logged in and validated.
Action that ensures the user is logged in and validated.
This action is for page load type requests where it is possible to send the user for auth and for them to interact with the auth provider. For API / XHR type requests use the APIAuthAction
if the user is not authed or the auth has expired they are sent for authentication
A Play session key that stores the target URL that was being accessed when redirected for authentication
Adding an expiry extension to APIAuthAction
s allows for a delay between an applications authentication and their
respective API XHR calls expiring.
Adding an expiry extension to APIAuthAction
s allows for a delay between an applications authentication and their
respective API XHR calls expiring.
By default this is 0 and thus disabled.
This is particularly useful for SPAs where users have third party cookies disabled.
the amount of delay between App and API expiry in milliseconds
By default the validity of the user is checked every request.
By default the validity of the user is checked every request. If your validateUser implementation is expensive or has side effects you can override this to true and validity will only be checked the first time the user visits your app after their login is established.
Note the the cache is invalidated after the user's session is re-established with google.
true if you want to only check the validity of the user once for the lifetime of the user's auth session
Extract the authentication status from the request.
Generates the message shown to the user when user validation fails.
Generates the message shown to the user when user validation fails. override this to add a custom error message
starts the authentication process for a user.
starts the authentication process for a user. By default this just sends the user off to google for auth but if you want to show welcome page with a button on it then override.
invoked when the user is not logged in a can't be authed - this may be when the user is not valid in yur system or when they have exoplicitly logged out.
invoked when the user is not logged in a can't be authed - this may be when the user is not valid in yur system or when they have exoplicitly logged out.
Override this to add a logged out screen and display maeesages for your app. The default implementation is to ust return a 403 response