Ember Auth user persistance

4
votes

So I have a ember-rails app set up with an authentication API and I can successfully (or not) authenticate with ember auth and everything works. However, the authentication only persists for the duration of the current application session. If I reload the page or enter the URL, I must re-authenticate.

Is there some setting or configuration necessary to make the auth token longer lived? I'm not necessarily talking about "Remember Me" functionality, so much as making a single session a bit hardier.

My basic code:

Auth Object: 

App.Auth = Em.Auth.create
  currentUser: null
  signInEndPoint: '/users/sign_in'
  signOutEndPoint: '/users/sign_out'
  tokenKey: 'auth_token'
  tokenIdKey: 'user_id'

Sign in View:

App.AuthSignInView = Ember.View.extend
  templateName: 'auth/sign_in'

  email:    null
  password: null

  submit: (event, view) ->
    event.preventDefault()
    event.stopPropagation()
    StripfighterEmber.Auth.signIn
      data:
        email:    @get 'email'
        password: @get 'password'

Auth Template: 

<form class="form-inline">
  {{view Ember.TextField class="input-small" placeholder="Email" valueBinding="view.email"}}
  {{view Ember.TextField type="password" class="input-small" placeholder="Password" valueBinding="view.password"}}
  <button type="submit" class="btn btn-inverse btn-small">Sign in</button>
</form>
2
apiauthenticationember.js

2 Answers

2
votes

ember-auth dev here.

Your use case is essentially a default-on "remember me", but with a very short duration. You could still enable rememberable (with auto-recall on), and just "silently opt-in" to this feature, i.e. make your server return a remember cookie as long as the sign in is valid.

The reason behind this is that, from an ember app's point of view, there is no way of differentiate between a browser restart, a url change, and a refresh. All these represent an app restart. From this, ember needs to restore the app state from saved information (cookies, localStorage) and passed information (url). The authentication session is no different. The rememberable module saves the auth token in the former (you pick, cookie or localStorage); the urlAuthenticatable module lets you pass in auth info in the url.

As Mike has said, you could also roll your own, but I would advise you to take advantage of existing functionalities ("other people's efforts").

2
votes

Is there some setting or configuration necessary to make the auth token longer lived? I'm not necessarily talking about "Remember Me" functionality, so much as making a single session a bit hardier.

You could save the auth token to a cookie or local storage. but I would not recommend it. That's what the remember-me functionality built into ember-auth is for. http://ember-auth.herokuapp.com/docs