Ember Simple Auth immediately invalidates the session after authenticating with Torii

3
votes

I am trying to set up Torii with my own OAuth flow and Ember-Simple-Auth. I can get a successful authentication event, but immediately after I authenticate, the invalidateSession trigger is fired causing my session to end. I can see this by intercepting sessionInvalidated() in /app/routes/application.js (which has the ApplicationRouteMixin).

Have any of you come across this? Is there something peculiar that would cause an immediate session validation? Any advice would be greatly appreciated.

EDIT: I think it has to do with the torii popup code because the first return works, but the second doesn't. Any thoughts?

import OAuth2 from 'torii/providers/oauth2-code';
import {configurable} from 'torii/configuration';

export default OAuth2.extend({
  name: 'api',
  init() { this.set('clientID', this.get('apiKey')); },

  baseUrl: configurable('baseUrl'),

  redirectUri: configurable('redirectUri'),
  responseParams: ['access_token', 'user_id', 'first_name'],

  requiredUrlParams: ['client_id', 'redirect_uri', 'response_type'],

  open() {
    let name        = this.get('name');
    let url         = this.buildUrl();
    let redirectUri = this.get('redirectUri');
    let responseParams = this.get('responseParams');

    // this return works
    return { 'yes' : 'no' }

    // this return causes the immediate invalidation
    return this.get('popup').open(url, responseParams).then((authData) => {
      var missingResponseParams = [];

      responseParams.forEach(function(param){
        if (authData[param] === undefined) {
          missingResponseParams.push(param);
        }
      });

      if (missingResponseParams.length){
        throw new Error("The response from the provider is missing " +
              "these required response params: " + missingResponseParams.join(', '));
      }

      return {
        access_token: authData.access_token,
        first_name: authData.first_name,
        user_id: authData.user_id,
        provider: name,
        redirectUri: redirectUri
      };
    });
  }
});
2
ember.jsember-simple-authtorii
I'm having the exact same problem FWIW. I added debugger statements inside both the sessionAuthenticated and sessionInvalidated hooks in the ApplicationRouteMixin. After authing, I hit the first debugger statement and see the auth credentials in localStorage, then I hit the second debugger statement and the auth credentials are gone.danpaz
@danpaz check this out: github.com/simplabs/ember-simple-auth/pull/931. This branch worked for me, hopefully it works for you too.shicholas
Worked for me, thanks!danpaz

2 Answers

3
votes

the real answer is using this fork: https://github.com/simplabs/ember-simple-auth/pull/931 (hopefully it'll be in master soon).

2
votes

You might have this.get('session').invalidate(); somewhere. Probably in one of your controllers action properties. You would usually put that in your actions for your logout button. Maybe you copy and pasted it by accident. If you post some code I might be able to look at it some more