Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Ember and OAuth
Search
Matthew Rudy Jacobs
January 15, 2014
Technology
6
850
Ember and OAuth
A brief tour of OAuth2 and it's use with Ember and other Client-side frameworks
Matthew Rudy Jacobs
January 15, 2014
Tweet
Share
More Decks by Matthew Rudy Jacobs
See All by Matthew Rudy Jacobs
From Developer to Architect (and back again)
matthewrudy
3
230
Humans are Hard
matthewrudy
0
140
[Alpha] Humans Are Hard
matthewrudy
0
96
From Developer To Architect
matthewrudy
0
75
Git Commit Signing: Code we can trust?
matthewrudy
0
180
We Need To Talk About Postgres
matthewrudy
0
88
Coding as a Team At GoGoVan
matthewrudy
3
440
10 Years of Code
matthewrudy
0
110
Elixir - Part 1
matthewrudy
1
190
Other Decks in Technology
See All in Technology
LLMアプリケーション開発におけるセキュリティリスクと対策 / LLM Application Security
flatt_security
7
1.8k
ZOZOのAI活用実践〜社内基盤からサービス応用まで〜
zozotech
PRO
0
170
生成AIとM5Stack / M5 Japan Tour 2025 Autumn 東京
you
PRO
0
210
ACA でMAGI システムを社内で展開しようとした話
mappie_kochi
1
250
GA technologiesでのAI-Readyの取り組み@DataOps Night
yuto16
0
270
OpenAI gpt-oss ファインチューニング入門
kmotohas
2
960
How to achieve interoperable digital identity across Asian countries
fujie
0
110
GopherCon Tour 概略
logica0419
2
190
業務自動化プラットフォーム Google Agentspace に入門してみる #devio2025
maroon1st
0
190
それでも私はContextに値を詰めたい | Go Conference 2025 / go conference 2025 fill context
budougumi0617
4
1.2k
動画データのポテンシャルを引き出す! Databricks と AI活用への奮闘記(現在進行形)
databricksjapan
0
140
ユニットテストに対する考え方の変遷 / Everyone should watch his live coding
mdstoy
0
120
Featured
See All Featured
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
27k
Facilitating Awesome Meetings
lara
56
6.6k
The Straight Up "How To Draw Better" Workshop
denniskardys
237
140k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
657
61k
GraphQLとの向き合い方2022年版
quramy
49
14k
YesSQL, Process and Tooling at Scale
rocio
173
14k
Documentation Writing (for coders)
carmenintech
75
5k
Balancing Empowerment & Direction
lara
4
680
Practical Orchestrator
shlominoach
190
11k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
2.6k
Being A Developer After 40
akosma
91
590k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
45
2.5k
Transcript
Ember & OAuth Matthew Rudy Jacobs Wednesday 15th January 2014
@ EmberLondon
@matthewrudy
cronycle.com
The Goal
Authenticate via a 3rd party
Obtain access to a 3rd party API
The Tool
OAuth2 http://tools.ietf.org/html/rfc6749
“The Road to Hell”?
Actually it’s alright
4 Different Flows otherwise known as “grant types”
4 Grant Types • Authorization Code • Implicit • Resource
Owner Password Credentials • Client Credentials
Authorization Code
Authorization Code
Authorization Code auth code access token /auth?code=abc123
Implicit
Implicit S3
Implicit S3 access token /auth#access_token=abc123
Password
Password
Password access token { access_token: “abc123” }
Client Credentials
Client Credentials
Implicit Grant Flow this is what we want!
ember-oauth2
None
Initiate the Auth
Sign in with Github
We have a token
Except we don’t!
This is not Implicit!
This is not Implicit! /callback?code=…
This is not Implicit! /callback?code=… /callback#access_token=…
Github doesn’t do Implicit Grant!
Github suggests you use passwords
TLDR; pure client-side OAuth is poorly supported
But what about a hybrid approach?
Authorization Code Flow (as an API) ❤️
Stick Ember in the middle
The Concept
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?…
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?… callback POST /oauths {access_token: “abc123”}
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?… callback POST /oauths {access_token: “abc123”}
Hack it together!
OAuth API Client
Handled in a Route
Easy right?
Thanks
@matthewrudy