Integrating Auth0 with Rails Pundit

Charuwts · August 1, 2020, 4:46pm

I’ve followed the quickstart steps for setting my Rails Web App with an Auth0 login as well as the steps for storing the userinfo in a session and logging out. What is the best practice for integrating this with an authorization library like Pundit?

How do I guarantee someone can’t simply modify the auth0 user session and appear as a different user? Normally Devise would handle creating a “current user”. How would I go about setting up something similar with Auth0?

I’m guessing local authorization has already been considered and I’m just missing something simple to make Auth0 and Pundit work together…

Appreciate the help.

dan.woda · August 6, 2020, 8:12pm

Hi @Charuwts,

Welcome to Auth0

I don’t have experience with Pundit, but hopefully can help with the Auth0 side.

A token issued by Auth0 after successful authentication acts to identify the user (ID token) or allow access to a resource (access token). This token is signed by Auth0, and can be verified by the application or API.

Unfortunately, it doesn’t look like we have specific examples that include Pundit, but I found this repo that attempts to integrate. We also have a blog post about builds a rails API that could be helpful.

Hope this provides some insight!

Topic		Replies	Views
Use Auth0 after user authenticated via 3rd party Get Help management-api , users	2	45	April 23, 2025
How to check the auth0 Session using the Ruby SDK Get Help logout , sessions	1	1594	November 10, 2022
Ruby on Rails sessions not persisting from Social Sign Ons Get Help rails	2	4138	December 20, 2019
Rails Authentication By Example Developer Hub ruby , authentication , rails	3	2634	April 28, 2023
Trouble terminating Auth0 user session Get Help logout , sessions	9	1975	November 3, 2023

Integrating Auth0 with Rails Pundit

Related topics