Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Ember and OAuth
Search
Matthew Rudy Jacobs
January 15, 2014
Technology
6
840
Ember and OAuth
A brief tour of OAuth2 and it's use with Ember and other Client-side frameworks
Matthew Rudy Jacobs
January 15, 2014
Tweet
Share
More Decks by Matthew Rudy Jacobs
See All by Matthew Rudy Jacobs
From Developer to Architect (and back again)
matthewrudy
3
220
Humans are Hard
matthewrudy
0
120
[Alpha] Humans Are Hard
matthewrudy
0
86
From Developer To Architect
matthewrudy
0
66
Git Commit Signing: Code we can trust?
matthewrudy
0
160
We Need To Talk About Postgres
matthewrudy
0
79
Coding as a Team At GoGoVan
matthewrudy
3
410
10 Years of Code
matthewrudy
0
98
Elixir - Part 1
matthewrudy
1
180
Other Decks in Technology
See All in Technology
APIとはなにか
mikanichinose
0
100
AWS re:Invent 2024で発表された コードを書く開発者向け機能について
maruto
0
200
Fanstaの1年を大解剖! 一人SREはどこまでできるのか!?
syossan27
2
170
KnowledgeBaseDocuments APIでベクトルインデックス管理を自動化する
iidaxs
1
270
2024年にチャレンジしたことを振り返るぞ
mitchan
0
140
社外コミュニティで学び社内に活かす共に学ぶプロジェクトの実践/backlogworld2024
nishiuma
0
270
10個のフィルタをAXI4-Streamでつなげてみた
marsee101
0
170
Microsoft Azure全冠になってみた ~アレを使い倒した者が試験を制す!?~/Obtained all Microsoft Azure certifications Those who use "that" to the full will win the exam! ?
yuj1osm
2
110
権威ドキュメントで振り返る2024 #年忘れセキュリティ2024
hirotomotaguchi
2
760
マイクロサービスにおける容易なトランザクション管理に向けて
scalar
0
140
ハイテク休憩
sat
PRO
2
170
オプトインカメラ:UWB測位を応用したオプトイン型のカメラ計測
matthewlujp
0
180
Featured
See All Featured
Optimising Largest Contentful Paint
csswizardry
33
3k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
28
4.4k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
48
2.2k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
2
290
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
32
2.7k
Thoughts on Productivity
jonyablonski
67
4.4k
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k
Rebuilding a faster, lazier Slack
samanthasiow
79
8.7k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Become a Pro
speakerdeck
PRO
26
5k
A Tale of Four Properties
chriscoyier
157
23k
Put a Button on it: Removing Barriers to Going Fast.
kastner
59
3.6k
Transcript
Ember & OAuth Matthew Rudy Jacobs Wednesday 15th January 2014
@ EmberLondon
@matthewrudy
cronycle.com
The Goal
Authenticate via a 3rd party
Obtain access to a 3rd party API
The Tool
OAuth2 http://tools.ietf.org/html/rfc6749
“The Road to Hell”?
Actually it’s alright
4 Different Flows otherwise known as “grant types”
4 Grant Types • Authorization Code • Implicit • Resource
Owner Password Credentials • Client Credentials
Authorization Code
Authorization Code
Authorization Code auth code access token /auth?code=abc123
Implicit
Implicit S3
Implicit S3 access token /auth#access_token=abc123
Password
Password
Password access token { access_token: “abc123” }
Client Credentials
Client Credentials
Implicit Grant Flow this is what we want!
ember-oauth2
None
Initiate the Auth
Sign in with Github
We have a token
Except we don’t!
This is not Implicit!
This is not Implicit! /callback?code=…
This is not Implicit! /callback?code=… /callback#access_token=…
Github doesn’t do Implicit Grant!
Github suggests you use passwords
TLDR; pure client-side OAuth is poorly supported
But what about a hybrid approach?
Authorization Code Flow (as an API) ❤️
Stick Ember in the middle
The Concept
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?…
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?… callback POST /oauths {access_token: “abc123”}
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?… callback POST /oauths {access_token: “abc123”}
Hack it together!
OAuth API Client
Handled in a Route
Easy right?
Thanks
@matthewrudy