Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Ember and OAuth
Search
Matthew Rudy Jacobs
January 15, 2014
Technology
6
850
Ember and OAuth
A brief tour of OAuth2 and it's use with Ember and other Client-side frameworks
Matthew Rudy Jacobs
January 15, 2014
Tweet
Share
More Decks by Matthew Rudy Jacobs
See All by Matthew Rudy Jacobs
From Developer to Architect (and back again)
matthewrudy
3
230
Humans are Hard
matthewrudy
0
130
[Alpha] Humans Are Hard
matthewrudy
0
93
From Developer To Architect
matthewrudy
0
74
Git Commit Signing: Code we can trust?
matthewrudy
0
180
We Need To Talk About Postgres
matthewrudy
0
88
Coding as a Team At GoGoVan
matthewrudy
3
430
10 Years of Code
matthewrudy
0
110
Elixir - Part 1
matthewrudy
1
190
Other Decks in Technology
See All in Technology
Talk to Someone At Delta Airlines™️ USA Contact Numbers
travelcarecenter
0
160
OpenTelemetryセマンティック規約の恩恵とMackerel APMにおける活用例 / SRE NEXT 2025
mackerelio
3
2k
名刺メーカーDevグループ 紹介資料
sansan33
PRO
0
820
「Chatwork」のEKS環境を支えるhelmfileを使用したマニフェスト管理術
hanayo04
1
400
AIエージェントが書くのなら直接CloudFormationを書かせればいいじゃないですか何故AWS CDKを使う必要があるのさ
watany
18
7.6k
安定した基盤システムのためのライブラリ選定
kakehashi
PRO
3
130
今だから言えるセキュリティLT_Wordpress5.7.2未満を一斉アップデートせよ
cuebic9bic
2
170
ゼロから始めるSREの事業貢献 - 生成AI時代のSRE成長戦略と実践 / Starting SRE from Day One
shinyorke
PRO
0
110
All About Sansan – for New Global Engineers
sansan33
PRO
1
1.2k
AIでテストプロセス自動化に挑戦する
sakatakazunori
1
530
振り返りTransit Gateway ~VPCをいい感じでつなげるために~
masakiokuda
3
210
アクセスピークを制するオートスケール再設計: 障害を乗り越えKEDAで実現したリソース管理の最適化
myamashii
1
660
Featured
See All Featured
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
50
5.5k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
2.9k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
35
2.4k
Large-scale JavaScript Application Architecture
addyosmani
512
110k
The Invisible Side of Design
smashingmag
301
51k
The Cult of Friendly URLs
andyhume
79
6.5k
How to train your dragon (web standard)
notwaldorf
96
6.1k
Making the Leap to Tech Lead
cromwellryan
134
9.4k
Rails Girls Zürich Keynote
gr2m
95
14k
What's in a price? How to price your products and services
michaelherold
246
12k
RailsConf 2023
tenderlove
30
1.1k
Transcript
Ember & OAuth Matthew Rudy Jacobs Wednesday 15th January 2014
@ EmberLondon
@matthewrudy
cronycle.com
The Goal
Authenticate via a 3rd party
Obtain access to a 3rd party API
The Tool
OAuth2 http://tools.ietf.org/html/rfc6749
“The Road to Hell”?
Actually it’s alright
4 Different Flows otherwise known as “grant types”
4 Grant Types • Authorization Code • Implicit • Resource
Owner Password Credentials • Client Credentials
Authorization Code
Authorization Code
Authorization Code auth code access token /auth?code=abc123
Implicit
Implicit S3
Implicit S3 access token /auth#access_token=abc123
Password
Password
Password access token { access_token: “abc123” }
Client Credentials
Client Credentials
Implicit Grant Flow this is what we want!
ember-oauth2
None
Initiate the Auth
Sign in with Github
We have a token
Except we don’t!
This is not Implicit!
This is not Implicit! /callback?code=…
This is not Implicit! /callback?code=… /callback#access_token=…
Github doesn’t do Implicit Grant!
Github suggests you use passwords
TLDR; pure client-side OAuth is poorly supported
But what about a hybrid approach?
Authorization Code Flow (as an API) ❤️
Stick Ember in the middle
The Concept
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?…
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?… callback POST /oauths {access_token: “abc123”}
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?… callback POST /oauths {access_token: “abc123”}
Hack it together!
OAuth API Client
Handled in a Route
Easy right?
Thanks
@matthewrudy