Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Ember and OAuth
Search
Matthew Rudy Jacobs
January 15, 2014
Technology
6
840
Ember and OAuth
A brief tour of OAuth2 and it's use with Ember and other Client-side frameworks
Matthew Rudy Jacobs
January 15, 2014
Tweet
Share
More Decks by Matthew Rudy Jacobs
See All by Matthew Rudy Jacobs
From Developer to Architect (and back again)
matthewrudy
3
230
Humans are Hard
matthewrudy
0
130
[Alpha] Humans Are Hard
matthewrudy
0
92
From Developer To Architect
matthewrudy
0
73
Git Commit Signing: Code we can trust?
matthewrudy
0
180
We Need To Talk About Postgres
matthewrudy
0
86
Coding as a Team At GoGoVan
matthewrudy
3
430
10 Years of Code
matthewrudy
0
110
Elixir - Part 1
matthewrudy
1
190
Other Decks in Technology
See All in Technology
PO初心者が考えた ”POらしさ”
nb_rady
0
190
マーケットプレイス版Oracle WebCenter Content For OCI
oracle4engineer
PRO
3
950
生成AI開発案件におけるClineの業務活用事例とTips
shinya337
0
210
Beyond Kaniko: Navigating Unprivileged Container Image Creation
f30
0
130
ビズリーチが挑む メトリクスを活用した技術的負債の解消 / dev-productivity-con2025
visional_engineering_and_design
3
5.9k
さくらのIaaS基盤のモニタリングとOpenTelemetry/OSC Hokkaido 2025
fujiwara3
2
310
Delegating the chores of authenticating users to Keycloak
ahus1
0
130
生成AI時代の開発組織・技術・プロセス 〜 ログラスの挑戦と考察 〜
itohiro73
1
410
Yamla: Rustでつくるリアルタイム性を追求した機械学習基盤 / Yamla: A Rust-Based Machine Learning Platform Pursuing Real-Time Capabilities
lycorptech_jp
PRO
4
220
United airlines®️ USA Contact Numbers: Complete 2025 Support Guide
oliversmith12
0
110
事業成長の裏側:エンジニア組織と開発生産性の進化 / 20250703 Rinto Ikenoue
shift_evolve
PRO
2
17k
論文紹介:LLMDet (CVPR2025 Highlight)
tattaka
0
290
Featured
See All Featured
Thoughts on Productivity
jonyablonski
69
4.7k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.8k
How to Think Like a Performance Engineer
csswizardry
24
1.7k
Why You Should Never Use an ORM
jnunemaker
PRO
58
9.4k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
10
950
The Cult of Friendly URLs
andyhume
79
6.5k
Bash Introduction
62gerente
614
210k
KATA
mclloyd
30
14k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
281
13k
A Tale of Four Properties
chriscoyier
160
23k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
29
9.5k
Large-scale JavaScript Application Architecture
addyosmani
512
110k
Transcript
Ember & OAuth Matthew Rudy Jacobs Wednesday 15th January 2014
@ EmberLondon
@matthewrudy
cronycle.com
The Goal
Authenticate via a 3rd party
Obtain access to a 3rd party API
The Tool
OAuth2 http://tools.ietf.org/html/rfc6749
“The Road to Hell”?
Actually it’s alright
4 Different Flows otherwise known as “grant types”
4 Grant Types • Authorization Code • Implicit • Resource
Owner Password Credentials • Client Credentials
Authorization Code
Authorization Code
Authorization Code auth code access token /auth?code=abc123
Implicit
Implicit S3
Implicit S3 access token /auth#access_token=abc123
Password
Password
Password access token { access_token: “abc123” }
Client Credentials
Client Credentials
Implicit Grant Flow this is what we want!
ember-oauth2
None
Initiate the Auth
Sign in with Github
We have a token
Except we don’t!
This is not Implicit!
This is not Implicit! /callback?code=…
This is not Implicit! /callback?code=… /callback#access_token=…
Github doesn’t do Implicit Grant!
Github suggests you use passwords
TLDR; pure client-side OAuth is poorly supported
But what about a hybrid approach?
Authorization Code Flow (as an API) ❤️
Stick Ember in the middle
The Concept
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?…
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?… callback POST /oauths {access_token: “abc123”}
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?… callback POST /oauths {access_token: “abc123”}
Hack it together!
OAuth API Client
Handled in a Route
Easy right?
Thanks
@matthewrudy