API refresh tokens


Sorry I thought this would be easy. I am hitting a webapi that returns a refresh token that I need to refresh pretty often. The token gets attached to the header in the RestDataAdapter.headers.

Since this is a call out of the normal Ember models I used Ember mutex to create a call that will check the token and refresh it as needed. The first thing I found out is that I could not use a Promise inside the .headers method without overriding the ajaxOptions of the adapter

headers: Ember.computed(function () {
	let store = this.get('store');

	function failure(error) {
		throw error;

	function successful(token) {
		return {
			"Authorization": 'Bearer ' + token.access_token,
			"Developer_Info": "Ember application by Hal Diggs & Jason Barkley",
			"Refresh_Token": token.refresh_token

	return API.refreshTokenSynced(store).then(successful).catch(failure);

//override option generation
ajaxOptions: function ajaxOptions(url, type, options) {
	var hash = options || {};
	hash.url = url;
	hash.type = type;
	hash.dataType = 'json';
	hash.context = this;

	if (hash.data && type !== 'GET') {
		hash.contentType = 'application/json; charset=utf-8';
		hash.data = JSON.stringify(hash.data);

	//here is where I get the headers as a Promise
	return this.get('headers').then(function (headers) {
		if (headers !== undefined) {
			hash.beforeSend = function (xhr) {
				Object.keys(headers).forEach(function (key) {
					return xhr.setRequestHeader(key, headers[key]);
		return hash;

Functionally this works, refreshTokenSynced() checks the expirations dates and calls out of it has to, except that for some reason I get a load of payload warnings about models not existing, thousands as a matter of fact. Which leads me to believe I shouldn’t be doing this or I am missing something in my translation.

I have to believe this is done all the time, so it’s me that has the idiot hat on. How does this get done such that I can examine the tokens and do something BEFORE the dataadapter gets used.

Thanks for any help.


Have you looked at https://ember-simple-auth.com/? It is made to handle these problems.


I had heard but not investigated it because our original site already has a home-rolled authentication control built in. However I guess this could be a good reason to replace it.