This Ruby on Rails developer guide will help you learn how to secure a Ruby on Rails web. application using token-based authentication. You’ll learn how to use Rails along with the Ruby on Rails Auth0 SDK to implement user authentication, route protection, and access protected data from external APIs.
Hi,
Currently our Project is using Devise for authentication
Now the application is turning into platform we have decided to replace devise with auth0
I followed the rails quick start guid for login Rails Authentication By Example
issue
After following all these steps when I click on Login or sign up button it throws error saying No route matches [POST] "/auth/auth0"
here are my configurations, see I I am missing anything
config/auth0.yml
development:
auth0_domain: <%= Rails.application.credentials.auth0[:AUTH0_DOMAIN] %>
auth0_client_id: <%= Rails.application.credentials.auth0[:AUTH0_CLIENT_ID] %>
auth0_client_secret: <%= Rails.application.credentials.auth0[:AUTH0_CLIENT_SECRET] %>
auth0_callback_path: <%= Rails.application.credentials.auth0[:AUTH0_CALLBACK_PATH] %>
config/initializers/auth0.rb
# frozen_string_literal: true
AUTH0_CONFIG = Rails.application.config_for(:auth0)
Rails.application.config.middleware.use OmniAuth::Builder do
provider(
:auth0,
AUTH0_CONFIG['auth0_client_id'],
AUTH0_CONFIG['auth0_client_secret'],
AUTH0_CONFIG['auth0_domain'],
callback_path: AUTH0_CONFIG['auth0_callback_path'],
authorize_params: {
scope: 'openid profile email'
}
)
end
OmniAuth.config.on_failure = Proc.new { |env|
OmniAuth.config.allowed_request_methods = [:post, :get]
OmniAuth::FailureEndpoint.new(env).redirect_to_failure
}
routes.rb
scope :auth do
get 'failure' => 'auth0#failure'
# Auth0 routes
scope :auth0 do
get 'callback' => 'auth0#callback'
get 'logout' => 'auth0#logout'
end
end
html
<% unless session['credentials'] %>
<%= button_to 'Sign Up', '/auth/auth0?prompt=login&screen_hint=signup', method: :post, data: {turbo: "false"}, class: 'button__sign-up' %>
<%= button_to 'Log In', '/auth/auth0', method: :post %>
<% else %>
<%= button_to 'Log Out', logout_path, method: :get, data: {turbo: "false"}, class: 'button__logout' %>
<% end %>
controller
class Auth0Controller < ApplicationController
def callback
auth_info = request.env['omniauth.auth']
session[:credentials] = {}
session[:credentials][:id_token] = auth_info['credentials']['id_token']
redirect_to profile_path
end
def failure
@error_msg = request.params['message']
end
def logout
reset_session
redirect_to logout_url, allow_other_host: true
end
private
def logout_url
request_params = {
returnTo: root_url,
client_id: AUTH0_CONFIG['auth0_client_id']
}
URI::HTTPS.build(host: AUTH0_CONFIG['auth0_domain'], path: '/v2/logout', query: request_params.to_query).to_s
end
end
config/session_store.rb
Rails.application.config.session_store :cache_store
Moving this post here so as to address that directly with the content author. Thank you!
Hey Guys,
I figured out the issue, it was something with the routing issue I was facing.
My Project uses packages of Google-OAuth and facebook-oauth and the Omniauth configuration is kinda different, which is like associated with Devise OmniAuth and the route is configured like /users/auth/auth0.
Solution:
So when I changed my URL from /auth/auth0 → /users/auth/auth0 it started working.
code.
<% unless session['credentials'] %>
<%= button_to 'Sign Up', '/users/auth/auth0?prompt=login&screen_hint=signup', method: :post, data: {turbo: "false"}, class: 'button__sign-up' %>
<%= button_to 'Log In', '/users/auth/auth0', method: :post %>
<% else %>
<%= button_to 'Log Out', logout_path, method: :get, data: {turbo: "false"}, class: 'button__logout' %>
<% end %>
And FYI
I could not change those Devise::OmniAuth configurations for some reason
I even tried removing those packages, still It did not seem to work.
Thanks.