Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Ember and OAuth
Search
Matthew Rudy Jacobs
January 15, 2014
Technology
6
850
Ember and OAuth
A brief tour of OAuth2 and it's use with Ember and other Client-side frameworks
Matthew Rudy Jacobs
January 15, 2014
Tweet
Share
More Decks by Matthew Rudy Jacobs
See All by Matthew Rudy Jacobs
From Developer to Architect (and back again)
matthewrudy
3
230
Humans are Hard
matthewrudy
0
130
[Alpha] Humans Are Hard
matthewrudy
0
93
From Developer To Architect
matthewrudy
0
75
Git Commit Signing: Code we can trust?
matthewrudy
0
180
We Need To Talk About Postgres
matthewrudy
0
88
Coding as a Team At GoGoVan
matthewrudy
3
430
10 Years of Code
matthewrudy
0
110
Elixir - Part 1
matthewrudy
1
190
Other Decks in Technology
See All in Technology
Jamf Connect ZTNAとMDMで実現! 金融ベンチャーにおける「デバイストラスト」実例と軌跡 / Kyash Device Trust
rela1470
1
190
【OptimizationNight】数理最適化のラストワンマイルとしてのUIUX
brainpadpr
1
450
データモデリング通り #2オンライン勉強会 ~方法論の話をしよう~
datayokocho
0
150
Amazon Q Developerを活用したアーキテクチャのリファクタリング
k1nakayama
2
210
Lambda management with ecspresso and Terraform
ijin
2
160
マルチプロダクト×マルチテナントを支えるモジュラモノリスを中心としたアソビューのアーキテクチャ
disc99
1
450
ユーザー課題を愛し抜く――AI時代のPdM価値
kakehashi
PRO
1
110
Amazon Qで2Dゲームを作成してみた
siromi
0
130
Serverless Meetup #21
yoshidashingo
1
120
風が吹けばWHOISが使えなくなる~なぜWHOIS・RDAPはサーバー証明書のメール認証に使えなくなったのか~
orangemorishita
15
5.7k
[OCI Technical Deep Dive] OracleのAI戦略(2025年8月5日開催)
oracle4engineer
PRO
1
130
生成AI導入の効果を最大化する データ活用戦略
ham0215
0
140
Featured
See All Featured
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
161
15k
Documentation Writing (for coders)
carmenintech
73
5k
Building a Modern Day E-commerce SEO Strategy
aleyda
43
7.4k
How to Think Like a Performance Engineer
csswizardry
25
1.8k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
50k
Measuring & Analyzing Core Web Vitals
bluesmoon
8
550
The Pragmatic Product Professional
lauravandoore
36
6.8k
The Language of Interfaces
destraynor
158
25k
It's Worth the Effort
3n
185
28k
For a Future-Friendly Web
brad_frost
179
9.9k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
44
2.4k
RailsConf 2023
tenderlove
30
1.2k
Transcript
Ember & OAuth Matthew Rudy Jacobs Wednesday 15th January 2014
@ EmberLondon
@matthewrudy
cronycle.com
The Goal
Authenticate via a 3rd party
Obtain access to a 3rd party API
The Tool
OAuth2 http://tools.ietf.org/html/rfc6749
“The Road to Hell”?
Actually it’s alright
4 Different Flows otherwise known as “grant types”
4 Grant Types • Authorization Code • Implicit • Resource
Owner Password Credentials • Client Credentials
Authorization Code
Authorization Code
Authorization Code auth code access token /auth?code=abc123
Implicit
Implicit S3
Implicit S3 access token /auth#access_token=abc123
Password
Password
Password access token { access_token: “abc123” }
Client Credentials
Client Credentials
Implicit Grant Flow this is what we want!
ember-oauth2
None
Initiate the Auth
Sign in with Github
We have a token
Except we don’t!
This is not Implicit!
This is not Implicit! /callback?code=…
This is not Implicit! /callback?code=… /callback#access_token=…
Github doesn’t do Implicit Grant!
Github suggests you use passwords
TLDR; pure client-side OAuth is poorly supported
But what about a hybrid approach?
Authorization Code Flow (as an API) ❤️
Stick Ember in the middle
The Concept
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?…
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?… callback POST /oauths {access_token: “abc123”}
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?… callback POST /oauths {access_token: “abc123”}
Hack it together!
OAuth API Client
Handled in a Route
Easy right?
Thanks
@matthewrudy