Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Ember and OAuth

Matthew Rudy Jacobs
January 15, 2014
Technology
6
840

Ember and OAuth

A brief tour of OAuth2 and it's use with Ember and other Client-side frameworks

Matthew Rudy Jacobs

January 15, 2014
Tweet

More Decks by Matthew Rudy Jacobs

See All by Matthew Rudy Jacobs
From Developer to Architect (and back again)
matthewrudy
3
220
Humans are Hard
matthewrudy
0
130
[Alpha] Humans Are Hard
matthewrudy
0
90
From Developer To Architect
matthewrudy
0
69
Git Commit Signing: Code we can trust?
matthewrudy
0
170
We Need To Talk About Postgres
matthewrudy
0
82
Coding as a Team At GoGoVan
matthewrudy
3
420
10 Years of Code
matthewrudy
0
100
Elixir - Part 1
matthewrudy
1
180

Other Decks in Technology

See All in Technology
Amazon EKS Auto ModeでKubernetesの運用をシンプルにする
sshota0809
0
130
GitHub MCP Serverを使って Pull Requestを作る、レビューする
hiyokose
2
310
Enterprise AI in 2025?
pamelafox
0
120
コンソールで学ぶ!AWS CodePipelineの機能とオプション
umekou
3
130
Startups On Rails 2025 @ Tropical on Rails
irinanazarova
0
150
SSH公開鍵認証による接続 / Connecting with SSH Public Key Authentication
kaityo256
PRO
2
250
ペアプログラミングにQAが加わった!職能を超えたモブプログラミングの事例と学び
tonionagauzzi
1
150
20250326_管理ツールの権限管理で改善したこと
sasata299
1
550
DevinはクラウドエンジニアAIになれるのか!? 実践的なガードレール設計/devin-can-become-a-cloud-engineer-ai-practical-guardrail-design
tomoki10
3
1.5k
Symfony in 2025: Scaling to 0
fabpot
2
260
AWSエンジニアがSAPのデータ抽出してみた
mayumi_hirano
0
100
モノリスの認知負荷に立ち向かう、コードの所有者という思想と現実
kzkmaeda
0
120

Featured

See All Featured
Typedesign – Prime Four
hannesfritz
41
2.6k
Intergalactic Javascript Robots from Outer Space
tanoku
270
27k
The Invisible Side of Design
smashingmag
299
50k
Optimizing for Happiness
mojombo
377
70k
Stop Working from a Prison Cell
hatefulcrawdad
268
20k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
30k
Six Lessons from altMBA
skipperchong
27
3.7k
Being A Developer After 40
akosma
90
590k
Side Projects
sachag
452
42k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.4k
StorybookのUI Testing Handbookを読んだ
zakiyama
28
5.6k

Transcript

  1. Ember & OAuth Matthew Rudy Jacobs Wednesday 15th January 2014

    @ EmberLondon

  2. @matthewrudy

  3. cronycle.com

  4. The Goal

  5. Authenticate via a 3rd party

  6. Obtain access to a 3rd party API

  7. The Tool

  8. OAuth2 http://tools.ietf.org/html/rfc6749

  9. “The Road to Hell”?

  10. Actually it’s alright

  11. 4 Different Flows otherwise known as “grant types”

  12. 4 Grant Types • Authorization Code • Implicit • Resource

    Owner Password Credentials • Client Credentials

  13. Authorization Code

  14. Authorization Code

  15. Authorization Code auth code access token /auth?code=abc123

  16. Implicit

  17. Implicit S3

  18. Implicit S3 access token /auth#access_token=abc123

  19. Password

  20. Password

  21. Password access token { access_token: “abc123” }

  22. Client Credentials

  23. Client Credentials

  24. Implicit Grant Flow this is what we want!

  25. ember-oauth2

  26. None

  27. Initiate the Auth

  28. Sign in with Github

  29. We have a token

  30. Except we don’t!

  31. This is not Implicit!

  32. This is not Implicit! /callback?code=…

  33. This is not Implicit! /callback?code=… /callback#access_token=…

  34. Github doesn’t do Implicit Grant!

  35. Github suggests you use passwords

  36. TLDR; pure client-side OAuth is poorly supported

  37. But what about a hybrid approach?

  38. Authorization Code Flow (as an API) ❤️

  39. Stick Ember in the middle

  40. The Concept

  41. GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?…

  42. GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?… callback POST /oauths {access_token: “abc123”}

  43. GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?… callback POST /oauths {access_token: “abc123”}

  44. Hack it together!

  45. OAuth API Client

  46. Handled in a Route

  47. Easy right?

  48. Thanks

  49. @matthewrudy