Workflow for Ember-simple-auth, Torii and Facebook Oauth2

问题:

After my previous question about ember-simple-auth and torii, I successfully authenticate my users with their Facebook accounts.

But currently, torii's provider facebook-oauth2 is returning an authorization code from Facebook ; when the promise resolves, I send this authorization code to my backend where I perform a request against Facebook to get the user's id and email : then I authenticate the user on my backend, generating a specific access token and sending back to my ember application.

Client code :

// app/controllers/login.js import Ember from 'ember'; import LoginControllerMixin from 'simple-auth/mixins/login-controller-mixin';  export default Ember.Controller.extend(LoginControllerMixin, {     // This authenticator for a simple login/password authentication.     authenticator: 'simple-auth-authenticator:oauth2-password-grant',     actions: {         // This method for login with Facebook.         authenticateWithFacebook: function() {             var _this = this;             this.get('session').authenticate(                 'simple-auth-authenticator:torii',                 "facebook-oauth2"             ).then(                 function() {                     var authCode = _this.get('session.authorizationCode');                     Ember.$.ajax({                             type: "POST",                             url: window.ENV.host + "/facebook/auth.json",                             data: JSON.stringify({                                     auth_code: authCode                             }),                             contentType: "application/json; charset=utf-8",                             dataType: "json",                             success: function(data) {                                     // TODO : manage access_token and save it to the session                             },                             failure: function(errMsg) {                                     // TODO : manage error                             }                     });                 },                 function(error) {                     alert('There was an error when trying to sign you in: ' + error);                 }             );         }     } });

The problem is : the ember-simple-auth's session is marked as authenticated when the authenticate's promise resolves and then the app redirects to the specific authenticated route. But in this case the session should be authenticated when my backend returns the "real" access_token.

Is there a way to manage this workflow with ember-simple-auth-torii or should I write my own authenticator ?

回答1:

I finally wrote my own authenticator as Beerlington suggested. But also I give to my users a way to authenticate using login/password, so I overrode the ember-simple-auth-oauth2 authenticator, changing only the "authenticate" method and used ember-simple-auth-torii.

Now I can use Torii to get the authorization code from the user's Facebook account, send this code to my backend, authentify the user and generate an access token that will be managed by ember-simple-auth like an oauth2 token.

Here is the code :

// initializers/simple-auth-config.js import Ember from 'ember'; import Oauth2 from 'simple-auth-oauth2/authenticators/oauth2';  /**   Authenticator that extends simple-auth-oauth2 and wraps the   [Torii library](https://github.com/Vestorly/torii)'s facebook-oauth2 provider.      It is a mix between ember-simple-auth-torii and ember-simple-auth-oauth2.      First it uses Torii to get the facebook access token or the authorization code.      Then it performs a request to the backend's API in order to authenticate the     user (fetching personnal information from Facebook, creating account, login,     generate session and access token). Then it uses simple-auth's     oauth2 authenticator to maintain the session.      _The factory for this authenticator is registered as     `'authenticator:facebook'` in Ember's container._      @class Facebook     @namespace Authenticators     @extends Oauth2 */ var FacebookAuthenticator = Oauth2.extend({     /**     @property torii     @private     */     torii: null,      /**     @property provider     @private     */     provider: "facebook-oauth2",      /**     Authenticates the session by opening the torii provider. For more     documentation on torii, see the     [project's README](https://github.com/Vestorly/torii#readme). Then it makes a     request to the backend's token endpoint and manage the result to create     the session.      @method authenticate     @return {Ember.RSVP.Promise} A promise that resolves when the provider successfully      authenticates a user and rejects otherwise     */     authenticate: function() {         var _this = this;         return new Ember.RSVP.Promise(function(resolve, reject) {             _this.torii.open(_this.provider).then(function(data) {                 var data = {                     facebook_auth_code: data.authorizationCode                 };                 _this.makeRequest(_this.serverTokenEndpoint, data).then(function(response) {                     Ember.run(function() {                         var expiresAt = _this.absolutizeExpirationTime(response.expires_in);                         _this.scheduleAccessTokenRefresh(response.expires_in, expiresAt, response.refresh_token);                         if