UNPKG

simple-lock

Version:

Ember-simple-auth addon for Auth0 + Lock.js

github.com/brancusi/simple-lock

brancusi/simple-lock

240 lines (180 loc) 6.89 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
# Simple-Lock ### An ember-cli addon for using [Auth0](https://auth0.com/) with [Ember Simple Auth](https://github.com/simplabs/ember-simple-auth). Auth0's [lock](https://github.com/auth0/lock) widget, is a nice way to get a fully functional signup and login workflow into your app. ## What does it do? * it __wires up Auth0's Lock.js to work with ember simple auth__. * it __lets you work with ember simple auth__ just like you normally do! ## Installation and Setup ### Auth0 If you don't already have an account, go signup at for free: [Auth0](https://auth0.com/) 1. Create a new app through your dashboard. 2. Done! ### Install ember and simple-lock using ember-cli __Simple Lock requires at least Ember CLI 0.2.7 or higher__ ```bash ember new hello-safe-world cd hello-safe-world ember install simple-lock ``` If you want to get up and running right away, you can scaffold all the neccesary routes with to play with: ```bash ember generate scaffold-lock ``` ### Configuration There are two configuration options. 1. (REQUIRED) - _clientID_ - Grab from your Auth0 Dashboard 2. (REQUIRED) - _domain_ - Grab from your Auth0 Dashboard *The below simple-auth config object works out the box with the scaffold* ```js // config/environment.js ENV['simple-auth'] = { authenticationRoute: 'index', routeAfterAuthentication: 'protected', routeIfAlreadyAuthenticated: 'protected' } ENV['simple-lock'] = { clientID: "auth0_client_id", domain: "auth0_domain" } ``` __At this point if you ran *scaffold-lock*, you can fire up ember server:__ ```bash ember server ``` __The below steps will outline the steps to get up and running with the scaffolding:__ ### Suggested security config ```js // config/environment.js ENV['contentSecurityPolicy'] = { 'font-src': "'self' data: https://*.auth0.com", 'style-src': "'self' 'unsafe-inline'", 'script-src': "'self' 'unsafe-eval' https://*.auth0.com", 'img-src': '*.gravatar.com *.wp.com data:', 'connect-src': "'self' http://localhost:* https://your-app-domain.auth0.com" }; ``` ### Caveats 1. Because ember simple auth listens for local storage changes, updates in one tab will trigger token refreshes in all open tabs of the same domain. This is not critical for long lived JWTs but will be noticable if there are several tabs of the app running on the same browser with very short lived JWTs. *I'm open to suggestions on getting around this.* ## Manual Setup __Simple Lock__ is just a regular __authorizer__ that conforms to the [Ember Simple Auth](https://github.com/simplabs/ember-simple-auth) interface. Please follow the docs to get everything working as usual, and just add the call to the *simple-auth-authenticator:lock* __authorizer__ in your ```authenticate``` call. ### Actions Once the standard [Ember Simple Auth](https://github.com/simplabs/ember-simple-auth) ```application_route_mixin``` is added to your app route, you will be able to use all the usual actions: [Docs](https://github.com/simplabs/ember-simple-auth) __Here is an example application route:__ ```js // app/routes/application.js import Ember from 'ember'; import ApplicationRouteMixin from 'simple-auth/mixins/application-route-mixin'; export default Ember.Route.extend(ApplicationRouteMixin, { actions: { sessionRequiresAuthentication: function(){ // Check out the docs for all the options: // https://auth0.com/docs/libraries/lock/customization // These options will request a refresh token and launch lock.js in popup mode by default var lockOptions = {authParams:{scope: 'openid offline_access'}}; this.get('session').authenticate('simple-auth-authenticator:lock', lockOptions); } } }); ``` __Then from your template you could trigger the usual actions:__ ```html // app/templates/application.hbs {{#if session.isAuthenticated}} <a {{ action 'invalidateSession' }}>Logout</a> {{else}} <a {{ action 'sessionRequiresAuthentication' }}>Login</a> {{/if}} ``` ### Custom Authorizers You can easily extend the __Simple Lock__ base __authorizer__ to play hooky with some cool __hooks__. Here's how: ```bash ember generate authenticator my-dope-authenticator ``` This will create the following stub authenticator: ```js // app/authorizers/my-dope-authenticator.js import Base from 'simple-lock/authenticators/lock'; export default Base.extend({ /** * Hook that gets called after the jwt has expired * but before we notify the rest of the system. * Great place to add cleanup to expire any third-party * tokens or other cleanup. * * IMPORTANT: You must return a promise, else logout * will not continue. * * @return {Promise} */ beforeExpire: function(){ return Ember.RSVP.resolve(); }, /** * Hook that gets called after Auth0 successfully * authenticates the user. * Great place to make additional calls to other * services, custom db, firebase, etc. then * decorate the session object and pass it along. * * IMPORTANT: You must return a promise with the * session data. * * @param {Object} data Session object * @return {Promise} Promise with decorated session object */ afterAuth: function(data){ return Ember.RSVP.resolve(data); }, /** * Hook called after auth0 refreshes the jwt * based on the refreshToken. * * This only fires if lock.js was passed in * the offline_mode scope params * * IMPORTANT: You must return a promise with the * session data. * * @param {Object} data The new jwt * @return {Promise} The decorated session object */ afterRestore: function(data){ return Ember.RSVP.resolve(data); }, /** * Hook that gets called after Auth0 successfully * refreshes the jwt if (refresh token is enabled). * * Great place to make additional calls to other * services, custom db, firebase, etc. then * decorate the session object and pass it along. * * IMPORTANT: You must return a promise with the * session data. * * @param {Object} data Session object * @return {Promise} Promise with decorated session object */ afterRefresh: function(data){ return Ember.RSVP.resolve(data); } }); ``` Once you've made your custom authenticator. Just do the following in your app route: ```js import Ember from 'ember'; import ApplicationRouteMixin from 'simple-auth/mixins/application-route-mixin'; export default Ember.Route.extend(ApplicationRouteMixin, { actions: { sessionRequiresAuthentication: function(){ // Check out the docs for all the options: // https://auth0.com/docs/libraries/lock/customization var lockOptions = {authParams:{scope: 'openid offline_access'}}; this.get('session').authenticate('simple-auth-authenticator:my-dope-authenticator', lockOptions); } } }); ``` __Enjoy!__