Example of ember-simple-auth-oauth2 session data

0
votes

In my Rails app, I am trying to set a cookie to be picked up by Ember Simple Auth's cookie store after the page has loaded. I am using the Ember Simple Auth OAuth2 authorizer.

Right now, I am just planting the OAuth data directly as the cookie value:

{
  "token_type": "bearer",
  "access_token": "3ec78864cc017982fdeeb0c092bfbea3f104df1e18c9c67f222581d9353f3fce",
  "refresh_token": "cb03c07b8845ea7b40251b0df46839177bd7b51b3dd1d23f167890b9e1549f07",
  "created_at": 1436454055,
  "expires_in": 7060,
  "expires_at": 1436461254
}

I'm guessing this isn't what Ember Simple Auth expects because the syncData function reads it once and then replaces it with this value after the next cookie poll:

{ secure: {} }

What should the data look like for OAuth 2? I'm guessing it's the same no matter how it's stored (cookie vs. local storage vs. ephemeral storage).

After looking at this screenshot from this post, I figure I'm probably way off, and I've been having trouble understanding where to poke around in the Ember Simple Auth source to figure this out.

2
ember.jsember-simple-auth

2 Answers

1
votes

Ember Simple Auth only uses the cookie to store its internal state. The cookie cannot be set from the server and also should not be used on the server side. The library is solely meant for implementing token authentication for stateless (= cookie-less) APIs.

See the README for more info about how OAuth 2.0 works with ESA: https://github.com/simplabs/ember-simple-auth/tree/master/packages/ember-simple-auth-oauth2#ember-simple-auth-oauth-20

0
votes

I believe that Marco's advice in the accepted answer should be followed if at all possible.

But, poking around a little more, I figured out that the cookie content would need to look like this in order for Ember Simple Auth OAuth 2 to recognize it:

{
  "secure": {
    "authenticator": "simple-auth-authenticator:oauth2-password-grant",
    "token_type": "bearer",
    "access_token": "3ec78864cc017982fdeeb0c092bfbea3f104df1e18c9c67f222581d9353f3fce",
    "refresh_token": "cb03c07b8845ea7b40251b0df46839177bd7b51b3dd1d23f167890b9e1549f07",
    "created_at": 1436454055,
    "expires_in": 7060,
    "expires_at": 1436461254
  }
}

Of course, there are some drawbacks to this approach, namely that upgrading Ember Simple Auth could break if it changes the format of how it stores this data.

If you set cookies from another app like I'm attempting to do, you'd need to be mindful about reviewing this format after each update of Ember Simple Auth. The best way to accomplish this is to create a blank Ember app with Simple Auth installed and configured, then review the format of the data that it stores after you sign in to the app.