You could use a module called SecureSocial.

您可以使用名为 SecureSocial 的模块。

https://github.com/jaliss/securesocial/

https://github.com/jaliss/securesocial/

This one is quite refined and many people in Play community seem to be aware/using this module.

这个非常精致，Play 社区中的许多人似乎都知道/使用这个模块。

For authorization might be useful. https://github.com/schaloner/deadbolt-2/

对于授权可能有用。 https://github.com/schaloner/deadbolt-2/

For end to end scala stuff, https://github.com/t2v/play20-auth

对于端到端的Scala内容， https://github.com/t2v/play20-auth

I ported Apache Amber to Play2 Scala, here is the link: https://github.com/cleanyong/oauth2play2scala

我将 Apache Amber 移植到 Play2 Scala，这里是链接：https: //github.com/cleanyong/oauth2play2scala

The reason to port Apache Amber is:

移植 Apache Amber 的原因是：

1. it been tested
2. better than home made
3. it fit Play2 Scala API
4. easy to use
5. not intrusive

1. 它已经过测试
2. 比自制的好
3. 它适合 Play2 Scala API
4. 使用方便
5. 不打扰

If you want to setup oauth2 server on your site, you can try use my port. It has document.

如果您想在您的站点上设置 oauth2 服务器，您可以尝试使用我的端口。它有文件。

Basically, the standard flow is the following:

基本上，标准流程如下：

1. on each request, check in the cookie ("session" in the Play! dialect) if it contains an id
2. if not, ask the user to authenticate with the provider (Facebook or something else)
3. If ok, the provider will return an id, save this id in your persistence system (registration), and in the current cookie/session
4. on the next requests, check if the id exists in the cookie/session and corresponds to an existing user in your persistence system
5. To "logout", just clear the cookie/session

1. 在每个请求中，检查 cookie（Play! 方言中的“session”）是否包含 id
2. 如果没有，请要求用户向提供商（Facebook 或其他）进行身份验证
3. 如果没问题，提供者将返回一个 id，将此 id 保存在您的持久性系统（注册）中，以及当前的 cookie/session 中
4. 在接下来的请求中，检查 cookie/session 中是否存在 id 并且对应于持久性系统中的现有用户
5. 要“注销”，只需清除 cookie/会话

If you want more details, just ask :-)

如果您想了解更多详细信息，请询问:-)

OAuth is an Authorization Protocol, so if you're looking at a Authentication Solution, this might not be the one.

OAuth 是一种授权协议，所以如果您正在寻找一种身份验证解决方案，这可能不是一个。

You're question saying the consumer of the API will be various application. This lead to 2 scenarios,

您的问题是说 API 的使用者将是各种应用程序。这导致了 2 个场景，

 1. Where there is no end user involved (grant_type: client_credential)  
 2. Where end-user can consume these APIs on multiple Application (Owned by your Org) (grant_type: implicit/password)
 3. Where end-user can consume these APIs via third Party Applications.(authrization_code)

To support OAuth Eco-System you need a Key Management System. To,

要支持 OAuth 生态系统，您需要一个密钥管理系统。到，

1. Generate Key/Secret for Apps.
2. Generating AccessToken/Refresh_token/authorization_code

1. 为应用程序生成密钥/秘密。
2. 生成 AccessToken/Refresh_token/authorization_code

now coming to endpoint you would have to expose,

现在来到端点，您将不得不公开，

3-Legged OAuth
GET     /authorize  authorize{entry point/ initiate oauth}  
    Sample Call: http://YourAPIService.com/authorize?response_type=code&client_id=GG1IbStzH45ajx9cEeILqjFt&scope=READ&redirect_uri=www.google.com

    GET     /login  login (Call Page for login App, 302 redirected from /authorize)     
Sample Call: http://YourAPIService.com/v1/oauth20/login?response_type=code&client_id=GG1IbStzH45ajx9cEeILqjFt&scope=READ&redirect_uri=www.google.com

    POST    /dologin    consentPage     http://YourAPIService.com/dologin 
    Submit the credential, On success, render the application page 

    POST    /grantpermission    consentSubmission   http://YourAPIService.com/grantpermission
Permission has been granted/declined. Send a 302 to generate authorization_code 

    GET      /code          AuthorizationCode {To generate auth code}
    Sample Call: http://YourAPIService.com/code?client_id=GG1IbStzH45ajx9cEeILqjFt&response_type=code&[email protected]&redirect_uri=www.google.com

    POST    /token  GenerateAccessToken     http://YourAPIService.com/token 
Sample call: http://kohls-test.mars.apigee.net/v1/oauth20/token
Header: Authorization: Basic R0cxSWJTdHpINDVhang5Y0VlSUxxalFj its generated with apps Api Key & Secret.
Payload: 
grant_type=authorization_code&scope=x&redirect_uri=www.google.com&code=abc123

Otherwise simplest/robust solution would be, http://apigee.com

否则最简单/强大的解决方案是， http://apigee.com

You can use existing OAuth ecosystem of Apigee.

您可以使用 Apigee 的现有 OAuth 生态系统。

I did not try it myself , but how about tuxdnamodule. As in the github repo it says:

我自己没有尝试过，但是tuxdna模块如何。正如在 github 存储库中所说：

OAuth2 Server using Play! 2.0 Framework

使用 Play! 的 OAuth2 服务器 2.0 框架

I hope this helps

我希望这有帮助

You can try using this template for play that combines OAuth 2 provider with Deadbolt. The OAuth scope maps to the Deadbolt permission and role concept. It uses Redis to store access tokens, and they expire automatically after the time period you configure.

您可以尝试使用此模板进行结合 OAuth 2 提供程序和 Deadbolt 的游戏。OAuth 范围映射到 Deadbolt 权限和角色概念。它使用 Redis 来存储访问令牌，它们会在您配置的时间段后自动过期。

https://github.com/lglossman/scala-oauth2-deadbolt-redis

https://github.com/lglossman/scala-oauth2-deadbolt-redis

I had the same problem, what I did ( I suppose It's not the best solution) was, to place the methods of the REST server, inside an "@Security.Authenticated(Secure.class)" , and, use a session cookie (which also was registered inside a Hash table in backend). The session cookie was generated after user sign-in

我遇到了同样的问题，我所做的（我认为这不是最好的解决方案）是将 REST 服务器的方法放在 "@Security.Authenticated(Secure.class)" 中，并使用会话 cookie (它也注册在后端的哈希表中）。会话 cookie 是在用户登录后生成的

I post code:

package controllers;

import ...;

@Security.Authenticated(Secured.class)
public class ExampleController extends Controller {

    public static String currentUserEmail() {

 ... return json after checking that 'session("id")' exists in the loggedin users hash table... 

}

and

和

package controllers;

import ...;

public class Secure extends Security.Authenticator {

    @Override
    public String getUserId(Http.Context context) {
        return context.session().get("user_id");
    }
...
}

Hope this helps

希望这可以帮助