The API docs for Ember Simple Auth OAuth 2.0 are available here
This is an extension to the Ember Simple Auth library that provides an authenticator and an authorizer that are compatible with OAuth 2.0.
The authenticator (see the
API docs for Authenticators.OAuth2
)
is compliant with RFC 6749 (OAuth 2.0),
specifically the "Resource Owner Password Credentials Grant Type". This grant
type basically specifies that the client sends a set of credentials to a
server:
POST /token HTTP/1.1
Host: server.example.com
Content-Type: application/x-www-form-urlencoded
grant_type=password&username=johndoe&password=A3ddj3w
and if those credentials are valid in exchange receives an access_token
:
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
{
"access_token":"2YotnFZFEjr1zCsicMWpAA",
"token_type":"bearer"
}
The OAuth 2.0 authenticator also supports automatic token refreshing which is explained in more detail in section 6 of RFC 6749.
In order to use the OAuth 2.0 authenticator the application needs to have a login route:
App.Router.map(function() {
this.route('login');
});
This route displays the login form with fields for identification
and
password
:
<form {{action 'authenticate' on='submit'}}>
<label for="identification">Login</label>
{{input id='identification' placeholder='Enter Login' value=identification}}
<label for="password">Password</label>
{{input id='password' placeholder='Enter Password' type='password' value=password}}
<button type="submit">Login</button>
</form>
The authenticate
action that is triggered by submitting the form is provided
by the LoginControllerMixin
that the respective controller in the application
can include (the controller can also implement its own action and use the
session API directly; see the
API docs for Session
).
It then also needs to specify the OAuth 2.0 authenticator to be used:
// app/controllers/login.js
import LoginControllerMixin from 'simple-auth/mixins/login-controller-mixin';
export default Ember.Controller.extend(LoginControllerMixin, {
authenticator: 'simple-auth-authenticator:oauth2-password-grant'
});
There are lots of middlewares for different server stacks that support OAuth 2.0 and the "Resource Owner Password Credentials Grant Type" and that work with this library:
- rack-oauth2: https://github.com/nov/rack-oauth2
- doorkeeper: https://github.com/applicake/doorkeeper
- Rails app template: https://github.com/bazzel/rails-templates/blob/master/ember-simple-auth.rb
- oauth2-server: https://github.com/php-loep/oauth2-server
- zfr-oauth2-server: https://github.com/zf-fr/zfr-oauth2-server
- zfr-oauth2-server-module (for ZF2): https://github.com/zf-fr/zfr-oauth2-server-module
- scribe-java: https://github.com/fernandezpablo85/scribe-java
- oauth2orize: https://github.com/jaredhanson/oauth2orize
The authorizer (see the
API docs for Authorizers.OAuth2
)
is compliant with RFC 6750 (OAuth 2.0 Bearer Tokens)
and thus fits the OAuth 2.0 authenticator. It simply injects an Authorization
header with the access_token
that the authenticator acquired into all
requests:
Authorization: Bearer <access_token>
To use the authorizer, configure it in the global environment object:
window.ENV = window.ENV || {};
window.ENV['simple-auth'] = {
authorizer: 'simple-auth-authorizer:oauth2-bearer'
}
To install Ember Simple Auth OAuth 2.0 in an Ember.js application there are several options:
-
If you're using Ember CLI, just add the Ember CLI Addon to your project and Ember Simple Auth OAuth 2.0 will setup itself.
-
The Ember Simple Auth OAuth 2.0 extension library is also included in the "ember-simple-auth" bower package both in a browserified version as well as an AMD build. If you're using the AMD build from bower be sure to require the autoloader:
require('simple-auth-oauth2/ember');
The browserified version will, like the Ember CLI addon, also setup itself once it is loaded in the application.
-
Download a prebuilt version from the releases page