I have a simple Auth0 integration with a Rails application and I’m trying to persist the account_id in a session. I’ve noticed that if I use the local login, it correctly sets the session. If I use a social provider, it will remove the userinfo and the account_id in the session. If I return back on a subsequent request, those details are gone.
Interestingly enough, in another controller action, if I set the same key the session will persist.
class Auth0Controller < ApplicationController
def callback
session[:userinfo] = request.env['omniauth.auth']
account_attributes = session.dig :userinfo, :extra, :raw_info
result = Accounts::Create.(params: account_attributes)
session[:account_id] = result[:model].uuid
redirect_to root_path
end
def failure
@error_msg = request.params['message']
end
end
I’ve checked out the sample Rails projects but they did not solve my issues. Is there something in my social sign-ins that’s misconfigured?
I’ll admit, I’m not the most familiar on the white-paper nomenclature of authentication and authorization so I’m more looking forward to a practical explanation of what I’m supposed to put in my session or how I’m supposed to manage repeat visits.
If you Direct message me your tenant and clientID I would be happy to take a look! Thanks!