The API docs for Ember Simple Auth OAuth 2.0 are available here
This is an extension to the Ember Simple Auth library that provides an authenticator and an authorizer that are compatible with OAuth 2.0.
As your user's credentials as well as the token are exchanged between the Ember.js app and the OAuth 2.0 server you have to make sure that this connection uses HTTPS!
The authenticator (see the
API docs for Authenticators.OAuth2)
is compliant with RFC 6749 (OAuth 2.0),
specifically the "Resource Owner Password Credentials Grant Type". This grant
type basically specifies that the client sends a set of credentials to a
server:
POST /token HTTP/1.1
Host: server.example.com
Content-Type: application/x-www-form-urlencoded
grant_type=password&username=johndoe&password=A3ddj3w
and if those credentials are valid in exchange receives an access_token:
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
{
"access_token":"2YotnFZFEjr1zCsicMWpAA",
"token_type":"bearer"
}
The OAuth 2.0 authenticator also supports automatic token refreshing which is explained in more detail in section 6 of RFC 6749.
In order to use the OAuth 2.0 authenticator the application needs to have a login route:
App.Router.map(function() {
this.route('login');
});This route displays the login form with fields for identification and
password:
<form {{action 'authenticate' on='submit'}}>
<label for="identification">Login</label>
{{input value=identification placeholder='Enter Login'}}
<label for="password">Password</label>
{{input value=password placeholder='Enter Password' type='password'}}
<button type="submit">Login</button>
</form>The authenticate action authenticates the session with the
'simple-auth-authenticator:oauth2-password-grant' authenticator:
authenticate: function() {
var data = this.getProperties('identification', 'password');
return this.get('session').authenticate('simple-auth-authenticator:oauth2-password-grant', data);
}There are lots of middlewares for different server stacks that support OAuth 2.0 and the "Resource Owner Password Credentials Grant Type" and that work with this library:
- rack-oauth2: https://github.com/nov/rack-oauth2
- doorkeeper: https://github.com/applicake/doorkeeper
- Rails app template: https://github.com/bazzel/rails-templates/blob/master/ember-simple-auth.rb
- oauth2-server: https://github.com/php-loep/oauth2-server
- zfr-oauth2-server: https://github.com/zf-fr/zfr-oauth2-server
- zfr-oauth2-server-module (for ZF2): https://github.com/zf-fr/zfr-oauth2-server-module
- scribe-java: https://github.com/fernandezpablo85/scribe-java
- oauth2orize: https://github.com/jaredhanson/oauth2orize
The authorizer (see the
API docs for Authorizers.OAuth2)
is compliant with RFC 6750 (OAuth 2.0 Bearer Tokens)
and thus fits the OAuth 2.0 authenticator. It simply injects an Authorization
header with the access_token that the authenticator acquired into all
requests:
Authorization: Bearer <access_token>
To use the authorizer, configure it on the application's environment object:
//config/environment.js
ENV['simple-auth'] = {
authorizer: 'simple-auth-authorizer:oauth2-bearer'
}To install Ember Simple Auth OAuth 2.0 in an Ember.js application there are several options:
-
If you're using Ember CLI, just add the Ember CLI Addon to your project and Ember Simple Auth OAuth 2.0 will setup itself.
-
The Ember Simple Auth OAuth 2.0 extension library is also included in the "ember-simple-auth" bower package both in a browserified version as well as an AMD build. If you're using the AMD build from bower be sure to require the autoloader:
require('simple-auth-oauth2/ember');
The browserified version will, like the Ember CLI addon, also setup itself once it is loaded in the application.
-
Download a prebuilt version from the releases page