ember and oauth2
TRANSCRIPT
![Page 1: Ember and OAuth2](https://reader030.vdocuments.net/reader030/viewer/2022021503/58ce7d8e1a28ab210a8b4d41/html5/thumbnails/1.jpg)
Ember and OAuth2Boston Ember.js March 9, 2017 Stephen Vance
![Page 2: Ember and OAuth2](https://reader030.vdocuments.net/reader030/viewer/2022021503/58ce7d8e1a28ab210a8b4d41/html5/thumbnails/2.jpg)
What We’ll Cover
• What is OAuth2?
• ember-simple-auth
• torii
• The Big Picture
2
![Page 3: Ember and OAuth2](https://reader030.vdocuments.net/reader030/viewer/2022021503/58ce7d8e1a28ab210a8b4d41/html5/thumbnails/3.jpg)
OAuth2• Authentication (who you are) and Authorization (what can you do)
• OAuth is an authorization protocol
• Why do we use it for authentication?
• Implicit and authorization code grant types
• Scopes
3
![Page 4: Ember and OAuth2](https://reader030.vdocuments.net/reader030/viewer/2022021503/58ce7d8e1a28ab210a8b4d41/html5/thumbnails/4.jpg)
Authorization Code Grant
AppBob1. Use GitHub
GitHub2. Bob wants access
3. Can App have access?
4. Bob says yes (authorization code)
Auth Server
5. I need a key
6. A
uth
code
+
secr
et
7. Token + scopes
8. Token + scopes
4
![Page 5: Ember and OAuth2](https://reader030.vdocuments.net/reader030/viewer/2022021503/58ce7d8e1a28ab210a8b4d41/html5/thumbnails/5.jpg)
ember-simple-auth (ESA)
Client-side session
Authenticates the session
Authorizes requests
5
![Page 6: Ember and OAuth2](https://reader030.vdocuments.net/reader030/viewer/2022021503/58ce7d8e1a28ab210a8b4d41/html5/thumbnails/6.jpg)
How ESA Works• session service
• Authenticators (ToriiAuthenticator)
• ApplicationRouteMixin
• AuthenticatedRouteMixin
• UnauthenticatedRouteMixin
• Authorizers
• DataAdapterMixin
6
![Page 8: Ember and OAuth2](https://reader030.vdocuments.net/reader030/viewer/2022021503/58ce7d8e1a28ab210a8b4d41/html5/thumbnails/8.jpg)
How torii Works
• Simple API: open, fetch, close
• Can be used by itself (e.g., ember-twiddle)
8
![Page 9: Ember and OAuth2](https://reader030.vdocuments.net/reader030/viewer/2022021503/58ce7d8e1a28ab210a8b4d41/html5/thumbnails/9.jpg)
9
![Page 10: Ember and OAuth2](https://reader030.vdocuments.net/reader030/viewer/2022021503/58ce7d8e1a28ab210a8b4d41/html5/thumbnails/10.jpg)
For Reference• OAuth2 RFC: https://tools.ietf.org/html/rfc6749
• Section 4.1 details Authorization Code Grant
• ember-simple-auth: https://github.com/simplabs/ember-simple-auth
• GitHub with torii Guide: https://github.com/simplabs/ember-simple-auth/blob/master/guides/auth-torii-with-github.md
• torii: https://github.com/Vestorly/torii
• GitHub API docs: https://developer.github.com/v3/
• OAuth details: https://developer.github.com/v3/oauth/
• ember-data-github: https://github.com/elwayman02/ember-data-github
10
![Page 11: Ember and OAuth2](https://reader030.vdocuments.net/reader030/viewer/2022021503/58ce7d8e1a28ab210a8b4d41/html5/thumbnails/11.jpg)
Usage Examples
• https://github.com/srvance/simple-auth-torii-github-demo
• https://github.com/srvance/git-time-machine
• https://github.com/ember-cli/ember-twiddle
• https://github.com/hawkup/github-stars
11
![Page 12: Ember and OAuth2](https://reader030.vdocuments.net/reader030/viewer/2022021503/58ce7d8e1a28ab210a8b4d41/html5/thumbnails/12.jpg)
Contact MeStephen Vance
http://www.vance.com
@StephenRVance
srvance on GitHub and LinkedIn
12