This Ruby on Rails developer guide will help you learn how to secure a Ruby on Rails web. application using token-based authentication. You’ll learn how to use Rails along with the Ruby on Rails Auth0 SDK to implement user authentication, route protection, and access protected data from external APIs.
2 Likes
Hi,
Currently our Project is using Devise for authentication
Now the application is turning into platform we have decided to replace devise with auth0
I followed the rails quick start guid for login Rails Authentication By Example
issue
After following all these steps when I click on Login or sign up button it throws error saying No route matches [POST] "/auth/auth0"
here are my configurations, see I I am missing anything
config/auth0.yml
development:
auth0_domain: <%= Rails.application.credentials.auth0[:AUTH0_DOMAIN] %>
auth0_client_id: <%= Rails.application.credentials.auth0[:AUTH0_CLIENT_ID] %>
auth0_client_secret: <%= Rails.application.credentials.auth0[:AUTH0_CLIENT_SECRET] %>
auth0_callback_path: <%= Rails.application.credentials.auth0[:AUTH0_CALLBACK_PATH] %>
config/initializers/auth0.rb
# frozen_string_literal: true
AUTH0_CONFIG = Rails.application.config_for(:auth0)
Rails.application.config.middleware.use OmniAuth::Builder do
provider(
:auth0,
AUTH0_CONFIG['auth0_client_id'],
AUTH0_CONFIG['auth0_client_secret'],
AUTH0_CONFIG['auth0_domain'],
callback_path: AUTH0_CONFIG['auth0_callback_path'],
authorize_params: {
scope: 'openid profile email'
}
)
end
OmniAuth.config.on_failure = Proc.new { |env|
OmniAuth.config.allowed_request_methods = [:post, :get]
OmniAuth::FailureEndpoint.new(env).redirect_to_failure
}
routes.rb
scope :auth do
get 'failure' => 'auth0#failure'
# Auth0 routes
scope :auth0 do
get 'callback' => 'auth0#callback'
get 'logout' => 'auth0#logout'
end
end
html
<% unless session['credentials'] %>
<%= button_to 'Sign Up', '/auth/auth0?prompt=login&screen_hint=signup', method: :post, data: {turbo: "false"}, class: 'button__sign-up' %>
<%= button_to 'Log In', '/auth/auth0', method: :post %>
<% else %>
<%= button_to 'Log Out', logout_path, method: :get, data: {turbo: "false"}, class: 'button__logout' %>
<% end %>
controller
class Auth0Controller < ApplicationController
def callback
auth_info = request.env['omniauth.auth']
session[:credentials] = {}
session[:credentials][:id_token] = auth_info['credentials']['id_token']
redirect_to profile_path
end
def failure
@error_msg = request.params['message']
end
def logout
reset_session
redirect_to logout_url, allow_other_host: true
end
private
def logout_url
request_params = {
returnTo: root_url,
client_id: AUTH0_CONFIG['auth0_client_id']
}
URI::HTTPS.build(host: AUTH0_CONFIG['auth0_domain'], path: '/v2/logout', query: request_params.to_query).to_s
end
end
config/session_store.rb
Rails.application.config.session_store :cache_store
Moving this post here so as to address that directly with the content author. Thank you!
2 Likes
Hey Guys,
I figured out the issue, it was something with the routing issue I was facing.
My Project uses packages of Google-OAuth and facebook-oauth and the Omniauth configuration is kinda different, which is like associated with Devise OmniAuth and the route is configured like /users/auth/auth0.
Solution:
So when I changed my URL from /auth/auth0 → /users/auth/auth0 it started working.
code.
<% unless session['credentials'] %>
<%= button_to 'Sign Up', '/users/auth/auth0?prompt=login&screen_hint=signup', method: :post, data: {turbo: "false"}, class: 'button__sign-up' %>
<%= button_to 'Log In', '/users/auth/auth0', method: :post %>
<% else %>
<%= button_to 'Log Out', logout_path, method: :get, data: {turbo: "false"}, class: 'button__logout' %>
<% end %>
And FYI
I could not change those Devise::OmniAuth configurations for some reason
I even tried removing those packages, still It did not seem to work.
Thanks.
2 Likes