Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Ember and OAuth
Search
Matthew Rudy Jacobs
January 15, 2014
Technology
6
850
Ember and OAuth
A brief tour of OAuth2 and it's use with Ember and other Client-side frameworks
Matthew Rudy Jacobs
January 15, 2014
Tweet
Share
More Decks by Matthew Rudy Jacobs
See All by Matthew Rudy Jacobs
From Developer to Architect (and back again)
matthewrudy
3
230
Humans are Hard
matthewrudy
0
140
[Alpha] Humans Are Hard
matthewrudy
0
95
From Developer To Architect
matthewrudy
0
75
Git Commit Signing: Code we can trust?
matthewrudy
0
180
We Need To Talk About Postgres
matthewrudy
0
88
Coding as a Team At GoGoVan
matthewrudy
3
430
10 Years of Code
matthewrudy
0
110
Elixir - Part 1
matthewrudy
1
190
Other Decks in Technology
See All in Technology
KINTO FACTORYから学ぶ生成AI活用戦略
kintotechdev
0
120
トヨタ生産方式(TPS)入門
recruitengineers
PRO
5
1.1k
カミナシ社の『ID管理基盤』製品内製 - その意思決定背景と2年間の進化 #AWSUnicornDay / Kaminashi ID - The Big Whys
kaminashi
1
350
事業価値と Engineering
recruitengineers
PRO
6
4.4k
DeNA での思い出 / Memories at DeNA
orgachem
PRO
4
1.8k
退屈なことはDevinにやらせよう〜〜Devin APIを使ったVisual Regression Testの自動追加〜
kawamataryo
4
880
Figma + Storybook + PlaywrightのMCPを使ったフロントエンド開発
yug1224
10
3.3k
Postman MCP 関連機能アップデート / Postman MCP feature updates
yokawasa
1
200
JOAI発表資料 @ 関東kaggler会
joai_committee
1
480
異業種出身エンジニアが気づいた、転向して十数年経っても変わらない自分の武器とは
macnekoayu
0
200
実践AIガバナンス
asei
3
190
Goss: New Production-Ready Go Binding for Faiss #coefl_go_jp
bengo4com
0
1.1k
Featured
See All Featured
Reflections from 52 weeks, 52 projects
jeffersonlam
351
21k
Optimising Largest Contentful Paint
csswizardry
37
3.4k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.5k
4 Signs Your Business is Dying
shpigford
184
22k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
15
1.6k
Optimizing for Happiness
mojombo
379
70k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
31
2.2k
Why Our Code Smells
bkeepers
PRO
339
57k
Done Done
chrislema
185
16k
StorybookのUI Testing Handbookを読んだ
zakiyama
30
6k
A Tale of Four Properties
chriscoyier
160
23k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
48
9.7k
Transcript
Ember & OAuth Matthew Rudy Jacobs Wednesday 15th January 2014
@ EmberLondon
@matthewrudy
cronycle.com
The Goal
Authenticate via a 3rd party
Obtain access to a 3rd party API
The Tool
OAuth2 http://tools.ietf.org/html/rfc6749
“The Road to Hell”?
Actually it’s alright
4 Different Flows otherwise known as “grant types”
4 Grant Types • Authorization Code • Implicit • Resource
Owner Password Credentials • Client Credentials
Authorization Code
Authorization Code
Authorization Code auth code access token /auth?code=abc123
Implicit
Implicit S3
Implicit S3 access token /auth#access_token=abc123
Password
Password
Password access token { access_token: “abc123” }
Client Credentials
Client Credentials
Implicit Grant Flow this is what we want!
ember-oauth2
None
Initiate the Auth
Sign in with Github
We have a token
Except we don’t!
This is not Implicit!
This is not Implicit! /callback?code=…
This is not Implicit! /callback?code=… /callback#access_token=…
Github doesn’t do Implicit Grant!
Github suggests you use passwords
TLDR; pure client-side OAuth is poorly supported
But what about a hybrid approach?
Authorization Code Flow (as an API) ❤️
Stick Ember in the middle
The Concept
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?…
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?… callback POST /oauths {access_token: “abc123”}
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?… callback POST /oauths {access_token: “abc123”}
Hack it together!
OAuth API Client
Handled in a Route
Easy right?
Thanks
@matthewrudy