Learn how to easily integrate Auth0 with Rails 6 to build secure APIs.
Brought for you by John Brennan
Learn how to easily integrate Auth0 with Rails 6 to build secure APIs.
Brought for you by John Brennan
Let’s join the discussion and let us know your thoughts Ruby developers!
You need to add audience to your auth_config.json then specify the audience in createAuth0Client. Your audience is the “Api Identifier”, handily labelled as “API Audience” on the dashboard list of API’s
auth0 = await createAuth0Client({
domain: config.domain,
client_id: config.clientId,
audience: config.audience
});
Then use the same options (or at the very least specify the audience again, when calling getTokenSilently)
const accessToken = await auth0.getTokenSilently(auth0.options);
This will return an accessToken that is a JWT
For my client integration I am using the auth0-spa-js tutorial. I call getTokenSilently() but the access token returned is only 32 characters long and clearly a different format. Am I missing a step to transform the client issued token into a JWT?
This gettokensilently-returns-a-32-character-string-not-jwt explains that you have to set the audience. I have tried setting the audience, restarting my SPA and double-checking that the options are being sent on login but I only ever receive a 32 char string, not a JWT.
The code to get the AccessToken is thus:
const accessToken = await auth0.getTokenSilently();
console.log("Access Token")
console.log(accessToken)
Note, I have not specifically configured any audience or scopes with Auth0 - it is pretty much vanilla setup.
Your response appreciated.
Howdy, @itinsley! Welcome to the Auth0 Community and thank you for reading the blog post. I am glad that you got the issue sorted out.
That’s right, the audience parameters, which as you point out is the API Identifier in the Auth0 Dashboard, helps you get the access token needed to make API calls.
This guide section is using the React SDK, but under the hood, that SDK uses the Auth0 SPA SDK: https://auth0.com/blog/complete-guide-to-react-user-authentication/#Calling-an-API
It highlights the initialization needed to get an access token.
Do you think that it would have been helpful to have included a demo client with this Rails blog post showing how to make protected API requests from a client to the Rails API?
Hi, thanks for getting back to me. Yeah, I imagine that what I was trying to do is pretty common. I was setting up a Rails API and a React Front-End with Auth0 for security but I had to work from two different tutorials and this audience setting was pretty critical and took a while to find as I don’t think it is mentioned in the auth0-spa-js tutorial
Hello,
I’m following this guide for building my first Rails 6 + Auth0 API,
Buy I’ve encountered an issue I can’t find a solution to, please help me understand where to look for an answer:
I’m trying to make a first authenticated ‘create’ action by running:
curl -H “Content-Type: application/json” -H “Authorization: bearer $API_TOKEN” -d ‘{“body”:“this is my first chirp!”, “published”:true}’ -X POST http://localhost:3000/chirps
My server responds with the following error:
Errno::ECONNREFUSED (Failed to open TCP connection to :80 (Connection refused - connect(2) for nil port 80)):
app/lib/json_web_token.rb:19:in jwks_hash'** **app/lib/json_web_token.rb:14:in
block in verify’
app/lib/json_web_token.rb:7:in verify'** **app/services/authorization_service.rb:20:in
verify_token’
app/services/authorization_service.rb:8:in authenticate_request!'** **app/controllers/secured_controller.rb:7:in
authorize_request’
127.0.0.1 - - [02/Jan/2021:12:54:19 IST] “POST /chirps HTTP/1.1” 500 19247
- -> /chirps
My environment is Ubuntu 20.04.1 LTS under WSL2:
PS C:\Users\YOLA> wsl -l -v
NAME STATE VERSION
Ubuntu Running 2
Rails Server:
=> Booting WEBrick
=> Rails 6.0.3.4 application starting in development http://localhost:3000
Thanks!
Yony
Howdy, Yonyossef! Thanks for reading this blog post Could you please try using
https
in the request URL instead of http
?
curl -H “Content-Type: application/json” -H “Authorization: bearer $API_TOKEN” -d ‘{“body”:“this is my first chirp!”, “published”:true}’ -X POST https://localhost:3000/chirps
Results in:
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
This topic was automatically closed 26 days after the last reply. New replies are no longer allowed.