Calling an Ember action from outside the app (Oauth popup redirect)


#1

In an app I’m building, users can tweet within the app, and so we have to authenticate against Twitter using OAuth1.0a. As part of the process, we have to pop up a window in which the user can log into Twitter and grant permission to create posts on their behalf. After they grant permission, Twitter redirects them to a URL of our choice, and adds two query parameters for the tokens we need to post tweets on the user’s behalf.

That URL needs to load a page which executes JavaScript to grab the parameters from the URL, pass them back to the Ember app, and then close the page. The code I came up with to do that is:

var getParameter = function(parameter) {
  return decodeURI(window.location.search.replace(new RegExp("^(?:.*[&\\?]" + encodeURI(parameter).replace(/[\.\+\*]/g, "\\$&") + "(?:\\=([^&]*))?)?.*$", "i"), "$1"));
};

var oauth_token = getParameter('oauth_token');
var oauth_verifier = getParameter('oauth_verifier');
var twitterController = window.opener.App.__container__.lookup('controller:twitter-authentication');

twitterController.set('oauth_token', oauth_token);
twitterController.set('oauth_verifier', oauth_verifier);
twitterController.send('afterAuthentication');
window.close();

The part I’m concerned about is window.opener.App.__container__.lookup('controller:twitter-authentication');. I understand that you’re not “supposed” to use App.__container__ except for debugging, but how else can I trigger an action on my app from the child window? Is there a better way to do this?

Thanks in advance!


#2

I don’t have the answer for you but torii does exactly this, so perhaps you can look at how they’re doing it.

If I recall correctly, I believe they’re using window.postMessage to communicate with the popup.


#3

You can do what Discourse does, which is to let the popup communicate the auth tokens to window.opener, and then close itself. The ember app polls the popup window state, checking if it has been closed. When the popup has closed, you can resume your authentication logic.


#4

Thanks @dteoh and @jasonmit - looks like Torii also uses polling . That seems dirtier and less efficient, though, than letting the popup directly trigger the next step. It feels like I have to choose between two bad options: polling for the popup state, which is wasteful, or triggering the action from the popup, which uses an unsupported API. :frowning:

Edit: just saw the window.postMessage bit - that may be what I’m looking for! I’ll play around with it. Thanks!