Skip to content
An authentication plugin for Play Framework 2.x (Java)
Java Scala HTML Other
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

play-authenticate - An extensible authentication plugin for Play 2.0 (Java)

This plugin uses concepts from securesocial2 and Play20StartApp and provides a sample containing code from deadbolt2.


Play Authenticate currently does not work with Play 2.0.2 and prior - you need to use Play 2.1-SNAPSHOT or if you want a prebuild version you can use 2.1-06212012 - which is available in the typesafe repo. If you run sbt and don't specify play.version it should just work out of the box as Build.scala defines this as fallback version.

Live demo

You can find a live demo on heroku and there are some screens on our website.


As of now, the following authentication providers are supported out of the box:

  • Google (OAuth2)
  • Facebook (OAuth2)
  • Foursquare (OAuth2)
  • Email/Password (with email verification, password security/encryption is fully customizable)
  • Your very own authentication provider (LDAP, DB, you-name-it) via an extensible, easy-to-use plugin mechanism based on Play Plugins

The included sample application shows how to use all of those providers.


  • Fully customizable and localizable controllers and views (e.g. Play Authenticate allows you to define your own controllers and views for every visual step of the signup and/or log in process)
  • Completely dynamic URL generation for all views (uses the route file - means you can adapt the look and feel as much as you like).
    • The sample shows how to do this with Twitter bootstrap
  • Linking of accounts (e.g. one local user with multiple authentication providers)
    • Linking can be done automatically or after asking the user (default)
  • Merge detection (e.g. a user created two unconnected local accounts)
    • Account merge can be done automatically or after asking the user (default)
  • Tight deadbolt2 authorization integration (Sample included).
  • HTTPS support (for OAuth2 redirect links and email verification).
  • Verification email used by Email/Password provider is fully customizable and localizable and can be sent in either text or HTML or both.


  • 0.1.3-SNAPSHOT [2012-06-27] bug fixes, state parameter for OAuth2 providers
  • 0.1.2-SNAPSHOT [2012-06-25] bug fixes
  • 0.1.1-SNAPSHOT [2012-06-24] lots of options, refined interface for sample app, etc.
  • 0.1.0 [2012-06-19] Initial release


Copyright (c) 2012 Joscha Feth

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this work except in compliance with the License. You may obtain a copy of the License in the LICENSE file, or at:

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Something went wrong with that request. Please try again.