Ruby on Rails sessions not persisting from Social Sign Ons

I have a simple Auth0 integration with a Rails application and I’m trying to persist the account_id in a session. I’ve noticed that if I use the local login, it correctly sets the session. If I use a social provider, it will remove the userinfo and the account_id in the session. If I return back on a subsequent request, those details are gone.

Interestingly enough, in another controller action, if I set the same key the session will persist.

class Auth0Controller < ApplicationController
  def callback
    session[:userinfo] = request.env['omniauth.auth']

    account_attributes = session.dig :userinfo, :extra, :raw_info

    result = Accounts::Create.(params: account_attributes)

    session[:account_id] = result[:model].uuid

    redirect_to root_path

  def failure
    @error_msg = request.params['message']

I’ve checked out the sample Rails projects but they did not solve my issues. Is there something in my social sign-ins that’s misconfigured?

I’ll admit, I’m not the most familiar on the white-paper nomenclature of authentication and authorization so I’m more looking forward to a practical explanation of what I’m supposed to put in my session or how I’m supposed to manage repeat visits.

Hey there @timkellogg, welcome to the Auth0 Community!

I apologize for the delay in response :frowning: If you Direct message me your tenant and clientID I would be happy to take a look! Thanks!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.