Ember.js with Single Sign On

A SSO solution using Ember and Ember SimpleAuth with cookie based storage.

Recently for a client, we found ourselves in the position where we needed to address the need for the user and a single client-side session across more than 1 domain. These domains all had the same parent (luckily) and would each host a separate Ember.js application. So we needed a single sign on solution that satisfied the needs of an Ember ecosystem.

We’ve been using an addon called Ember Simple Auth made by the team at Simple Labs for all of our Ember projects. Therefore, it made sense to find a solution that would also make use of the same addon. It’s a really great library with built-in authorizers and authenticators that along with its session service, easily meets all of our session management needs on the client-side.

In the past, we would use the oAuth2 authenticator and authorizer, along with the default LocalStorageStore for managing the access token. For a single sign on path, the local storage wasn’t going to cut it, since the applications were hosted on different domains. The CookieStore, though, was exactly what we wanted, since you can easily set a cookie on a parent domain that is then accessible on all of its subdomains. And what sealed the deal for us, was Simple Auth’s API extracting out all of the cookie management for us.

After we settled on how we were going to store the access token and configured the cookie domain, all that remained to do was to configure the authenticator(s), set the application authorizer, and wrap the session service in our own custom service.

Why use a custom service wrapper instead of Ember Simple Auth’s session service directly?

Good question! There is usually more to a client-side session that you want to manage than just authenticating and de-authenticating. We found that we generally need easy access to the user account that is currently signed in throughout various parts of our application. There is also Ember Store cleanup that is good practice to have when a user signs out. All of this promotes the case for our own custom session. With Ember Simple Auth 1.0, extending its Session object directly was deprecated in favor of using Ember’s dependency injection API for services, which is really great and easy to use.

If you ever find yourself in a similar situation where you need a single sign on solution for multiple subdomains using Ember.js, I can’t recommend enough using Ember Simple Auth and a cookie-based store for the access token. I’m also sharing a gist below with all of the application code you should need to get a cookie-based authentication going on your own app platform.

Thanks for reading! In case you are curious, we have more articles and info on software development, who we are at IcarusWorks, and life on our publication page and website.