Best IT Recipes

Ember authentication guidelines?

Does anyone have experience creating an authentication mechanism with a new router in pre4?

Here are some of my thoughts:

  • To completely separate the view (Ember application) from the server (Rails application), I want to use token authentication. I will most likely be using Devise on a Rails server.
  • I need something like the before_filter equivalent in an Ember application where I can check if the current user is there and if that user has an authentication token set.
  • The Rails server returns the current authentication token on every call. If it returns a zero authentication token, the Ember application should detect this and enter an unauthorized access state, redirecting it to the login window.

I suspect that for this I should use the Ember state machine, but I'm not sure how to proceed. Has anyone else solved this problem?

+47
Feb 01 '13 at 17:49
source share
5 answers

UPDATE: As @DustMason says in his answer, check out the amazing embercasts for best authentication methods.

To completely separate the view (Ember application) from the server (Rails application), I want to use token authentication. I will most likely be using Devise on a Rails server.

Has the meaning.

I need something like the before_filter equivalent in an Ember application where I can check if the current user is there and if that user has an authentication token set.

You can add the enter hook to the routes, this is roughly equivalent to the value of before_filter. But not sure what the best place to check for a token-original.

The Rails server returns the current authentication token on every call.

Has the meaning. We use cookie-auth and select the current user profile by calling /api/me , but both should work.

If it returns a zero authentication token, the Ember application should detect this and go into an unauthorized access state, redirecting it to the login window.

The fact is that (unlike rails) it is not easy to "protect" access to certain routes of embers. And regardless of the fact that the user can always open the open JS console and enter any state they want. Therefore, instead of thinking: "the user can enter this state only if he has passed authentication", think "what if an unauthorized user somehow goes to this route"

I suspect that for this I should use the Ember state machine, but I'm not sure how to proceed. Has anyone else solved this problem?

Our authorization needs are quite simple, so we did not find the right destination machine. Instead, we have the isAuthenticated property on the ApplicationController. We use this property in application.hbs to replace the main view with a login form when the user is not authenticated.

 {{if isAuthenticated}} {{render "topnav"}} {{outlet}} {{else}} {{render "login"}} {{/if}}

From ApplicationRoute we get the user profile:

 App.ApplicationRoute = Ember.Route.extend({ model: function() { var profiles; profiles = App.Profile.find({ alias: 'me' }); profiles.on("didLoad", function() { return profiles.resolve(profiles.get("firstObject")); }); return profiles; } });

Our ApplicationController then calculates the isAuthenticated property based on the returned profile.

+51
Feb 01 '13 at 19:27
source share

I would suggest using ember-auth . It implements all the necessary functions and works very well, in my opinion.

There is also a demo using Devise on Rails by the same author.

I also implemented the Ember-auth-based Ember core application with Devise Token Authentication and an Oauth example for Google and LinkedIn, which can be found here and live here: https://starter-app.herokuapp.com

+19
Apr 12 '13 at 19:55
source share

I recently switched from an auth system to order using ember-simple-auth , and it was very easy for me to integrate with my application. It fulfills all OP requirements and also supports update token support.

They have a really good API and a great set of examples. Anyone interested in token authentication should check it out.

+12
Dec 04 '13 at 23:02
source share

The recently released Ember asynchronous router makes it easy to set up a good auth stream in my opinion! Check out the two-part series at http://www.embercasts.com/ for a good example.

+4
Jun 30 '13 at 20:35
source share

Josep application example is really nice. I made a copy of my repo to show how to do this with ActiveRecord instead of mongoid, and also enable the Devise confirmation module. You can find it here . This repo was remodeled from scratch, not forked, because I wanted to force myself to go through all the steps to get it working. I will update this answer if I add a plug with the necessary changes to make it work.

+3
Apr 24 '13 at
source share


More articles:


All Articles