I'm using the ember-cli-simple-auth addon with Torii for my authentication flow.
So far I've managed to get authentication working using both a custom Torii Provider combined with a custom Simple Auth Authenticator.
I'd now like to use a custom Simple Auth Authorizer to inject the access token into requests.
Following the documentation https://github.com/simplabs/ember-simple-auth#implementing-a-custom-authorizer I've added a custom authorizer & initializer
authorizers/myservice.js
import Base from 'simple-auth/authorizers/base';
import Ember from 'ember';
export default Base.extend({
/**
@method authorize
@param {jqXHR} jqXHR The XHR request to authorize (see http://api.jquery.com/jQuery.ajax/#jqXHR)
@param {Object} requestOptions The options as provided to the `$.ajax` method (see http://api.jquery.com/jQuery.ajaxPrefilter/)
*/
authorize: function(jqXHR) {
var accessToken = this.get('session.content.token');
if (this.get('session.isAuthenticated') && !Ember.isEmpty(accessToken)) {
jqXHR.setRequestHeader('Authorization', 'Bearer ' + accessToken);
}
}
});
initializers/authorization.js
import MyserviceAuthorizer from '../authorizers/myservice';
export function initialize(container, application) {
container.register('authorizer:myservice', MyserviceAuthorizer);
}
export default {
name: 'authorization',
before: 'simple-auth',
initialize: initialize
};
& included in config/environment.jsin the development environment
ENV['simple-auth'] = {
authorizer: 'authorizer:myservice',
crossOriginWhitelist: ['*']
}
Unfortunately by adding this it has now broken the authentication.
It looks like Torii is no longer receiving the response.
The response from the provider is missing these required response params: access_token, token_type, expires_in
I've included both the Torii Provider code & Simple Auth Authenticator code here too.
Any suggestions or help would be very much appreciated, i'm a bit stuck with this.
torii-providers/myservice.js
import Provider from 'torii/providers/oauth2-bearer';
import {configurable} from 'torii/configuration';
import env from '../config/environment';
export default Provider.extend({
name: 'myservice',
baseUrl: (env.api_host + '/oauth/authorize'),
responseParams: ['access_token', 'token_type', 'expires_in'],
redirectUri: configurable('redirectUri', function(){
// A hack that allows redirectUri to be configurable
// but default to the superclass
return this._super();
})
});
And a custom Simple Auth authenticator
authenticators/myservice.js
import Ember from 'ember';
import Base from 'simple-auth/authenticators/base';
import ajax from 'ic-ajax';
export default Base.extend({
restore: function(data) {
return new Ember.RSVP.Promise(function(resolve, reject) {
if(!Ember.isEmpty(data.currentUser)) {
resolve(data);
} else {
reject();
}
});
},
authenticate: function(options) {
return this.fetchOauthData(options).then(this.fetchUserData.bind(this));
},
fetchUserData: function(oauthData) {
var token = oauthData.token.access_token;
return ajax({
url: '/api/v1/users/me',
type: "GET",
beforeSend: function (xhr) {
xhr.setRequestHeader("Authorization", "Bearer " + token);
}
}).then(function(userJSON){
return {
currentUser: userJSON.user,
token: token
};
});
},
fetchOauthData: function(options) {
return new Ember.RSVP.Promise(function(resolve, reject) {
options.torii.open(options.provider).then(function(oauthData) {
resolve({
provider: oauthData.provider,
token: oauthData.authorizationToken
});
}, function(error) {
reject(error);
});
});
}
});