Learn how to easily integrate Auth0 with Rails 6 to build secure APIs.
Brought for you by John Brennan
Let’s join the discussion and let us know your thoughts Ruby developers!
2 Likes
EDIT - FIXED
You need to add audience to your auth_config.json then specify the audience in createAuth0Client. Your audience is the “Api Identifier”, handily labelled as “API Audience” on the dashboard list of API’s
auth0 = await createAuth0Client({
domain: config.domain,
client_id: config.clientId,
audience: config.audience
});
Then use the same options (or at the very least specify the audience again, when calling getTokenSilently)
const accessToken = await auth0.getTokenSilently(auth0.options);
This will return an accessToken that is a JWT
ORIGINAL POST BELOW
For my client integration I am using the auth0-spa-js tutorial. I call getTokenSilently() but the access token returned is only 32 characters long and clearly a different format. Am I missing a step to transform the client issued token into a JWT?
This gettokensilently-returns-a-32-character-string-not-jwt explains that you have to set the audience. I have tried setting the audience, restarting my SPA and double-checking that the options are being sent on login but I only ever receive a 32 char string, not a JWT.
The code to get the AccessToken is thus:
const accessToken = await auth0.getTokenSilently();
console.log("Access Token")
console.log(accessToken)
Note, I have not specifically configured any audience or scopes with Auth0 - it is pretty much vanilla setup.
Your response appreciated.
1 Like
Howdy, @itinsley! Welcome to the Auth0 Community and thank you for reading the blog post. I am glad that you got the issue sorted out.
That’s right, the audience parameters, which as you point out is the API Identifier in the Auth0 Dashboard, helps you get the access token needed to make API calls.
This guide section is using the React SDK, but under the hood, that SDK uses the Auth0 SPA SDK: The Complete Guide to React User Authentication with Auth0
It highlights the initialization needed to get an access token.
Do you think that it would have been helpful to have included a demo client with this Rails blog post showing how to make protected API requests from a client to the Rails API?
1 Like
Hi, thanks for getting back to me. Yeah, I imagine that what I was trying to do is pretty common. I was setting up a Rails API and a React Front-End with Auth0 for security but I had to work from two different tutorials and this audience setting was pretty critical and took a while to find as I don’t think it is mentioned in the auth0-spa-js tutorial
Hello,
I’m following this guide for building my first Rails 6 + Auth0 API,
Buy I’ve encountered an issue I can’t find a solution to, please help me understand where to look for an answer:
I’m trying to make a first authenticated ‘create’ action by running:
curl -H “Content-Type: application/json” -H “Authorization: bearer $API_TOKEN” -d ‘{“body”:“this is my first chirp!”, “published”:true}’ -X POST http://localhost:3000/chirps
My server responds with the following error:
Errno::ECONNREFUSED (Failed to open TCP connection to :80 (Connection refused - connect(2) for nil port 80)):
app/lib/json_web_token.rb:19:in jwks_hash'** **app/lib/json_web_token.rb:14:in block in verify’
app/lib/json_web_token.rb:7:in verify'** **app/services/authorization_service.rb:20:in verify_token’
app/services/authorization_service.rb:8:in authenticate_request!'** **app/controllers/secured_controller.rb:7:in authorize_request’
127.0.0.1 - - [02/Jan/2021:12:54:19 IST] “POST /chirps HTTP/1.1” 500 19247
- → /chirps
My environment is Ubuntu 20.04.1 LTS under WSL2:
PS C:\Users\YOLA> wsl -l -v
NAME STATE VERSION
Ubuntu Running 2
Rails Server:
=> Booting WEBrick
=> Rails 6.0.3.4 application starting in development http://localhost:3000
Thanks!
Yony
Howdy, Yonyossef! Thanks for reading this blog post 
Could you please try using https in the request URL instead of http?
curl -H “Content-Type: application/json” -H “Authorization: bearer $API_TOKEN” -d ‘{“body”:“this is my first chirp!”, “published”:true}’ -X POST https://localhost:3000/chirps
Results in:
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
This topic was automatically closed 26 days after the last reply. New replies are no longer allowed.
Hi!
Thanks for the great docs. I’m building a secured API with Auth0 on Rails 6 and have followed the Rails 6 tutorial. Am testing with test tokens for my application. I am just using authorisation not authentication.
When testing secured endpoints, I was getting unauthorised access repeatedly so I debugged my code as far as I could & traced the problem to the verify method.
Specifically the error is
{
"message": "Signature verification raised"
}
If I set the third parameter in JWT.decode to false, everything works out.
But this is not OK, I want to verify the JWT.
So what could be going wrong? I have checked that the domain and audience are exactly in my code as they are in the auth0 issues JWTs, down the the trailing slash in the domain. I found some people having similar issues online but not a satisfying answer!
If I follow the jwts link (https://dev-lmzlz5ay.us.auth0.com/.well-known/jwks.json) I get a public key, and it does seem to process it (I verified this with a logger), but something fails in the verification step.
If I try the JsonWebToken.verify() method out on the console with a test token from auth0, it verifies & returns the token just fine.
But it doesn’t do so with http requests using postman or curl.
Sorry, am a bit new with all of this!
Happy to post any necessary snippets or logs.
All the best,
Inti
@robertino.calcaterra would you be able to follow up on that? Thanks!
1 Like
Hi folks! We are working on that @konrad.sopala 
1 Like
Perfect! Thank you a lot!
Howdy @intimaria. I suggest to take a look at this post: https://auth0.com/blog/secure-rails-api/, I think it’s very useful for you!
1 Like
As far as I understand, your code works correctly when you run it on your console but not when it runs in your API 
If I try the JsonWebToken.verify() method out on the console with a test token from auth0, it verifies & returns the token just fine.
It makes me think that something between your client (curl or Postman) and your JsonWebToken.verify() method modifies the token. Have you tried to debug your code and catch the token right before calling the JsonWebToken.verify() method?
1 Like
Thanks for your help! I used a Rails.logger to see what was going on and effectively there did seem to be some discrepancy between what was sent and received due to formatting.
I was able to solve it effectively, so thank you for your help.
2 Likes