Ruby on Rails API Authorization: Complete Developer Guide

byron.motoche · January 27, 2023, 5:55pm

This Ruby on Rails guide will help you learn how to secure a Ruby on Rails API using token-based authorization. You’ll learn how to integrate Auth0 with Ruby on Rails to protect endpoints using Rails concerns, implement token-based authorization, validate access tokens, make authenticated requests, and implement Role-Based Access Control (RBAC).

bparanj · December 11, 2023, 7:36pm

I want only the magic link - passwordless logic with auto registration. I don’t need social logins or password logins. How I use magic link with a Rails API backend?

carlastabile · June 21, 2024, 9:58am

Hello @bparanj !

There are two ways you can implement passwordless in your application. Please note Passwordless is a user-centric flow and not a M2M scenario so you need to implement this on the client side.

To implement passwordless with magic link on a Regular Web application or SPA, you can use Auth0’s Universal Login, and this will redirect your users to a central domain where authentication is performed, or Embed the login in your application, and users won’t be redirected anywhere and you add the login widget into your app. More info here

You can use the Passwordless API and for sending magic links, the initial request to POST /passwordless/start would look like:

POST https://{yourDomain}/passwordless/start
Content-Type: application/json
{
  "client_id": "{yourClientID}",
  "client_secret": "{yourClientSecret}", // For Regular Web Applications
  "connection": "email",
  "email": "{email}", //set for connection=email
  "send": "link", //if left null defaults to link
  "authParams": { // any authentication parameters that you would like to add
    "scope": "openid",     // used when asking for a magic link
    "state": "{yourState}"  // used when asking for a magic link, or from the custom login page
  }
}

After making this request, your users will receive a link generated by the Authentication API. Users will select the link and trigger a call to {yourAuth0Tenant}.auth0.com/passwordless/verify-redirect . Auth0 will redirect the user to the application, and the user will be logged in.

Let me know if this helps or if you have more questions!