I am about start a new project and I want to separate it into small apps, which will have a separate Ember app and an API. The thing is that I don’t want the user signing into those apps one by one. That’s why I am planning to create a custom OAuth2.0 provider, which will be used to centralize the user logins (is there a better way?).
I am not sure about the flow of the process though. My current idea is as follows:
- Open the Ember app
- Redirect to the OAuth provider (login if you haven’t logged in)
- Redirect back to Ember app with an access token
- Pass the access token to the API of the Ember app
- API app gets the user data from the OAuth provider using that token
- API returns the user data to the Ember app
- If everything is ok, I create a new session in the Ember app
Couple of questions arise from this approach
- Do I need to use the token and get the user from the OAuth provider on every single request to the API?
- Or I just store the user data in the API?
Do you think that this flow is good or maybe you would use a different one? Any suggestions are welcomed