5

I have a project going on and I've been using the server side to handle my authentication and authorization through express/passport domain cookies which kind of auto-magically handle the state by sending the sid cookie back and forth.

I had not built much of an auth management on the client, I was just getting the user data which express would bootstrap for me in the server view as a global js object. I wanted to handle this better in ember so I started implementing ember-simple-auth and I was able to handle the logins, state etc. pretty well there but it appears that it always depends on a token strategy.

Right now my code looks like this and as you can see I'm having to resolve a promise with a token object in it to make it work, but my desired strategy doesn't require tokens. 

authenticate: function(credentials) {
          var _this = this;
          return new Ember.RSVP.Promise(function(resolve, reject) {
              Ember.$.ajax({
                  url: _this.tokenEndpoint,
                  type: 'POST',
                  data: JSON.stringify({
                      email: credentials.identification,
                      password: credentials.password
                  }),
                  contentType: 'application/json'
              }).then(function(response) {

                  Ember.run(function() {
                      resolve({
                          token: response.session.token
                      });
                  });
              }, function(xhr, status, error) {
                  var response = JSON.parse(xhr.responseText);
                  Ember.run(function() {
                      reject(response.error);
                  });
              });
          });
      },

My question is can ember-simple-auth be adapted to work with the express/passport domain cookies or do i have to change my server to use a bearer strategy or oauth2 or something.

Thank you.

4

1 回答 1

4

Ember Simple Auth 本身不需要令牌。在大多数情况下,尽管“授权者”需要一个令牌才能将其注入到您的 API 服务器的请求中(请参见此处:http ://ember-simple-auth.simplabs.com/ember-simple-auth-api-docs .html#SimpleAuth-Authorizers-Base)。如果您使用 cookie,则实际上不需要授权人,因为无论如何 cookie 都会被发送到服务器,让它识别经过身份验证的用户。在这种情况下,您可以简单地使用例如{ authenticated: true }fromauthenticate方法解析并在方法中检查该值restore

restore: function(data) {
  return new Ember.RSVP.Promise(function(resolve, reject) {
    if (data.authenticated) {
      resolve(data);
    } else {
      reject();
    }
  });
}
于 2014-07-26T08:34:49.450 回答