1
votes

I'm using the ember-cli-simple-auth addon with Torii for my authentication flow.

So far I've managed to get authentication working using both a custom Torii Provider combined with a custom Simple Auth Authenticator.

I'd now like to use a custom Simple Auth Authorizer to inject the access token into requests.

Following the documentation https://github.com/simplabs/ember-simple-auth#implementing-a-custom-authorizer I've added a custom authorizer & initializer

authorizers/myservice.js

import Base from 'simple-auth/authorizers/base';
import Ember from 'ember';

export default Base.extend({
  /**
    @method authorize
    @param {jqXHR} jqXHR The XHR request to authorize (see http://api.jquery.com/jQuery.ajax/#jqXHR)
    @param {Object} requestOptions The options as provided to the `$.ajax` method (see http://api.jquery.com/jQuery.ajaxPrefilter/)
  */
  authorize: function(jqXHR) {
    var accessToken = this.get('session.content.token');
    if (this.get('session.isAuthenticated') && !Ember.isEmpty(accessToken)) {
      jqXHR.setRequestHeader('Authorization', 'Bearer ' + accessToken);
    }
  }
});

initializers/authorization.js

import MyserviceAuthorizer from '../authorizers/myservice';

export function initialize(container, application) {
  container.register('authorizer:myservice', MyserviceAuthorizer);
}

export default {
  name: 'authorization',
  before: 'simple-auth',
  initialize: initialize
};

& included in config/environment.jsin the development environment

ENV['simple-auth'] = {
  authorizer: 'authorizer:myservice',
  crossOriginWhitelist: ['*']
}

Unfortunately by adding this it has now broken the authentication.

It looks like Torii is no longer receiving the response.

The response from the provider is missing these required response params: access_token, token_type, expires_in

I've included both the Torii Provider code & Simple Auth Authenticator code here too.

Any suggestions or help would be very much appreciated, i'm a bit stuck with this.

torii-providers/myservice.js

import Provider from 'torii/providers/oauth2-bearer';
import {configurable} from 'torii/configuration';
import env from '../config/environment';

export default Provider.extend({
  name: 'myservice',
  baseUrl: (env.api_host + '/oauth/authorize'),

  responseParams: ['access_token', 'token_type', 'expires_in'],

  redirectUri: configurable('redirectUri', function(){
    // A hack that allows redirectUri to be configurable
    // but default to the superclass
    return this._super();
  })
});

And a custom Simple Auth authenticator

authenticators/myservice.js

import Ember from 'ember';
import Base from 'simple-auth/authenticators/base';
import ajax from 'ic-ajax';

export default Base.extend({
  restore: function(data) {
    return new Ember.RSVP.Promise(function(resolve, reject) {
      if(!Ember.isEmpty(data.currentUser)) {
        resolve(data);
      } else {
        reject();
      }
    });
  },

  authenticate: function(options) {
    return this.fetchOauthData(options).then(this.fetchUserData.bind(this));
  },

  fetchUserData: function(oauthData) {
    var token = oauthData.token.access_token;
    return ajax({
        url: '/api/v1/users/me',
        type: "GET",
        beforeSend: function (xhr) {
          xhr.setRequestHeader("Authorization", "Bearer " + token);
        }
    }).then(function(userJSON){
      return {
        currentUser: userJSON.user,
        token: token
      };
    });
  },

  fetchOauthData: function(options) {
    return new Ember.RSVP.Promise(function(resolve, reject) {
      options.torii.open(options.provider).then(function(oauthData) {
        resolve({
          provider: oauthData.provider,
          token: oauthData.authorizationToken
        });
      }, function(error) {
        reject(error);
      });
    });
  }
});
1

1 Answers

1
votes

This might be related to the fact, that Ember CLI automatically registers everything under app folder in the container. Although the following quote from Ember CLI documentation doesn't explain that clearly, but it gives a hint:

All modules in the app folder can be loaded by the resolver but typically classes such as mixins and utils should be loaded manually with an import statement.

If your authorizer file is app/authorizers/myservice.js, Ember CLI will register it under 'authorizer:myservice' name on a container. Container in turn will create a singleton instance when it is looked up. Since you do the same registration in the initializer, there may be some kind of a conflict.