Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Ember.js] Authentication with OAuth #2759

Closed
ErisDS opened this issue May 14, 2014 · 1 comment

Comments

Projects
None yet
2 participants
@ErisDS
Copy link
Member

commented May 14, 2014

In order to entirely separate our Ember admin UI from the server side, we're going to need to build a slightly different authentication mechanism.

Given that we want to add an OAuth-provider to Ghost in order to allow OAuth for the API, it seems to make sense to also use OAuth for the main user login.

There is a library called ember-simple-auth which adds support for doing all kinds of authentication, including oauth. By including this library, I think we open up a lot of potential possibilities for people to extend the Ghost login with different oauth or other authentication providers which is something that has been asked about quite a bit.

Not sure if this is the best library, it was just the first I've come across, but I thought I'd put this out there as it's related to #2413 and we're going to want to look at putting authentication into the Ember admin pretty soon.

@ErisDS ErisDS added this to the 0.4 Ember.js milestone May 14, 2014

@ErisDS ErisDS added users labels May 14, 2014

@ErisDS

This comment has been minimized.

Copy link
Member Author

commented May 14, 2014

@jgable thought I'd get this open as I think it's possibly quite related to some of the stuff you've been looking at with #2413.

@ErisDS ErisDS referenced this issue May 15, 2014

Merged

Improve signin #2764

@ErisDS ErisDS referenced this issue Jun 1, 2014

Closed

[Ember.js] admin UI rewrite #2271

59 of 61 tasks complete

@sebgie sebgie referenced this issue Jun 24, 2014

Merged

oAuth #3060

sebgie added a commit to sebgie/Ghost that referenced this issue Jun 30, 2014

oAuth
closes TryGhost#2759
closes TryGhost#3027

- added oauth2orize library for server side oAuth handling
- added ember-simple-auth library for admin oAuth handling
- added tables for client, accesstoken and refreshtoken
- implemented RFC6749 4.3 Ressouce Owner Password Credentials Grant
- updated api tests with oAuth
- removed session, authentication is now token based

Known issues:
- Restore spam prevention TryGhost#3128
- Signin after Signup TryGhost#3125
- Signin validation TryGhost#3125

**Attention**
- oldClient doesn't work with this PR anymore, session authentication
was
removed

@ErisDS ErisDS closed this in #3060 Jun 30, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.