How to handle authentication in an ember.js app

Question

I'm just beginning to study Ember.js and SPA's. I have a background in ASP.Net MVC/C#/Razor.

How does authentication work? In a regular website I just use an Oauth provider, and when it comes back with authenticated info, create a forms auth ticket.

I haven't found any good tuts/articles covering auth... Particularly on ASP.Net.

I can't wait to really start digging into ember.js, but I KNOW this will be important from the beginning for me.

Thanks!

Answer 1

In general, authentication in an Ember app is not too different from auth in most web apps. You use a session cookie to identify a user as logged in on the server and show a login UI if the session is not already authenticated.

In a traditional web app, that check & potential redirect would happen on a page request. In an Ember app, you would do it on an API request, typically sent from within your router and in the case of a API response indicating the user is not logged in, transitionTo a logIn route that shows the user a username/password form. If you are using OAuth, it would be a similar pattern, but instead allow the user to initiate the OAuth flow at that point.

Alternate approaches

Other patterns include verifying auth when you first load the Ember app's index.html page, or redirecting out of the Ember app to a traditional log in page when you API reports that the session is not logged in.

Notes

Regardless of your approach, it is important that each of your server APIs verify that your user is authenticated and authorized. Also, realize that you will typically be sending down all JS code and Handlebars templates to all users regardless of permissions. This is usually not an issue as no sensitive information is present in the JS or templates, but something to keep in mind.

Update:

I have become a fan of the new [torii][1] library to provide some simple primitives for dealing with authentication including with third-party services.