I’m looking to replace the Devise based authentication to Auth0 on a Rails 6 application being updated. As part of this update, I’ll also be adding an API. This API will be used both by web users using a partially React front-end (eventually it will be all React but that’s a long term topic) as well as general API applications. I’ve looked at the samples for Rails web applications as well as Rails API applications. They both seem to work just fine for the use-cases they already have but the problem is that I need a use-case that sort of combines both of them. What I’m needing is a login for web users that gives them access to certain private areas of the website (likely using OmniAuth) and access to the API while I also need a way for API users to login and just get access to the API (possibly using JWT).
What is the recommended way to handle this with Auth0?
Hello there @wwahammy , thank you for joining the Auth0 community.
Sorry this took so long but in case you are still wondering or there is someone else that runs into this question here are my two cents:
You can have two different controllers depending on the case, one for the web app and one for the API.
-
Web App Controller: you could place it under app/controllers/
and use the omniauth-auth0
gem to handle the authentication flow.
-
API Controller: you could place it under app/controllers/api/
and use JWT. Instead of your controllers inheriting directly from the ApplicationController
you can have a class just for the API such as:
# app/controllers/api/base_controller.rb
class BaseController < ApplicationController
# methods that all API controllers should use
end
Then your API controllers could inherit from the BaseController
module Api
class AuthenticationController < BaseController
# handle token based authentication with JWT for the API
end
end
They will have different routes so on the client side, you can make a request to one or the other depending on they type of authentication you need.
Hope this helps!