0

I am currently working on an Ember 2.4.x application and I am using ember-simple-auth with a custom Authenticator and a custom Authoriser.

Upon successful authentication, the server responds with a json body containing information about the current user plus a cookie in the Response Headers:

Response Headers:
  Set-Cookie:Authorization=1s39gpzqy4d0w1quxekavz6yj1;Path=/

Now, the only thing I need, for each consecutive requests, is to send back that same cookie. I understand that with ember-simple-auth, I can use the block callback in order to set an additional header in my the custom authoriser. However, I could not find a way to resend that exact same cookie with each requests.

Also I am wondering whether I need an Authoriser at all since I am not setting any header, the server only cares about that cookie.

makabde
  • 85
  • 11

2 Answers2

1

If your authentication server issues a cookie you don't really need an authorizer at all as the browsers will automatically send the cookie with each consecutive request.

marcoow
  • 4,062
  • 1
  • 14
  • 21
  • Thanks for this answer, I got rid of the authorizer for now even though i am planning to pull some code from the authorizer mixin so that the application will route automatically in case the server sends a 401. Unfortunately I am still out ofluck with this cookie thing. It seems that either the browser or Ember are not sending back the cookie to the server. Is there anything I should be doing at all? – makabde Mar 23 '16 at 07:59
  • @marcoow this mean we don't need to do anything in ember-simple-auth. But how will ember-simple-auth will check if user is actually signed in or not etc? – omair azam May 28 '18 at 14:58
  • The idea would be that you implement a custom authenticator that just *assumes* the cookie to be present and the user to be successfully logged in when the login request succeeds (responds with a 200) although it cannot actually see the cookie. – marcoow May 29 '18 at 15:31
0

I finally managed to getting this to work. Basically I first followed the answer of that topic

Then, in my custom authenticator I am re-using the makeRequest method on which I had to set the xhrFields property:

makeRequest(data, options) {
  let serverTokenEndpoint = get(this, 'serverTokenEndpoint');
  let requestOptions = $.extend({
    url:      serverTokenEndpoint,
    type:     'POST',
    // The contentType must be passed to Jetty as it will default to
    // 'application/x-www-form-urlencoded'
    contentType: 'application/json',
    crossDomain: true,
    dataType: 'json',
    data,
    xhrFields: {
      withCredentials: true
    },

    beforeSend(xhr, settings) {
      xhr.setRequestHeader('Accept', settings.accepts.json);
    }
  }, options || {});

  return $.ajax(requestOptions);
}

I also found out that the server had to set Access-Control-Allow-Credentials:true in the Response Headers otherwise Ember would through an error.

Community
  • 1
  • 1
makabde
  • 85
  • 11