authorize assertion removed from Ember Simple Auth 2.1.1.
hb9hnt opened this issue · 5 comments
According to the ember-simple-auth repo the authorize assertion should not be used any more:
mainmatter/ember-simple-auth#2010
The authorize assertian has been removed from Ember Simple Auth 2.1.1. This breaks the following code:
https://github.com/jpadilla/ember-simple-auth-token/blob/facc3bea47196abc553d0248e3aca8c43254440d/addon/mixins/token-authorizer.js#L39-L48
I'll work on a PR to resolve this if is hasn't been fixed already and I'm just looking in the wrong place.
@PUREMATH Good point. I have been doing this manually without token-authorizer, but that isn't ideal. However, I'm not sure that we want to change this because we want to maintain backwards compatibility. Therefore, I have created a new token-adapter mixin to serve this purpose. Thoughts?
@fenichelar Good point, the new adapter is definitely the better way forward. I was also worried about breaking backwards compatiblity but wasn't sure how to fix this.
My own fix looks pretty much like yours. There was one point I wasn't sure about, though. Maybe you can explain to me why this works: If the token is refreshed, the isAuthorized-Property of the session service doesn't change. That's why I don't understand how the Authorization header (i.e. the headers computed property) is updated in this case since the computed property doesn't have to be reevaluated.
Thanks for your help.
@PUREMATH You are correct. Below is what I use in my applications.
headers: computed('session.data.authenticated', function() {
if (this.session.isAuthenticated) {
return {
Authorization: `Bearer ${this.session.data.authenticated.token}`,
};
} else {
return {};
}
}),Computed should depend on session.data.authenticated not session.isAuthenticated.
I don't use the variables for header name, prefix, and token property name. I also don't use this.get( because I am using a version of ember that does not require it. But here I think we should use this.get(.
I have made the correction to this PR. Thank you for catching this.
I ended up creating a factory function to create the computed property to make it depend on the tokenPropertyName:
that way I don't have to depend on the whole session.data.authenticated Object, but it makes the code more complex. I'm not sure whether this is worth it.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.