Skip to content

Latest commit

 

History

History
152 lines (114 loc) · 4.94 KB

File metadata and controls

152 lines (114 loc) · 4.94 KB

The API docs for Ember Simple Auth OAuth 2.0 are available here

Ember Simple Auth OAuth 2.0

This is an extension to the Ember Simple Auth library that provides an authenticator and an authorizer that are compatible with OAuth 2.0.

The Authenticator

The authenticator (see the API docs for Authenticators.OAuth2) is compliant with RFC 6749 (OAuth 2.0), specifically the "Resource Owner Password Credentials Grant Type". This grant type basically specifies that the client sends a set of credentials to a server:

POST /token HTTP/1.1
Host: server.example.com
Content-Type: application/x-www-form-urlencoded

grant_type=password&username=johndoe&password=A3ddj3w

and if those credentials are valid in exchange receives an access_token:

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache

{
  "access_token":"2YotnFZFEjr1zCsicMWpAA",
  "token_type":"bearer"
}

The OAuth 2.0 authenticator also supports automatic token refreshing which is explained in more detail in section 6 of RFC 6749.

Using the RFC 6749 (OAuth 2.0) Authenticator

In order to use the OAuth 2.0 authenticator the application needs to have a login route:

App.Router.map(function() {
  this.route('login');
});

This route displays the login form with fields for identification and password:

<form {{action 'authenticate' on='submit'}}>
  <label for="identification">Login</label>
  {{input id='identification' placeholder='Enter Login' value=identification}}
  <label for="password">Password</label>
  {{input id='password' placeholder='Enter Password' type='password' value=password}}
  <button type="submit">Login</button>
</form>

The authenticate action that is triggered by submitting the form is provided by the LoginControllerMixin that the respective controller in the application can include (the controller can also implement its own action and use the session API directly; see the API docs for Session). It then also needs to specify the OAuth 2.0 authenticator to be used:

// app/controllers/login.js
import LoginControllerMixin from 'simple-auth/mixins/login-controller-mixin';

export default Ember.Controller.extend(LoginControllerMixin, {
  authenticator: 'simple-auth-authenticator:oauth2-password-grant'
});

Compatible Middlewares

There are lots of middlewares for different server stacks that support OAuth 2.0 and the "Resource Owner Password Credentials Grant Type" and that work with this library:

Ruby

PHP

Java

Node.js

The Authorizer

The authorizer (see the API docs for Authorizers.OAuth2) is compliant with RFC 6750 (OAuth 2.0 Bearer Tokens) and thus fits the OAuth 2.0 authenticator. It simply injects an Authorization header with the access_token that the authenticator acquired into all requests:

Authorization: Bearer <access_token>

To use the authorizer, configure it in the global environment object:

window.ENV = window.ENV || {};
window.ENV['simple-auth'] = {
  authorizer: 'simple-auth-authorizer:oauth2-bearer'
}

Installation

To install Ember Simple Auth OAuth 2.0 in an Ember.js application there are several options:

  • If you're using Ember CLI, just add the Ember CLI Addon to your project and Ember Simple Auth OAuth 2.0 will setup itself.

  • The Ember Simple Auth OAuth 2.0 extension library is also included in the "ember-simple-auth" bower package both in a browserified version as well as an AMD build. If you're using the AMD build from bower be sure to require the autoloader:

    require('simple-auth-oauth2/ember');

    The browserified version will, like the Ember CLI addon, also setup itself once it is loaded in the application.

  • Download a prebuilt version from the releases page