Search code examples
ember.jsember-simple-auth

Handling Multiple Accounts in Ember Simple Auth

I'm using Ember 2.3 with Ember Simple Auth 1.0 and am wondering if anyone had any suggestions on the best approach to handle the following situation:

With the particular industry my platform serves, most staff are actually independent contractors and therefore could belong to multiple businesses. With that said, I have some specific requirements that I'm trying to address:

  • Avoid having to create a separate account with separate credentials for each business the staff member belongs to.
  • Allow credentials to be revoked at any time for a particular account.
  • Allow for account-level permissions.
  • Make it simple to switch accounts from inside the application without having to fully-reauthenticate.

To achieve this, my initial implementation is based around issuing a single JWT (using ember-simple-auth-token) for each user account. The proposed authentication flow would be as follows:

  1. User logs in with username and password
  2. System authenticates and if credentials are valid, return a token for each account.
    • If the system returns no tokens, return an error.
    • If the system returns a single token, use that token by default and redirect to the authenticated area of the site.
    • If the system returns more than one token, display a list of the accounts associated with those tokens and allow the user to choose the one in which they will be assuming the role of at that point.

What to do when the system returns more than one token is where I have questions:

  • Is there a way to "intercept" to allow the user to choose which account/token to use before ESA commits the token to the session in local storage?
  • If I want the user to be able to switch accounts, is it just a matter of swapping out the token value in local storage?

If there's anything else I should consider, I'd appreciate the feedback. If you also happen to think this is a terrible approach and have some feedback, I'd absolutely love it.

Cheers.

Solution

  • From ESA's perspective the user would be authenticated when the backend responds with one or more tokens (you'll have to implement a custom authenticator and authorizer of course). The fact that the session actually contains multiple tokens for multiple accounts isn't relevant for ESA really - that would be sth. that you'd need to handle in your application code instead.

    Once the session is authenticated with one or more tokens, you can access them via the session's data.authenticated property, e.g. this.get('session.data.authenticated.tokens') etc. You could store the currently active account the user wants to use in the session's non-authenticated area, e.g. this.get('session.data').set('activeToken', 'whatever').