Login/signup in ember without any addon


#1

I have been recently going through emberjs 3.x.I have done a basic CRUD application which stores contacts and updates them.

I wanted to create users and store separate contacts for each of them. But If I search about it in google I end up only in examples using only addons. Is there any way to do login/signup without addons in ember?


#2

You can certainly roll your own authentication solution but I think there are several reasons the vast majority of people use addons (ember-simple-auth being the most popular):

  1. It’s non-trivial, there are edge cases and a number of things to consider even in a very simple OAuth implementation.
  2. You’d be reinventing the wheel in the vast majority of cases. Unless you have a purely custom backend authentication mechanism you’re probably going to be using pretty standard conventions. Why spend time reinventing something which has a time-tested and community supported solution already?
  3. You can contribute to the community. Instead of trying to roll your own solution you could always try to contribute to ESA or Torii

So… I personally would strongly recommend just using an addon, probably ESA. Depending on what your backend authentication service looks like it will be a lot easier. ESA for example provides a session management service, an auth store (e.g. cookie/localstorage/etc), an easy and flexible mixin for defining “secure” routes, and plugins/authenticators for a variety of different authentication methods/types like password grant, implicit grant, 3rd party systems like facebook/google/twitter, etc. If you want to roll your own you’re going to have to come up with a lot of that by yourself and unless you’d really like to do this as an exercise for yourself that seems like a lot more effort than it’s worth.

Of course if you have any more questions about specific authentication concerns or methods or addons or whatever definitely don’t hesitate to ask.


#3

I totally agree, the only one case in which I went for my own login is in one app where the user can access a set of commands (aka pushbuttons) that if pressed for mistake can create trouble. For several reasons that are out of the scope of this topic, I did not want to rely only on a confirmation popup, so I hidden the pushbuttons and built a sort of client-side-only login that makes those pushbuttons visible. The status is saved in a service and is retained until logout or complete browser page refresh.


#4

If I am using ESA should I write my own authenticator in the case where I have my own backend java server?


#5

Does your java backend use any standard authentication method or libraries? Like is it an OAuth implementation or totally hand-rolled?

ESA provides a pretty good set of basic authenticators, OAuth2PasswordGrant probably being one of the most common. If you’re using a custom auth backend or something which isn’t covered in the scope of the included authenticators though then yeah you’ll need to write your own.