Ember-what-session
This Ember addon provides a simple authentication service called session
which persists a JWT bearer token in localStorage
after
authenticating via OAuth2 or an username/password combination.
Facebook, Google, and Github are supported OAuth2 providers.
Alternatives
This addon provides the main features of the combination of ember-simple-auth and torii without all of the cruft. However, those addons are more featureful and more configurable.
Usage
Configure the addon in config/environment.js
:
module { var ENV = whatSession: tokenUrl: '/token' redirectBase: 'http://localhost:4200' providers: local: url: '/token' google: id: 'GOOGLE_CLIENT_ID' // ...
Call the session.authenticate
function with the name of a provider (and with
a username and password for local authentication).
<button {{action session.authenticate 'google'}}>Login with Google</button><form> {{input value=email}} {{input value=password type='password'}} <button {{action session.authenticate 'local' email password}}>Login</button></form>
A popup will then present the user with the OAuth2 prompt. Note that the
redirect_uri
must be set to [redirectBase]/auth/callback/[provider]
in the provider's settings online.
If the user approves, ember-what-session will handle the callback for you and
send a request to your backend to tokenUrl
.
Your backend should respond with a JWT after fetching the user's information
from the appropriate provider (or verifying that the password is correct).
Ember-what-session will decode the token and provide access to its contents via
session.claims
. You may use the claims to populate a service that extends
session
or a different service that injects it.
;; ;
Then you can use session.user
anywhere in your application since
ember-what-session injects itself into components, controllers, and routes.
{{#if session.user}} <span>{{session.user.name}}</span> <button {{action session.deauthenticate}}>Logout</button>{{/if}}
It's that easy! And the session will be kept synchronized between tabs.
Planned Features
This addon does not support automatically refreshing tokens yet.
Backend Example
Here is an example of an overly-simple ES7 node backend that uses koa, jsonwebtoken, and whatauth to fetch the user's profile from the relevant provider and then return a token.
;;;; const jwt_secret = "JWT_SECRET_123"; const whatauth = google: id: "GOOGLE_CLIENT_ID" secret: "GOOGLE_CLIENT_SECRET" ; const app = ;const router = ; router; router; { const auth = ctxheaderauthorization; if !auth ctxstatus = 401; else const token = auth1; const claims = await jwt; ctxstateuser = name: claimsname ; await ; } app; moduleexports = app;
Installation
git clone https://github.com/w-hat/ember-what-session
cd ember-what-session
npm install
bower install
Running
ember serve
- Visit your app at http://localhost:4200.
Running Tests
npm test
(Runsember try:each
to test your addon against multiple Ember versions)ember test
ember test --server
Building
ember build
For more information on using ember-cli, visit https://ember-cli.com/.