Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Ember and OAuth
Search
Matthew Rudy Jacobs
January 15, 2014
Technology
6
840
Ember and OAuth
A brief tour of OAuth2 and it's use with Ember and other Client-side frameworks
Matthew Rudy Jacobs
January 15, 2014
Tweet
Share
More Decks by Matthew Rudy Jacobs
See All by Matthew Rudy Jacobs
From Developer to Architect (and back again)
matthewrudy
3
220
Humans are Hard
matthewrudy
0
130
[Alpha] Humans Are Hard
matthewrudy
0
90
From Developer To Architect
matthewrudy
0
69
Git Commit Signing: Code we can trust?
matthewrudy
0
170
We Need To Talk About Postgres
matthewrudy
0
82
Coding as a Team At GoGoVan
matthewrudy
3
420
10 Years of Code
matthewrudy
0
100
Elixir - Part 1
matthewrudy
1
180
Other Decks in Technology
See All in Technology
Amazon EKS Auto ModeでKubernetesの運用をシンプルにする
sshota0809
0
130
GitHub MCP Serverを使って Pull Requestを作る、レビューする
hiyokose
2
310
Enterprise AI in 2025?
pamelafox
0
120
コンソールで学ぶ!AWS CodePipelineの機能とオプション
umekou
3
130
Startups On Rails 2025 @ Tropical on Rails
irinanazarova
0
150
SSH公開鍵認証による接続 / Connecting with SSH Public Key Authentication
kaityo256
PRO
2
250
ペアプログラミングにQAが加わった!職能を超えたモブプログラミングの事例と学び
tonionagauzzi
1
150
20250326_管理ツールの権限管理で改善したこと
sasata299
1
550
DevinはクラウドエンジニアAIになれるのか!? 実践的なガードレール設計/devin-can-become-a-cloud-engineer-ai-practical-guardrail-design
tomoki10
3
1.5k
Symfony in 2025: Scaling to 0
fabpot
2
260
AWSエンジニアがSAPのデータ抽出してみた
mayumi_hirano
0
100
モノリスの認知負荷に立ち向かう、コードの所有者という思想と現実
kzkmaeda
0
120
Featured
See All Featured
Typedesign – Prime Four
hannesfritz
41
2.6k
Intergalactic Javascript Robots from Outer Space
tanoku
270
27k
The Invisible Side of Design
smashingmag
299
50k
Optimizing for Happiness
mojombo
377
70k
Stop Working from a Prison Cell
hatefulcrawdad
268
20k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
30k
Six Lessons from altMBA
skipperchong
27
3.7k
Being A Developer After 40
akosma
90
590k
Side Projects
sachag
452
42k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.4k
StorybookのUI Testing Handbookを読んだ
zakiyama
28
5.6k
Transcript
Ember & OAuth Matthew Rudy Jacobs Wednesday 15th January 2014
@ EmberLondon
@matthewrudy
cronycle.com
The Goal
Authenticate via a 3rd party
Obtain access to a 3rd party API
The Tool
OAuth2 http://tools.ietf.org/html/rfc6749
“The Road to Hell”?
Actually it’s alright
4 Different Flows otherwise known as “grant types”
4 Grant Types • Authorization Code • Implicit • Resource
Owner Password Credentials • Client Credentials
Authorization Code
Authorization Code
Authorization Code auth code access token /auth?code=abc123
Implicit
Implicit S3
Implicit S3 access token /auth#access_token=abc123
Password
Password
Password access token { access_token: “abc123” }
Client Credentials
Client Credentials
Implicit Grant Flow this is what we want!
ember-oauth2
None
Initiate the Auth
Sign in with Github
We have a token
Except we don’t!
This is not Implicit!
This is not Implicit! /callback?code=…
This is not Implicit! /callback?code=… /callback#access_token=…
Github doesn’t do Implicit Grant!
Github suggests you use passwords
TLDR; pure client-side OAuth is poorly supported
But what about a hybrid approach?
Authorization Code Flow (as an API) ❤️
Stick Ember in the middle
The Concept
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?…
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?… callback POST /oauths {access_token: “abc123”}
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?… callback POST /oauths {access_token: “abc123”}
Hack it together!
OAuth API Client
Handled in a Route
Easy right?
Thanks
@matthewrudy