Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Ember and OAuth
Search
Matthew Rudy Jacobs
January 15, 2014
Technology
6
840
Ember and OAuth
A brief tour of OAuth2 and it's use with Ember and other Client-side frameworks
Matthew Rudy Jacobs
January 15, 2014
Tweet
Share
More Decks by Matthew Rudy Jacobs
See All by Matthew Rudy Jacobs
From Developer to Architect (and back again)
matthewrudy
3
220
Humans are Hard
matthewrudy
0
120
[Alpha] Humans Are Hard
matthewrudy
0
86
From Developer To Architect
matthewrudy
0
63
Git Commit Signing: Code we can trust?
matthewrudy
0
150
We Need To Talk About Postgres
matthewrudy
0
76
Coding as a Team At GoGoVan
matthewrudy
3
410
10 Years of Code
matthewrudy
0
97
Elixir - Part 1
matthewrudy
1
170
Other Decks in Technology
See All in Technology
mcwithcode プロジェクト概要
takunology
0
7.9k
『GRANBLUE FANTASY Relink』キャラクターの魅力を支えるリグ・シミュレーション制作事例
cygames
0
170
タイミーのレコメンドにおける ABテストの運用
ozeshun
1
220
再考 アクターモデル/ reconsider actor model
ytake
0
380
AIで変わるテスト自動化:最新ツールの多様なアプローチ/ 20240910 Takahiro Kaneyama
shift_evolve
0
250
技術的負債解消の取り組みと専門チームのお話
bengo4com
0
340
チームビルディングは"感性"で向き合おう / Team Building with Awareness
kohzas
0
280
OSTという文化を組織に根付かせてみた
sansantech
PRO
2
440
内製化を目指す事業会社が、システム開発会社と共に進める「開発生産性改善」の取り組み事例 #devsumi
yuwji
1
170
Tricentisにおけるテスト自動化へのAI活用ご紹介/20240910Shunsuke Katakura
shift_evolve
0
210
エムスリーエビデンス創出プロダクトチーム紹介資料 / Introduction of M3 Create Evidence Team
m3_engineering
0
260
PdMはどのように全てのスピードを上げられるか ~ 非連続進化のための具体的な取り組み ~
sansantech
PRO
4
1.4k
Featured
See All Featured
Reflections from 52 weeks, 52 projects
jeffersonlam
346
20k
Designing with Data
zakiwarfel
98
5k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
43
2k
WebSockets: Embracing the real-time Web
robhawkes
59
7.3k
Docker and Python
trallard
39
3k
Building Better People: How to give real-time feedback that sticks.
wjessup
359
19k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
41
6.5k
Building Your Own Lightsaber
phodgson
101
6k
Speed Design
sergeychernyshev
22
440
RailsConf 2023
tenderlove
28
820
Building an army of robots
kneath
302
42k
Pencils Down: Stop Designing & Start Developing
hursman
119
11k
Transcript
Ember & OAuth Matthew Rudy Jacobs Wednesday 15th January 2014
@ EmberLondon
@matthewrudy
cronycle.com
The Goal
Authenticate via a 3rd party
Obtain access to a 3rd party API
The Tool
OAuth2 http://tools.ietf.org/html/rfc6749
“The Road to Hell”?
Actually it’s alright
4 Different Flows otherwise known as “grant types”
4 Grant Types • Authorization Code • Implicit • Resource
Owner Password Credentials • Client Credentials
Authorization Code
Authorization Code
Authorization Code auth code access token /auth?code=abc123
Implicit
Implicit S3
Implicit S3 access token /auth#access_token=abc123
Password
Password
Password access token { access_token: “abc123” }
Client Credentials
Client Credentials
Implicit Grant Flow this is what we want!
ember-oauth2
None
Initiate the Auth
Sign in with Github
We have a token
Except we don’t!
This is not Implicit!
This is not Implicit! /callback?code=…
This is not Implicit! /callback?code=… /callback#access_token=…
Github doesn’t do Implicit Grant!
Github suggests you use passwords
TLDR; pure client-side OAuth is poorly supported
But what about a hybrid approach?
Authorization Code Flow (as an API) ❤️
Stick Ember in the middle
The Concept
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?…
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?… callback POST /oauths {access_token: “abc123”}
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?… callback POST /oauths {access_token: “abc123”}
Hack it together!
OAuth API Client
Handled in a Route
Easy right?
Thanks
@matthewrudy