In case you refer to JWT when you say "token-based", you may want to take a look at this example of implementing HTTP Basic Authentication in Play2, and this answer re: how to implement JWT on a Scala backend. The nice part is that you need neither cookies, nor a cache for authenticated users.
Including content from 1st link for convenience:
def Secured[A](username: String, password: String)(action: Action[A]) = Action(action.parser) { request =>
request.headers.get("Authorization").flatMap { authorization =>
authorization.split(" ").drop(1).headOption.filter { encoded =>
new String(org.apache.commons.codec.binary.Base64.decodeBase64(encoded.getBytes)).split(":").toList match {
case u :: p :: Nil if u == username && password == p => true
case _ => false
}
}.map(_ => action(request))
}.getOrElse {
Unauthorized.withHeaders("WWW-Authenticate" -> """Basic realm="Secured"""")
}
}
Use as follows:
def myAction = Secured("admin", "1234secret") {
Action { request =>
Ok
}
}