An example app to demonstrate torii.
Create a google application.
- Visit https://console.developers.google.com/project
- Create a new project
- Click "Use Google APIs" to enable/disable APIs
- Ensure "Google+ API" is enabled
- Click the "Credentials" link in the side panel
- Configure OAuth consent screen
- Add an "OAuth 2.0 client ID" credential
- Choose "Web application" credential
- Enter required information, use 'http://localhost:4200/' for authorized redirect URI
 
- Copy your client_id(can ignore theclient_secretfor now)
- In config/environment.jsset theapiKeyproperty to your copiedclient_idfor the 'google-oauth2-bearer' provider
Optionally change scopes by setting the 'scopes' parameter to 'profile' or 'email' in your configuration. List of Google OAuth login scopes. The default scope for the google-oauth2-bearer is email if none is explicitly configured.
First, follow the steps as above for the implicit grant flow.
If it is not already present add a configuration section in config/environment.js for
a torii provider called 'google-oauth2'. Use the same apiKey and redirectUri values
as for the google-oauth2-bearer provider.
Authorization Code Grant flow requires a server-side component.
There is a simple server running at heroku that can exchange an authorization code. The configuration already points at this endpoint to handle the server-side exchange for the access token. Demo server code is at: https://github.com/bantic/torii-example-for-global-ember-backend
Follow the steps above for the authorization code grant flow.
Ensure the torii configuration specifies a sessionServiceName property of 'session'. This is necessary to opt-in to Torii's session management.
Notice that a torii-adapter called 'application' has been created.
When signing in with google, the torii session service will:
- openthe torii built-in 'google-oauth2' provider, resulting in an authorization code
- torii's session will attempt to find a 'google-oauth2' adapter, and fall back to using the 'application' adapter
- the authorization code from the provider will be passed to the openmethod of the 'application' adapter
- the 'application' adapter, which we have written for this application, will:
- POST the authorization code to our own backend
- our backend will exchange this code for an access token and then use the token to retrieve the user's email
- our backend will log in the user by email, or create a new user for this email if none exists
- our backend responds with a session id for this user
 
- the adapter receives the session id and stores it in local storage
- the adapter returns a promise that resolves with a {currentUser}object
- the torii session service merges that currentUserproperty and transitions the session to its authenticate state