I’ve followed the quickstart steps for setting my Rails Web App with an Auth0 login as well as the steps for storing the userinfo in a session and logging out. What is the best practice for integrating this with an authorization library like Pundit?
How do I guarantee someone can’t simply modify the auth0 user session and appear as a different user? Normally Devise would handle creating a “current user”. How would I go about setting up something similar with Auth0?
I’m guessing local authorization has already been considered and I’m just missing something simple to make Auth0 and Pundit work together…
Appreciate the help.