Calling an Ember action from outside the app (Oauth popup redirect)

michaelrkn · September 9, 2014, 5:19am

In an app I’m building, users can tweet within the app, and so we have to authenticate against Twitter using OAuth1.0a. As part of the process, we have to pop up a window in which the user can log into Twitter and grant permission to create posts on their behalf. After they grant permission, Twitter redirects them to a URL of our choice, and adds two query parameters for the tokens we need to post tweets on the user’s behalf.

That URL needs to load a page which executes JavaScript to grab the parameters from the URL, pass them back to the Ember app, and then close the page. The code I came up with to do that is:

var getParameter = function(parameter) {
  return decodeURI(window.location.search.replace(new RegExp("^(?:.*[&\\?]" + encodeURI(parameter).replace(/[\.\+\*]/g, "\\$&") + "(?:\\=([^&]*))?)?.*$", "i"), "$1"));
};

var oauth_token = getParameter('oauth_token');
var oauth_verifier = getParameter('oauth_verifier');
var twitterController = window.opener.App.__container__.lookup('controller:twitter-authentication');

twitterController.set('oauth_token', oauth_token);
twitterController.set('oauth_verifier', oauth_verifier);
twitterController.send('afterAuthentication');
window.close();

The part I’m concerned about is window.opener.App.__container__.lookup('controller:twitter-authentication');. I understand that you’re not “supposed” to use App.__container__ except for debugging, but how else can I trigger an action on my app from the child window? Is there a better way to do this?

Thanks in advance!

jasonmit · September 9, 2014, 8:24am

I don’t have the answer for you but torii does exactly this, so perhaps you can look at how they’re doing it.

If I recall correctly, I believe they’re using window.postMessage to communicate with the popup.

https://github.com/Vestorly/torii

dteoh · September 11, 2014, 1:38am

You can do what Discourse does, which is to let the popup communicate the auth tokens to window.opener, and then close itself. The ember app polls the popup window state, checking if it has been closed. When the popup has closed, you can resume your authentication logic.

michaelrkn · September 11, 2014, 2:27am

Thanks @dteoh and @jasonmit - looks like Torii also uses polling . That seems dirtier and less efficient, though, than letting the popup directly trigger the next step. It feels like I have to choose between two bad options: polling for the popup state, which is wasteful, or triggering the action from the popup, which uses an unsupported API.

Edit: just saw the window.postMessage bit - that may be what I’m looking for! I’ll play around with it. Thanks!

Topic		Replies	Views
Ember Simple Auth with external url authentication and callback with token Learning Team	3	2214	August 24, 2016
How do I invoke a controller action from the adapter?	3	1967	February 12, 2015
Handling oauth2 redirect from within a component	1	944	November 23, 2016
How to handle Lazy Authentication Design	0	1299	November 25, 2013
Authorize to access routes	7	5652	September 9, 2013

Calling an Ember action from outside the app (Oauth popup redirect)

Related Topics