Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Ember and OAuth
Search
Matthew Rudy Jacobs
January 15, 2014
Technology
6
840
Ember and OAuth
A brief tour of OAuth2 and it's use with Ember and other Client-side frameworks
Matthew Rudy Jacobs
January 15, 2014
Tweet
Share
More Decks by Matthew Rudy Jacobs
See All by Matthew Rudy Jacobs
From Developer to Architect (and back again)
matthewrudy
3
220
Humans are Hard
matthewrudy
0
130
[Alpha] Humans Are Hard
matthewrudy
0
90
From Developer To Architect
matthewrudy
0
71
Git Commit Signing: Code we can trust?
matthewrudy
0
170
We Need To Talk About Postgres
matthewrudy
0
84
Coding as a Team At GoGoVan
matthewrudy
3
420
10 Years of Code
matthewrudy
0
110
Elixir - Part 1
matthewrudy
1
190
Other Decks in Technology
See All in Technology
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
8
65k
Oracle Database オプティマイザ・ヒントの活用
oracle4engineer
PRO
1
140
AIに実況させる / AI Streamer
motemen
3
1.4k
Javaアプリケーションの配布とパッケージング / Distribution and packaging of Java applications
hogelog
1
120
[zh-TW] DevOpsDays Taipei 2025 -- Creating Awesome Change in SmartNews!(machine translation)
martin_lover
1
640
What's Next in OpenShift Q2 CY2025
redhatlivestreaming
1
790
Eight Engineering Unit 紹介資料
sansan33
PRO
0
3.2k
コードの考古学 〜労務システムから発掘した成長の糧〜
kenta_smarthr
1
1.1k
Babylon.jsでゲームを作ってみよう
limes2018
0
100
Azure Developer CLI と Azure Deployment Environment / Azure Developer CLI and Azure Deployment Environment
nnstt1
1
120
金融システムをモダナイズするためのAmazon Elastic Kubernetes Service(EKS)ノウハウ大全
daitak
0
120
いまさら聞けない Git 超入門 〜Gitって結局なに?から始める第一歩〜
devops_vtj
0
160
Featured
See All Featured
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
52
2.8k
The Power of CSS Pseudo Elements
geoffreycrofte
76
5.8k
A designer walks into a library…
pauljervisheath
205
24k
Producing Creativity
orderedlist
PRO
346
40k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
252
21k
Docker and Python
trallard
44
3.4k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
50k
Fireside Chat
paigeccino
37
3.5k
Become a Pro
speakerdeck
PRO
28
5.4k
Embracing the Ebb and Flow
colly
85
4.7k
Java REST API Framework Comparison - PWX 2021
mraible
31
8.6k
GraphQLとの向き合い方2022年版
quramy
46
14k
Transcript
Ember & OAuth Matthew Rudy Jacobs Wednesday 15th January 2014
@ EmberLondon
@matthewrudy
cronycle.com
The Goal
Authenticate via a 3rd party
Obtain access to a 3rd party API
The Tool
OAuth2 http://tools.ietf.org/html/rfc6749
“The Road to Hell”?
Actually it’s alright
4 Different Flows otherwise known as “grant types”
4 Grant Types • Authorization Code • Implicit • Resource
Owner Password Credentials • Client Credentials
Authorization Code
Authorization Code
Authorization Code auth code access token /auth?code=abc123
Implicit
Implicit S3
Implicit S3 access token /auth#access_token=abc123
Password
Password
Password access token { access_token: “abc123” }
Client Credentials
Client Credentials
Implicit Grant Flow this is what we want!
ember-oauth2
None
Initiate the Auth
Sign in with Github
We have a token
Except we don’t!
This is not Implicit!
This is not Implicit! /callback?code=…
This is not Implicit! /callback?code=… /callback#access_token=…
Github doesn’t do Implicit Grant!
Github suggests you use passwords
TLDR; pure client-side OAuth is poorly supported
But what about a hybrid approach?
Authorization Code Flow (as an API) ❤️
Stick Ember in the middle
The Concept
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?…
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?… callback POST /oauths {access_token: “abc123”}
GET /oauths/new {url: “https://github.com/auth?…”} https://github.com/auth?… callback POST /oauths {access_token: “abc123”}
Hack it together!
OAuth API Client
Handled in a Route
Easy right?
Thanks
@matthewrudy