Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Ember and OAuth
Search
Matthew Rudy Jacobs
January 15, 2014
Technology
6
830
Ember and OAuth
A brief tour of OAuth2 and it's use with Ember and other Client-side frameworks
Matthew Rudy Jacobs
January 15, 2014
Tweet
Share
More Decks by Matthew Rudy Jacobs
See All by Matthew Rudy Jacobs
From Developer to Architect (and back again)
matthewrudy
3
210
Humans are Hard
matthewrudy
0
110
[Alpha] Humans Are Hard
matthewrudy
0
84
From Developer To Architect
matthewrudy
0
63
Git Commit Signing: Code we can trust?
matthewrudy
0
150
We Need To Talk About Postgres
matthewrudy
0
72
Coding as a Team At GoGoVan
matthewrudy
3
400
10 Years of Code
matthewrudy
0
95
Elixir - Part 1
matthewrudy
1
160
Other Decks in Technology
See All in Technology
Discord とビルダー&チャットボットの使い方 / How to use Discord and Builder & Chatbots
ks91
PRO
0
160
JAWS-UG Bedrock Claude Night
yamahiro
3
400
現代CSSフレームワークの内部実装とその仕組み
poteboy
8
3.4k
Kernel MemoryでAzure OpenAI Serviceとお手軽データソース連携
mitsuzono
1
140
ワールドカフェI /チューターを改良する / World Café I and Improving the Tutors
ks91
PRO
0
110
アクセシビリティを考慮したUI/CSSフレームワーク・ライブラリ選定
yajihum
2
970
オーナーシップを持つ領域を明確にする
konifar
13
3k
4年前、あるじゃん老害エンジニアLT合戦に登壇、米国西海岸コンピュータ歴史博物館体験記の続編
toshi_atsumi
0
220
LLM とプロンプトエンジニアリング/チューターをビルドする / LLM and Prompt Engineering and Building Tutors
ks91
PRO
0
250
Hands-on / Kaname Frusawa / Cloud Compare Users Meetup 2024 at University of Tokyo on April 17
paraworld
2
480
[PlatformCon 24] Platform Orchestrators: The Missing Middle of Internal Developer Platforms?
danielbryantuk
1
760
コンパウンドスタートアップのためのスケーラブルでセキュアなInfrastructure as Codeパイプラインを考える / Scalable and Secure Infrastructure as Code Pipeline for a Compound Startup
yuyatakeyama
3
4.5k
Featured
See All Featured
Making the Leap to Tech Lead
cromwellryan
123
8.5k
How to train your dragon (web standard)
notwaldorf
72
5.1k
Robots, Beer and Maslow
schacon
PRO
155
7.9k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
226
51k
How GitHub (no longer) Works
holman
304
140k
Side Projects
sachag
451
41k
4 Signs Your Business is Dying
shpigford
175
21k
A Philosophy of Restraint
colly
196
16k
Happy Clients
brianwarren
91
6.4k
For a Future-Friendly Web
brad_frost
171
8.9k
Why Our Code Smells
bkeepers
PRO
331
56k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
119
39k
Transcript
Ember & OAuth Matthew Rudy Jacobs Wednesday 15th January 2014
@ EmberLondon
@matthewrudy
cronycle.com
The Goal
Authenticate via a 3rd party
Obtain access to a 3rd party API
The Tool
OAuth2 http://tools.ietf.org/html/rfc6749
“The Road to Hell”?
Actually it’s alright
4 Different Flows otherwise known as “grant types”
4 Grant Types • Authorization Code • Implicit • Resource
Owner Password Credentials • Client Credentials
Authorization Code
Authorization Code
Authorization Code auth code access token /auth?code=abc123
Implicit
Implicit S3
Implicit S3 access token /auth#access_token=abc123
Password
Password
Password access token { access_token: “abc123” }
Client Credentials
Client Credentials
Implicit Grant Flow this is what we want!
ember-oauth2
None
Initiate the Auth
Sign in with Github
We have a token
Except we don’t!
This is not Implicit!
This is not Implicit! /callback?code=…
This is not Implicit! /callback?code=… /callback#access_token=…
Github doesn’t do Implicit Grant!
Github suggests you use passwords
TLDR; pure client-side OAuth is poorly supported
But what about a hybrid approach?
Authorization Code Flow (as an API) ❤️
Stick Ember in the middle
The Concept
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?…
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?… callback POST /oauths {access_token: “abc123”}
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?… callback POST /oauths {access_token: “abc123”}
Hack it together!
OAuth API Client
Handled in a Route
Easy right?
Thanks
@matthewrudy