EmberJS Authentication/Ember Simple Auth Help


#1

Hello, I am currently in the process of learning Ember.js and I’m getting to the point where authentication would be nice in my app. From what I can see Ember Simple Auth is one of the more popular ways authentication for an Ember app.

Now I understand that to get this to work I need to generate a token of some sort on the backend server, but a few question.

  • Is Ember Simple Auth a secure solution?
  • Is there a better way of doing authentication?
  • What kind of information would that token contain?
  • Would I have to setup custom authorizers

If anyone could give me a little insight on authentication and EmberJs would be great.


Issueing a POST and receiving no id back
#2

As secure as any JavaScript solution can be, and also depends on how you use it.

Depending on your use case there might be, but there’s no objective way to say “this is better”.

Nothing, it’s a token so you can authenticate.

Depends on what you want to do.

Are you familiar with authentication in general? It shouldn’t be any different in Ember.


#3
  1. Ember Simple Auth provides out-of-box support for common authentication needs (like username/password, oauth etc.)

  2. A token can be anything that uniquely identifies a user session on the server, ranging from a simple text, uuid, encoded string, jwt etc. You might want to use custom authorizers depending on your need.

  3. In addition to session identification data, token may also contain roles/permission related data of logged in user. (refer to https://jwt.io for more details on this)

  4. For Authorization purposes, you might have to create custom helpers, Authorization Service (can be an extension of ESA Session service)

For basic understanding authentication in EmberJS, you can refer to:

https://emberigniter.com/implementing-authentication-with-ember-services/

https://emberigniter.com/real-world-authentication-with-ember-simple-auth/


#4

I use Simple Auth for Oauth2 and never had to set up any custom authorizer. If all you need is simple logging in then it works really well out of the box.


#5

Thanks Everyone! The various responses has helped me better understand authentication, decided to go with JWT authentication and I found a addon for Ember called Ember Simple Auth Token. I set it up the form data gets sent to my backend server and the server returns a token but it seems that nothing happens.

Currently the post data looks like this

{"password":"password","email":"example@email.com"}

And the Response looks like this

{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6ImV4YW1wbGVAZW1haWwuY29tIiwiaWQiOjIsInJvbGUiOiJ1c2VyIn0.amNWQ2pfJGg8gm25GkGbZCiSfFkhobizfD-Jx6ZU8Oo"}

I’m not sure if I am suppose to be sending back the token as a json response or if I am suppose to set it in the header or something along those lines.

If anyone knows about Ember Simple Auth Token or is more well versed than I am with this type of stuff I would really appreciate the help. :relaxed:

config/environment.js

  ENV['ember-simple-auth'] = {
    authorizer: 'authorizer:token',
  };
  ENV['ember-simple-auth-token'] = {
    serverTokenEndpoint: 'http://localhost:8080/api/token',
    identificationField: 'email',
    passwordField: 'password',
  };

app/controllers/login.js

import Ember from 'ember';

export default Ember.Controller.extend({
  session: Ember.inject.service(),

  actions: {
    authenticate: function() {
      var credentials = this.getProperties('identification', 'password'),
        authenticator = 'authenticator:jwt';

      this.get('session').authenticate(authenticator, credentials);
    }
  }
});

I think I’ve included everything that was changed to accommodate Ember Simple Auth and Ember Simple Auth Token.


#6

You might be required to customize REST/JSONAPI Adapter:

  1. Create Application Adapter using the following command $ ember g adapter application

  2. In the generated adapter file, add an entry for “authorizer”

import DS from 'ember-data';

import DataAdapterMixin from 'ember-simple-auth/mixins/data-adapter-mixin';

export default DS.RESTAdapter.extend(DataAdapterMixin, { namespace: 'api', authorizer: 'authorizer:token', headers: { withCredentials: true } });

if you are working with JSONAPI background, you would extend from JSONAPIAdapter instead of RESTAdapter


#7

That did the trick. Thank you!


#8

Thanks to all for a great solution. I would like to share my library for How to add fingerprint authentication to your app Please check here https://www.solutionanalysts.com/blog/how-to-add-fingerprint-authentication-to-your-app-tutorial/