Do I really need Oauth2 if Ember and back end are in the same domain and machine?


#1

Hello: I am suffering a lot trying to get ember-simple-auth working with my back end (Perl Mojolicious). I have problems in both ends.

But now I am thinking if all this tokens travelling back and forth worth the effort.

The Ember site and the back end are running in the same server and domain, for now and in the foreseable future. Most ot the articles about OAuth2 security talk about distributed architectures and remote apps but my site is almost monolithic.

Can it be done easily with cookies or sessions, as in a standard website?

At least until my ember proficency raises :slight_smile:

Thank you in advance! Nacho B.


#2

Hello!

For same domain authentication, a common pattern now-a-days is to use either

But, that said, if you want to do cookie-based authentication, there is a way: https://github.com/simplabs/ember-simple-auth/issues/1440

Hope this helps :slight_smile:


#3

Thank you!

At first sight, It seems that jwt is something lik an “extension” for ember-simple-auth, using a json object instead of a token, so it has all he complexities of ember-simple-auth.

I will try the cookies approach from your link, but there is no much info around.

Its not easy to search for differente alternatives about a “simple auth for ember” when the main library is called “ember-simple-auth”. :slight_smile: All the results point to the same place.

Regards: Nacho B,


#4

Oauth2 can still be a good fit on the same domain, but you want to use the Oauth2 Password Grant, which is designed for the first-party case.