Add the following line to your Gemfile
:
gem 'omniauth-auth0'
If you're using this strategy with Rails, also add the following for CSRF protection:
gem 'omniauth-rails_csrf_protection'
Then install:
$ bundle install
See our contributing guide for information on local installation for development.
Adding the SDK to your Rails app requires a few steps:
Create the file ./config/auth0.yml
within your application directory with the following content:
development:
auth0_domain: <YOUR_DOMAIN>
auth0_client_id: <YOUR_CLIENT_ID>
auth0_client_secret: <YOUR AUTH0 CLIENT SECRET>
Create a new Ruby file in ./config/initializers/auth0.rb
to configure the OmniAuth middleware:
AUTH0_CONFIG = Rails.application.config_for(:auth0)
Rails.application.config.middleware.use OmniAuth::Builder do
provider(
:auth0,
AUTH0_CONFIG['auth0_client_id'],
AUTH0_CONFIG['auth0_client_secret'],
AUTH0_CONFIG['auth0_domain'],
callback_path: '/auth/auth0/callback',
authorize_params: {
scope: 'openid profile'
}
)
end
Create a new controller ./app/controllers/auth0_controller.rb
to handle the callback from Auth0.
You can also run
rails generate controller auth0 callback failure logout --skip-assets --skip-helper --skip-routes --skip-template-engine
to scaffold this controller for you.
# ./app/controllers/auth0_controller.rb
class Auth0Controller < ApplicationController
def callback
# OmniAuth stores the information returned from Auth0 and the IdP in request.env['omniauth.auth'].
# In this code, you will pull the raw_info supplied from the id_token and assign it to the session.
# Refer to https://github.com/auth0/omniauth-auth0/blob/master/EXAMPLES.md#example-of-the-resulting-authentication-hash for complete information on 'omniauth.auth' contents.
auth_info = request.env['omniauth.auth']
session[:userinfo] = auth_info['extra']['raw_info']
# Redirect to the URL you want after successful auth
redirect_to '/dashboard'
end
def failure
# Handles failed authentication -- Show a failure page (you can also handle with a redirect)
@error_msg = request.params['message']
end
def logout
# you will finish this in a later step
end
end
Finally, add the following routes to your ./config/routes.rb
file:
Rails.application.routes.draw do
# ..
get '/auth/auth0/callback' => 'auth0#callback'
get '/auth/failure' => 'auth0#failure'
get '/auth/logout' => 'auth0#logout'
end
To redirect your users to Auth0 for authentication, redirect your users to the /auth/auth0
endpoint of your app. One way to do this is to use a link or button on a page:
<%= button_to 'Login', '/auth/auth0', method: :post %>
We appreciate feedback and contribution to this repo! Before you get started, please see the following:
To provide feedback or report a bug, please raise an issue on our issue tracker.
Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout Why Auth0?
This project is licensed under the MIT license. See the LICENSE file for more info.