Secure a Rails API with Auth0

robertino.calcaterra · October 7, 2021, 2:58pm

Learn how to secure an API written using Ruby On Rails with Auth0 authorization services.
Read more…

Brought to you by one of our Guest Author crew: Mario Fernandez

robertino.calcaterra · October 7, 2021, 3:05pm

What are your thoughts folks? Share it in the comments!

aflansburg · December 21, 2021, 3:35am

Great guide. One thing to note is that token['permissions'] is now token['scope']

konrad.sopala · December 21, 2021, 10:13am

Thanks for sharing that with the rest of community!

carlos.guisao · November 3, 2022, 4:48pm

Hey, thanks for sharing this amazing guide!

Three things to point out:

In Rails 6, if you put lib files under app/lib they are autoloaded, meaning you don’t have to load them manually in the ApplicationController.
Rails.application.config.x.auth0 was returning an empty hash in my case, so I had to do: Rails.application.config_for(:auth0)[:Key-I-Need]
I had some issues decoding the token, so for me on JWT.decode instead of iss: Rails.application.config.x.auth0.issuerUri, I used issuer: issuer,

Topic		Replies	Views
Rails Authentication By Example Developer Hub ruby , authentication , rails	3	2441	April 28, 2023
Building Secure APIs with Rails 6 and Auth0 Blog Discussions auth0 , rails-api	16	5514	May 31, 2022
How to Add Authorization to a Rails API Following TDD Blog Discussions	3	2314	March 7, 2022
Using both Rails API and plain Rails authentication? Help rails-api , rails	1	3320	October 3, 2022
API RBAC, Auth0 Actions, RWA Help	2	2478	December 21, 2022