Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Ember and OAuth
Search
Matthew Rudy Jacobs
January 15, 2014
Technology
6
830
Ember and OAuth
A brief tour of OAuth2 and it's use with Ember and other Client-side frameworks
Matthew Rudy Jacobs
January 15, 2014
Tweet
Share
More Decks by Matthew Rudy Jacobs
See All by Matthew Rudy Jacobs
From Developer to Architect (and back again)
matthewrudy
3
220
Humans are Hard
matthewrudy
0
110
[Alpha] Humans Are Hard
matthewrudy
0
86
From Developer To Architect
matthewrudy
0
63
Git Commit Signing: Code we can trust?
matthewrudy
0
150
We Need To Talk About Postgres
matthewrudy
0
72
Coding as a Team At GoGoVan
matthewrudy
3
400
10 Years of Code
matthewrudy
0
96
Elixir - Part 1
matthewrudy
1
160
Other Decks in Technology
See All in Technology
20240509 CloudWatch でいろいろなものを監視してみよう
masaruogura
1
120
kcp: Kubernetes APIs Are All You Need #techfeed_live / TechFeed Experts Night 28th
ytaka23
1
190
Zero Data Loss Autonomous Recovery Service サービス概要
oracle4engineer
PRO
0
2k
Deno で作る快適な “as Code” プラットフォーム – TSKaigi 2024
pizzacat83
4
310
テストコードを書きながらCompose Multiplatformを乗りこなす
subroh0508
0
140
SWC Transformerから見るTypeScript関数記述ベストプラクティス
fujiyamaorange
1
170
Shinagile 2024
kawaguti
PRO
2
120
AWSの生成AI入門書を執筆しました🎉
minorun365
PRO
0
140
QAエンジニアが伝えたい品質保証の羅針盤 / Compass for Quality Assurance
mii3king
1
330
Dungeons and Dragons and Rails
joelq
0
230
Autonomous Database Cloud 技術詳細 / adb-s_technical_detail_jp
oracle4engineer
PRO
15
36k
The depthes of profiling Ruby - RubyKaigi 2024
osyoyu
0
140
Featured
See All Featured
Debugging Ruby Performance
tmm1
70
11k
Large-scale JavaScript Application Architecture
addyosmani
504
110k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
221
21k
Atom: Resistance is Futile
akmur
260
25k
Web development in the modern age
philhawksworth
203
10k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
26
2.3k
Bootstrapping a Software Product
garrettdimon
PRO
302
110k
Pencils Down: Stop Designing & Start Developing
hursman
117
11k
Building Better People: How to give real-time feedback that sticks.
wjessup
356
18k
[RailsConf 2023] Rails as a piece of cake
palkan
28
4.1k
How to name files
jennybc
65
94k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
8
3.5k
Transcript
Ember & OAuth Matthew Rudy Jacobs Wednesday 15th January 2014
@ EmberLondon
@matthewrudy
cronycle.com
The Goal
Authenticate via a 3rd party
Obtain access to a 3rd party API
The Tool
OAuth2 http://tools.ietf.org/html/rfc6749
“The Road to Hell”?
Actually it’s alright
4 Different Flows otherwise known as “grant types”
4 Grant Types • Authorization Code • Implicit • Resource
Owner Password Credentials • Client Credentials
Authorization Code
Authorization Code
Authorization Code auth code access token /auth?code=abc123
Implicit
Implicit S3
Implicit S3 access token /auth#access_token=abc123
Password
Password
Password access token { access_token: “abc123” }
Client Credentials
Client Credentials
Implicit Grant Flow this is what we want!
ember-oauth2
None
Initiate the Auth
Sign in with Github
We have a token
Except we don’t!
This is not Implicit!
This is not Implicit! /callback?code=…
This is not Implicit! /callback?code=… /callback#access_token=…
Github doesn’t do Implicit Grant!
Github suggests you use passwords
TLDR; pure client-side OAuth is poorly supported
But what about a hybrid approach?
Authorization Code Flow (as an API) ❤️
Stick Ember in the middle
The Concept
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?…
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?… callback POST /oauths {access_token: “abc123”}
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?… callback POST /oauths {access_token: “abc123”}
Hack it together!
OAuth API Client
Handled in a Route
Easy right?
Thanks
@matthewrudy