Auth0 Ember simple auth
Auth0's lock widget, is a nice way to get a fully functional signup and login workflow into your app.
What does it do?
- it wires up Auth0's Lock.js to work with ember simple auth.
- it lets you work with ember simple auth just like you normally do!
Installation and Setup
Auth0
If you don't already have an account, go signup at for free: Auth0
- Create a new app through your dashboard.
- Done!
Generate a new ember app and install auth0-ember-simple-auth
using ember-cli (Ember CLI >= 0.2.7)
ember new hello-safe-world
cd hello-safe-world
ember install auth0-ember-simple-auth
If you want to get up and running right away, you can scaffold all the necessary routes with to play with:
ember generate scaffold-lock
Configuration
There are two configuration options.
- (REQUIRED) - clientID - Grab from your Auth0 Dashboard
- (REQUIRED) - domain - Grab from your Auth0 Dashboard
The below simple-auth config object works out the box with the scaffold
ENV['simple-auth'] = {
authenticationRoute: 'index',
routeAfterAuthentication: 'protected',
routeIfAlreadyAuthenticated: 'protected'
}
ENV['simple-lock'] = {
clientID: "auth0_client_id",
domain: "auth0_domain"
}
At this point if you ran scaffold-lock, you can fire up ember server:
ember server --port
The below steps will outline the steps to get up and running with the scaffolding:
Suggested security config
Ember uses a content security policy to manage which resources are allowed to be run on your pages.
ENV['contentSecurityPolicy'] = {
'font-src': "'self' data: https://*.auth0.com",
'style-src': "'self' 'unsafe-inline'",
'script-src': "'self' 'unsafe-eval' https://*.auth0.com",
'img-src': '*.gravatar.com *.wp.com data:',
'connect-src': "'self' http://localhost:* https://your-app-domain.auth0.com"
};
Caveats
- Because ember simple auth listens for local storage changes, updates in one tab will trigger token refreshes in all open tabs of the same domain. This is not critical for long lived JWTs but will be noticeable if there are several tabs of the app running on the same browser with very short lived JWTs.
I'm open to suggestions on getting around this.
Manual Setup
auth0-ember-simple-auth is just a regular authorizer that conforms to the Ember Simple Auth interface. Please follow the docs to get everything working as usual, and just add the call to the simple-auth-authenticator:lock authorizer in your authenticate
call.
Actions
Once the standard Ember Simple Auth application_route_mixin
is added to your app route, you will be able to use all the usual actions: Docs
Here is an example application route:
import Ember from 'ember';
import ApplicationRouteMixin from 'simple-auth/mixins/application-route-mixin';
export default Ember.Route.extend(ApplicationRouteMixin, {
actions: {
sessionRequiresAuthentication: function(){
var lockOptions = {authParams:{scope: 'openid'}};
this.get('session').authenticate('simple-auth-authenticator:lock', lockOptions);
}
}
});
Then from your template you could trigger the usual actions:
// app/templates/application.hbs
{{#if session.isAuthenticated}}
<a {{ action 'invalidateSession' }}>Logout</a>
{{else}}
<a {{ action 'sessionRequiresAuthentication' }}>Login</a>
{{/if}}
Custom Authenticators
You can easily extend the Simple Lock base authenticator to play hooky with some cool hooks.
Here's how:
ember generate authenticator my-dope-authenticator
This will create the following stub authenticator:
import Base from 'simple-lock/authenticators/lock';
export default Base.extend({
beforeExpire: function(){
return Ember.RSVP.resolve();
},
afterAuth: function(data){
return Ember.RSVP.resolve(data);
},
afterRestore: function(data){
return Ember.RSVP.resolve(data);
},
afterRefresh: function(data){
return Ember.RSVP.resolve(data);
}
});
Once you've made your custom authenticator. Just do the following in your app route:
import Ember from 'ember';
import ApplicationRouteMixin from 'simple-auth/mixins/application-route-mixin';
export default Ember.Route.extend(ApplicationRouteMixin, {
actions: {
sessionRequiresAuthentication: function(){
var lockOptions = {authParams:{scope: 'openid'}};
this.get('session').authenticate('simple-auth-authenticator:my-dope-authenticator', lockOptions);
}
}
});
Credits
Written by @brancusi (Aram Zadikian), maintained in part by Auth0. Thanks Aram!
License
auth0-ember-simple-auth by Aram Zadikian. It is released under the MIT License.
Enjoy!