authorize() method doesn't fire for CustomAuthorizer

Question

I've upgraded an ember-cli app with a custom authenticator and authorizer for simple-auth from 0.0.40 and ember-cli-simple-auth 0.6.3 to versions 0.0.46 and 0.6.7, respectively.

Authentication works fine, but the authorize() method doesn't fire, so the security token isn't added to the header and http 401 errors are returned.

I've read elsewhere that this could be a lack of crossOriginWhitelist issue, but I have this in my index.html:

<script>
  window.EmberENV = {{EMBER_ENV}};
  <!-- Ember Simple Auth relies on window.ENV to read its configuration -->
  window.ENV = window.EmberENV;
  window.ENV['simple-auth'] = {
      authorizer: 'authorizer:custom',
     crossOriginWhitelist: window.EmberENV.APP.crossOriginWhitelist
  };
</script>

which seems fine to me.

I can eliminate the 401 error by adding this to the ajax call in my beforeModel() authorization check:

            beforeSend: function (request)
            {
                request.setRequestHeader('Authorization', 'Bearer ' + self.get('session.token'));
            },

but that ain't right, of course; it's just a band-aid.

Anyone have any ideas?

Thanks,

BillyB

Answer 1

I found the problem.

The only changes I made other than upgrading the ember-cli version was to switch from ember-simple-auth to ember-cli-simple-auth, the Ember Simple Auth base library packaged as an Ember CLI Addon.

The latter accepts its configuration in ember-cli's environment.js instead of in an inline script in index.html, as I had done above. This worked:

    ENV['simple-auth'] = {
      authenticationRoute: 'login',
      routeAfterAuthentication: 'index',
      routeIfAlreadyAuthenticated: 'index',
      authorizer: 'authorizer:custom',
      crossOriginWhitelist: ENV.APP.crossOriginWhitelist

Note to folks at simple-auth: this was not well-documented, or at least I missed it.

-BillyB