Ever since FastBoot was first announced at EmberConf 2015 it was clear to us that we wanted to have out-of-the-box support for it in Ember Simple Auth. Our goal was to make sure that Ember Simple Auth did not keep anyone from adopting FastBoot and adopting FastBoot would not result in people having to figure out their own authentication and authorization solutions. Today we're happy to announce the availability of Ember Simple Auth 1.2.0-beta.1, the first release with out-of-the-box support for FastBoot.
Ember Simple Auth 1.2 seamlessly synchronizes the session state between the browser and FastBoot server. When a user logs in to an Ember.js application and refreshes the page or comes back to the app later - triggering a request that's handled by the FastBoot server - Ember Simple Auth will send the session state along with that request, pick it up in the app instance that's running in the FastBoot server and make sure the Ember route is being loaded and rendered in the correct session context. If the session turns out to be invalid for some reason, the server will invalidate it and the user will be redirected to the login page via a proper HTTP redirect.
Ember Simple Auth has always had the concept of session stores that persist the session state so that it survives page reloads (or users leaving the app and coming back later). One of these session stores turned out to be the perfect fit for the aforementioned session syncing mechanism – the cookie session store. Browsers will automatically send cookies for a particular origin along with any request to that origin. Also, servers can modify cookies sent by the browser and include updates in the response that the browser will automatically pick up - effectively enabling bidirectional state synchronization.
The main challenge with enabling the cookie session store to run both in the
browser as well as in Node though was that the APIs for cookie handling are
obviously totally different in both environments. In the browser there is
document.cookie
while in server apps running in Node, cookies are being read
and written via the Cookie
and Set-Cookie
headers. That meant we had to come
up with a way to read and write cookies via a common interface that we could
rely on in the cookie session store and that abstracted these environment
specific APIs under the hood (much like what
ember-network does for
the fetch API). Therefore
we created
ember-cookies
which is a cookies abstraction that works in the browser as well as in
Node and that's now being used internally by the cookie session store.
ember-cookies exposes a cookies service with
read
, write
and
clear
methods:
// app/controllers/application.js
import Ember from 'ember';
const { inject: { service } } = Ember;
export default Ember.Controller.extend({
cookies: service(),
intl: service(),
beforeModel() {
let locale = this.get('cookies').read('locale');
this.get('intl').set('locale', locale);
},
});
As most of Ember Simple Auth's support for FastBoot is based on the cookie session store, enabling FastBoot support is as easy as defining the application session store as:
// app/session-stores/application.js
import Cookie from 'ember-simple-auth/session-stores/cookie';
export default Cookie.extend();
If you're interested in learning more about the underlying concepts check out the talk about Authentication and Session Management in FastBoot that I gave at EmberCamp in London in June.
Out-of-the-box support for FastBoot is likely the most prominent addition in this release but there are quite some other changes as well, including:
In addition to these changes, fixed issues include:
config/environment.js
, see
#1041This certainly is one of the larger releases in Ember Simple Auth's history and a lot of people have helped to make it happen. We'd like to thank all of our (at the time of this writing) 141 contributors, with particular mention to Steven Wu, Kyle Mellander, Arjan Singh and Josemar Luedke for awesome contributions to the Fastboot effort and ember-cookies.
As this is a beta release, there are probably some rough edges. We'd like everyone to try it, regardless of whether they're using Fastboot already or not and report bugs, outdated or bad documentation etc. on github.
Continue Reading