I have a simple Auth0 integration with a Rails application and I’m trying to persist the
account_id in a session. I’ve noticed that if I use the local login, it correctly sets the session. If I use a social provider, it will remove the
userinfo and the
account_id in the session. If I return back on a subsequent request, those details are gone.
Interestingly enough, in another controller action, if I set the same key the session will persist.
class Auth0Controller < ApplicationController def callback session[:userinfo] = request.env['omniauth.auth'] account_attributes = session.dig :userinfo, :extra, :raw_info result = Accounts::Create.(params: account_attributes) session[:account_id] = result[:model].uuid redirect_to root_path end def failure @error_msg = request.params['message'] end end
I’ve checked out the sample Rails projects but they did not solve my issues. Is there something in my social sign-ins that’s misconfigured?
I’ll admit, I’m not the most familiar on the white-paper nomenclature of authentication and authorization so I’m more looking forward to a practical explanation of what I’m supposed to put in my session or how I’m supposed to manage repeat visits.