Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Ember and OAuth
Search
Matthew Rudy Jacobs
January 15, 2014
Technology
860
6
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Ember and OAuth
A brief tour of OAuth2 and it's use with Ember and other Client-side frameworks
Matthew Rudy Jacobs
January 15, 2014
More Decks by Matthew Rudy Jacobs
See All by Matthew Rudy Jacobs
From Developer to Architect (and back again)
matthewrudy
3
250
Humans are Hard
matthewrudy
0
160
[Alpha] Humans Are Hard
matthewrudy
0
130
From Developer To Architect
matthewrudy
0
110
Git Commit Signing: Code we can trust?
matthewrudy
0
200
We Need To Talk About Postgres
matthewrudy
0
110
Coding as a Team At GoGoVan
matthewrudy
3
460
10 Years of Code
matthewrudy
0
130
Elixir - Part 1
matthewrudy
1
210
Other Decks in Technology
See All in Technology
10x Speed With QA Agent Platform - How we scaled adoption from individual effort to organizational capability
lycorptech_jp
PRO
0
120
Multi-Agent並列開発を 安全に回すための技術 / Technology for Safely Multi-Agent Parallel Development
tooppoo
0
250
From Prompt Engineering to Loop Engineering
shibuiwilliam
1
330
次世代ランサムウェア対策の考察 / 20260704 Mitsutoshi Matsuo
shift_evolve
PRO
5
1.7k
金融の未来を考える / Thinking About the Future of Finance
ks91
PRO
0
150
知見・人・API・DB・予算 ─ ナイナイ尽くしだった人事データ整備 with dbt、5年間の学び
ken6377
1
140
AWS Summit の片隅で、体育座りしながらコミュニティがにぎわう理由を考えた
k_adachi_01
2
340
グローバルチームと挑むプロダクト開発
sansantech
PRO
1
150
はてなのサービス基盤を支える Kubernetes《足腰》
masayoshimaezawa
0
430
飲食店もAIで。レジ締めやハンディシステムをつくってる話 / Using AI for restaurant management
vtryo
0
230
製造現場での生成AIの活用、およびエージェントAIの実装のあり方、AVEVAの取り組み
iotcomjpadmin
0
220
小さいから、全部わかる。— 常駐AI "xangi" のすすめ
sugupoko
0
240
Featured
See All Featured
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
12
1.2k
Skip the Path - Find Your Career Trail
mkilby
1
160
Efficient Content Optimization with Google Search Console & Apps Script
katarinadahlin
PRO
1
650
Building AI with AI
inesmontani
PRO
1
1.1k
We Are The Robots
honzajavorek
0
260
Optimising Largest Contentful Paint
csswizardry
37
3.8k
How STYLIGHT went responsive
nonsquared
100
6.2k
We Have a Design System, Now What?
morganepeng
55
8.2k
Digital Ethics as a Driver of Design Innovation
axbom
PRO
1
330
Primal Persuasion: How to Engage the Brain for Learning That Lasts
tmiket
0
380
Mind Mapping
helmedeiros
PRO
1
270
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
123
22k
Transcript
Ember & OAuth Matthew Rudy Jacobs Wednesday 15th January 2014
@ EmberLondon
@matthewrudy
cronycle.com
The Goal
Authenticate via a 3rd party
Obtain access to a 3rd party API
The Tool
OAuth2 http://tools.ietf.org/html/rfc6749
“The Road to Hell”?
Actually it’s alright
4 Different Flows otherwise known as “grant types”
4 Grant Types • Authorization Code • Implicit • Resource
Owner Password Credentials • Client Credentials
Authorization Code
Authorization Code
Authorization Code auth code access token /auth?code=abc123
Implicit
Implicit S3
Implicit S3 access token /auth#access_token=abc123
Password
Password
Password access token { access_token: “abc123” }
Client Credentials
Client Credentials
Implicit Grant Flow this is what we want!
ember-oauth2
None
Initiate the Auth
Sign in with Github
We have a token
Except we don’t!
This is not Implicit!
This is not Implicit! /callback?code=…
This is not Implicit! /callback?code=… /callback#access_token=…
Github doesn’t do Implicit Grant!
Github suggests you use passwords
TLDR; pure client-side OAuth is poorly supported
But what about a hybrid approach?
Authorization Code Flow (as an API) ❤️
Stick Ember in the middle
The Concept
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?…
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?… callback POST /oauths {access_token: “abc123”}
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?… callback POST /oauths {access_token: “abc123”}
Hack it together!
OAuth API Client
Handled in a Route
Easy right?
Thanks
@matthewrudy