Ember and OAuth2Boston Ember.js March 9, 2017 Stephen Vance

What We’ll Cover

• What is OAuth2?

• ember-simple-auth

• torii

• The Big Picture

2

OAuth2• Authentication (who you are) and Authorization (what can you do)

• OAuth is an authorization protocol

• Why do we use it for authentication?

• Implicit and authorization code grant types

• Scopes

3

Authorization Code Grant

AppBob1. Use GitHub

GitHub2. Bob wants access

3. Can App have access?

4. Bob says yes (authorization code)

Auth Server

5. I need a key

6. A

uth

code

+

secr

et

7. Token + scopes

8. Token + scopes

4

ember-simple-auth (ESA)

Client-side session

Authenticates the session

Authorizes requests

5

How ESA Works• session service

• Authenticators (ToriiAuthenticator)

• ApplicationRouteMixin

• AuthenticatedRouteMixin

• UnauthenticatedRouteMixin

• Authorizers

• DataAdapterMixin

6

Torii

Providers

Session Manager

Adapters

7

How torii Works

• Simple API: open, fetch, close

• Can be used by itself (e.g., ember-twiddle)

8

9

For Reference• OAuth2 RFC: https://tools.ietf.org/html/rfc6749

• Section 4.1 details Authorization Code Grant

• ember-simple-auth: https://github.com/simplabs/ember-simple-auth

• GitHub with torii Guide: https://github.com/simplabs/ember-simple-auth/blob/master/guides/auth-torii-with-github.md

• torii: https://github.com/Vestorly/torii

• GitHub API docs: https://developer.github.com/v3/

• OAuth details: https://developer.github.com/v3/oauth/

• ember-data-github: https://github.com/elwayman02/ember-data-github

10

Usage Examples

• https://github.com/srvance/simple-auth-torii-github-demo

• https://github.com/srvance/git-time-machine

• https://github.com/ember-cli/ember-twiddle

• https://github.com/hawkup/github-stars

11

Contact MeStephen Vance

http://www.vance.com

steve@vance.com

@StephenRVance

srvance on GitHub and LinkedIn

12