Upload
stephen-vance
View
65
Download
0
Embed Size (px)
Citation preview
Ember and OAuth2Boston Ember.js March 9, 2017 Stephen Vance
What We’ll Cover
• What is OAuth2?
• ember-simple-auth
• torii
• The Big Picture
2
OAuth2• Authentication (who you are) and Authorization (what can you do)
• OAuth is an authorization protocol
• Why do we use it for authentication?
• Implicit and authorization code grant types
• Scopes
3
Authorization Code Grant
AppBob1. Use GitHub
GitHub2. Bob wants access
3. Can App have access?
4. Bob says yes (authorization code)
Auth Server
5. I need a key
6. A
uth
code
+
secr
et
7. Token + scopes
8. Token + scopes
4
ember-simple-auth (ESA)
Client-side session
Authenticates the session
Authorizes requests
5
How ESA Works• session service
• Authenticators (ToriiAuthenticator)
• ApplicationRouteMixin
• AuthenticatedRouteMixin
• UnauthenticatedRouteMixin
• Authorizers
• DataAdapterMixin
6
How torii Works
• Simple API: open, fetch, close
• Can be used by itself (e.g., ember-twiddle)
8
9
For Reference• OAuth2 RFC: https://tools.ietf.org/html/rfc6749
• Section 4.1 details Authorization Code Grant
• ember-simple-auth: https://github.com/simplabs/ember-simple-auth
• GitHub with torii Guide: https://github.com/simplabs/ember-simple-auth/blob/master/guides/auth-torii-with-github.md
• torii: https://github.com/Vestorly/torii
• GitHub API docs: https://developer.github.com/v3/
• OAuth details: https://developer.github.com/v3/oauth/
• ember-data-github: https://github.com/elwayman02/ember-data-github
10
Usage Examples
• https://github.com/srvance/simple-auth-torii-github-demo
• https://github.com/srvance/git-time-machine
• https://github.com/ember-cli/ember-twiddle
• https://github.com/hawkup/github-stars
11
Contact MeStephen Vance
http://www.vance.com
@StephenRVance
srvance on GitHub and LinkedIn
12