can I use ember-simple-auth with express/passport session domain cookies

Question

I have a project going on and I've been using the server side to handle my authentication and authorization through express/passport domain cookies which kind of auto-magically handle the state by sending the sid cookie back and forth.

I had not built much of an auth management on the client, I was just getting the user data which express would bootstrap for me in the server view as a global js object. I wanted to handle this better in ember so I started implementing ember-simple-auth and I was able to handle the logins, state etc. pretty well there but it appears that it always depends on a token strategy.

Right now my code looks like this and as you can see I'm having to resolve a promise with a token object in it to make it work, but my desired strategy doesn't require tokens.

authenticate: function(credentials) {
          var _this = this;
          return new Ember.RSVP.Promise(function(resolve, reject) {
              Ember.$.ajax({
                  url: _this.tokenEndpoint,
                  type: 'POST',
                  data: JSON.stringify({
                      email: credentials.identification,
                      password: credentials.password
                  }),
                  contentType: 'application/json'
              }).then(function(response) {

                  Ember.run(function() {
                      resolve({
                          token: response.session.token
                      });
                  });
              }, function(xhr, status, error) {
                  var response = JSON.parse(xhr.responseText);
                  Ember.run(function() {
                      reject(response.error);
                  });
              });
          });
      },

My question is can ember-simple-auth be adapted to work with the express/passport domain cookies or do i have to change my server to use a bearer strategy or oauth2 or something.

Thank you.

Answer 1

Ember Simple Auth itself doesn't require the token. In most cases though the "authorizer" needs a token in order to inject it into requests going to your API server (see here: http://ember-simple-auth.simplabs.com/ember-simple-auth-api-docs.html#SimpleAuth-Authorizers-Base). If you're using cookies you don't actually need an authorizer though as the cookie will be sent to the server anyway letting it identify the authenticated user. In that case you could simply resolve with e.g. { authenticated: true } from the authenticate method and check for that value in the restore method:

restore: function(data) {
  return new Ember.RSVP.Promise(function(resolve, reject) {
    if (data.authenticated) {
      resolve(data);
    } else {
      reject();
    }
  });
}