In this recipe, we integrate the widely-used user authentication strategy, Token authentication, with authenticate requests to protected Play actions and endpoints. We will use the open source library, nimbus-jose-jwt, by Connect2Id to sign-in and verify JWT for successful user logins.
Subsequent requests to other protected endpoints and actions will now only require the JWT to be added to the request header using the authorization header. Signed JWTs will, however, have a prescribed expiration date and we will ensure that we validate this for each JWT signed request.
More information about Connect2id and nimbus-jose-jwt can be found here:
More information ...