I’m not sure to understand, as the JavaScript code is readable, you can’t really hash your password client-side as you would need to expose the salt.
The way I’m doing is using HTTPS only, sending the password in clear text for registration, hashing it on server. Then my server never returns anything to the client (not even the hashed password), and only communicate to my API using an OAuth2 token (I really recommend you to use Ember-Simple-Auth for that).
That’s the simplest workflow.