Omniauth-auth0 gem authentication failure strategy in Ruby on Rails

I am seeking some clarity on Auth0’s authentication failure strategy specifically. I am using the omniauth-auth0 gem implementation in Ruby on Rails that was recommended in the Quickstart guide. I am using authorization flow with Universal Login.

  • Does this implementation of Auth0 use OmniAuth’s defaults for authentication failure? For example, is the /auth/failure route always used for authentication errors? Are there scenarios where errors are sent to /callback instead?
  • Is there an example authentication error response that I can see? The omniauth-auth0 docs (I’m not allowed to include links) have an example of a successful authentication response but I didn’t see anything about failures. I was able purposely trigger a failure due to a missing client secret and see the response but I wasn’t sure if all authentication failures were structured like that.

These questions also relate to how I set up my tests. For example, the regular OmniAuth documentation (again, can’t link to it) recommends using this to mock failure:

OmniAuth.config.mock_auth[:twitter] = :invalid_credentials

So, I simply adjusted it in my test helper:

# /spec/support/auth0_helpers.rb

  def mock_auth0_failure(message: "Authentication failed")
    OmniAuth.config.test_mode = true
    OmniAuth.config.mock_auth[:auth0] = :invalid_credentials
  end

And by default, OmniAuth raises exceptions in development and test environments rather than redirecting, so I’m overriding this behavior to make sure my controller action is hit:

# /config/initializers/auth0.rb

if Rails.env.development? || Rails.env.test?
  OmniAuth.config.on_failure = Proc.new do |env|
    OmniAuth::FailureEndpoint.new(env).redirect_to_failure
  end
end

However, I want to make sure my test assumptions are correct, otherwise they are not very useful. I tried searching the Auth0 docs (for example, the pre-deployment checks) but couldn’t find information specific to failures in OmniAuth with Universal Login. If there’s documentation I simply missed, please feel free to direct me that way.

@river.flow glad you’re here. I see it’s your first post in the Auth0 Community, so I just want to confirm that one of our certified Auth0 Community experts will chime in to assist you from here. Hang tight!