Where would I best add the Authorisation header with the bearer token to a remote source?

[bracke]

remote.defaultFetchSettings.headers['Authorization'] = Bearer ${access_token};

[dgeb]

Apologies for the delay in answering.

If you have some endpoints that are public and others that are authenticated, I'd recommend a strategy that overrides the source's initFetchSettings method to inspect the current session data and set the Authorization header accordingly.

For example, take a look at this app's data-sources/remote.js:

import JSONAPISource, { JSONAPISerializer } from '@orbit/jsonapi';
import Orbit from '@orbit/data';
import fetch from 'fetch';
import { getOwner } from '@ember/application';
import { isPresent } from '@ember/utils';

export default {
  create(injections = {}) {
    const app = getOwner(injections);
    const session = app.lookup('service:session');

    class RemoteSource extends JSONAPISource {
      initFetchSettings(customSettings = {}) {
        let settings = super.initFetchSettings(customSettings);

        if (session.isAuthenticated) {
          let { token } = session.data.authenticated;
          if (isPresent(token)) {
            settings.headers['Authorization'] = `Bearer ${token}`;
          }
        }

        return settings;
      }
    }

    class Serializer extends JSONAPISerializer {
    }

    Orbit.fetch = fetch;

    injections.name = 'remote';
    injections.namespace = 'api/v1';
    injections.SerializerClass = Serializer;

    return new RemoteSource(injections);
  }
};

[tchak]

We should move this content to guides. Contributions in doing so are welcome!

[dgeb]

I should point out that, in the v0.16 beta, initFetchSettings is now on the new JSONAPIRequestProcessor class, which can be extended and passed in as an argument when creating JSONAPISource:

https://github.com/orbitjs/orbit/blob/master/packages/%40orbit/jsonapi/src/jsonapi-source.ts#L53

[cmitz]

So, if I understand correctly, your example file would now look like this:

import RemoteSource, { JSONAPIRequestProcessor } from '@orbit/jsonapi';
import { getOwner } from '@ember/application';
import { isPresent } from '@ember/utils';

export default {
  create(injections = {}) {
    class RemoteRequestProcessor extends JSONAPIRequestProcessor {
      initFetchSettings(customSettings = {}) {
        let settings = super.initFetchSettings(customSettings);

        const app = getOwner(injections);
        const session = app.lookup('service:session')

        if (session.isAuthenticated) {
          let { access_token } = session.data.authenticated;
          if (isPresent(access_token)) {
            settings.headers['Authorization'] = `Bearer ${access_token}`;
          }
        }

        return settings;
      }
    }

    injections.name = 'remote';
    injections.host = 'http://localhost:3000';
    injections.namespace = 'api/v1';
    injections.RequestProcessorClass = RemoteRequestProcessor;

    return new RemoteSource(injections);
  }
};

Edit: it seems I cannot access Ember stuff in here. But man, this is becoming a bit of a headache :p

Edit 2: I've managed to get it working, the code above works!
I'm using Ember Octane (3.15.0) and Ember-Orbit 0.16.4.

[RobbieTheWagner]

Did anyone document this? This is very useful info!