Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Ember and OAuth
Search
Matthew Rudy Jacobs
January 15, 2014
Technology
6
840
Ember and OAuth
A brief tour of OAuth2 and it's use with Ember and other Client-side frameworks
Matthew Rudy Jacobs
January 15, 2014
Tweet
Share
More Decks by Matthew Rudy Jacobs
See All by Matthew Rudy Jacobs
From Developer to Architect (and back again)
matthewrudy
3
220
Humans are Hard
matthewrudy
0
120
[Alpha] Humans Are Hard
matthewrudy
0
86
From Developer To Architect
matthewrudy
0
66
Git Commit Signing: Code we can trust?
matthewrudy
0
160
We Need To Talk About Postgres
matthewrudy
0
79
Coding as a Team At GoGoVan
matthewrudy
3
410
10 Years of Code
matthewrudy
0
98
Elixir - Part 1
matthewrudy
1
180
Other Decks in Technology
See All in Technology
開発生産性向上! 育成を「改善」と捉えるエンジニア育成戦略
shoota
2
350
Amazon SageMaker Unified Studio(Preview)、Lakehouse と Amazon S3 Tables
ishikawa_satoru
0
150
Google Cloud で始める Cloud Run 〜AWSとの比較と実例デモで解説〜
risatube
PRO
0
100
1等無人航空機操縦士一発試験 合格までの道のり ドローンミートアップ@大阪 2024/12/18
excdinc
0
160
2024年にチャレンジしたことを振り返るぞ
mitchan
0
140
NilAway による静的解析で「10 億ドル」を節約する #kyotogo / Kyoto Go 56th
ytaka23
3
380
Snowflake女子会#3 Snowpipeの良さを5分で語るよ
lana2548
0
230
生成AIをより賢く エンジニアのための RAG入門 - Oracle AI Jam Session #20
kutsushitaneko
4
230
PHPからGoへのマイグレーション for DMMアフィリエイト
yabakokobayashi
1
170
継続的にアウトカムを生み出し ビジネスにつなげる、 戦略と運営に対するタイミーのQUEST(探求)
zigorou
0
540
Postman と API セキュリティ / Postman and API Security
yokawasa
0
200
Amazon VPC Lattice 最新アップデート紹介 - PrivateLink も似たようなアップデートあったけど違いとは
bigmuramura
0
190
Featured
See All Featured
Embracing the Ebb and Flow
colly
84
4.5k
Adopting Sorbet at Scale
ufuk
73
9.1k
Code Review Best Practice
trishagee
65
17k
Automating Front-end Workflow
addyosmani
1366
200k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
1.9k
Raft: Consensus for Rubyists
vanstee
137
6.7k
Keith and Marios Guide to Fast Websites
keithpitt
410
22k
Building a Scalable Design System with Sketch
lauravandoore
460
33k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
6
520
Writing Fast Ruby
sferik
628
61k
jQuery: Nuts, Bolts and Bling
dougneiner
61
7.5k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.1k
Transcript
Ember & OAuth Matthew Rudy Jacobs Wednesday 15th January 2014
@ EmberLondon
@matthewrudy
cronycle.com
The Goal
Authenticate via a 3rd party
Obtain access to a 3rd party API
The Tool
OAuth2 http://tools.ietf.org/html/rfc6749
“The Road to Hell”?
Actually it’s alright
4 Different Flows otherwise known as “grant types”
4 Grant Types • Authorization Code • Implicit • Resource
Owner Password Credentials • Client Credentials
Authorization Code
Authorization Code
Authorization Code auth code access token /auth?code=abc123
Implicit
Implicit S3
Implicit S3 access token /auth#access_token=abc123
Password
Password
Password access token { access_token: “abc123” }
Client Credentials
Client Credentials
Implicit Grant Flow this is what we want!
ember-oauth2
None
Initiate the Auth
Sign in with Github
We have a token
Except we don’t!
This is not Implicit!
This is not Implicit! /callback?code=…
This is not Implicit! /callback?code=… /callback#access_token=…
Github doesn’t do Implicit Grant!
Github suggests you use passwords
TLDR; pure client-side OAuth is poorly supported
But what about a hybrid approach?
Authorization Code Flow (as an API) ❤️
Stick Ember in the middle
The Concept
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?…
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?… callback POST /oauths {access_token: “abc123”}
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?… callback POST /oauths {access_token: “abc123”}
Hack it together!
OAuth API Client
Handled in a Route
Easy right?
Thanks
@matthewrudy