How to implement an Ember Simple Auth using an external redirect

Question

Here's my workflow.

1. User presses a login button.
2. User is redirected to the API which redirects to a login page on a third party site (ADFS SAML).
3. User authenticates there, is returned to the API which decodes the response, creates a user and a JWT token (both stored in a datastore), and then redirects the user to Ember with a ?token= query parameter.

What I'd like to do is work this in to a custom ember-simple-auth authenticator (and authorizer?) in order to take advantage of the niceness of session and Authorization headers from there on.

Currently I've hacked an authenticator to do just the redirect to the identity provider. The rest of the API workflow is working. And I'm catching the token in a route on the way back and populating a User resource via a call to the database. But I feel that I'm heading down the wrong (and the long) path.

Any thoughts? Is this something that ember-simple-auth-token is designed for?

Answer 1

I solved this in last month. what i did was

1. click the login
2. redirect to the adfs
3. adfs login success-> redirect to my backend
4. backend generate a sso temp token with access token details which is already there and only valid for 2 minutes.
5. backend redirect web with a GET with params of sso temp token
6. frontend take the params of sso temp token and make another post ajax request to backend
7. Api will validate sso temp token and provide details ( access token and refresh token ) to the user
8. read response data for the post request in 6 and update on ember simple auth service using authenticate interface ( you can customize this using custom authenticator )

here is the custom authenticator class

import Base from 'ember-simple-auth/authenticators/base';
import {isEmpty} from '@ember/utils';
export default Base.extend({
  authenticate(data) {
    return new Promise((resolve, reject) => {

      if(data.access_token!=null){
        resolve({
          scope: data.scope,
          access_token: data.access_token,
        });
      }else{
        reject();
      }  })

    },

    restore(data) {
      return new Promise((resolve, reject) => {
        if (!isEmpty(data.access_token)) {
          resolve(data);
        } else {
          reject();
        }
      });
    },

  });

i have created a route to handle in the frontend to get the token which is sent by backend. so the route takes sso token by a get param ( cause backend cannot do a post to emberapp) so when the route triggers i catch the param in route and do a post method again to validate the token.

we are using redis generated tokens. so since this question is asked about the emberjs i illustrated the answer to support you on frontend. i have illustrate the concept as well to show what you need to do. so its up to you to dig up and find more about it. like how to create temporary JWT token, how to validate it, how to redirect to you to your backend with claims from the adfs and etc. i think i provide answer to the initial question you asked which is "How to implement an Ember Simple Auth using an external redirect"