To use Auth0 services, you’ll need to have an application set up in the Auth0 Dashboard. The Auth0 application is where you will configure how you want authentication to work for the project you are developing.
Use the interactive selector to create a new Auth0 application or select an existing application that represents the project you want to integrate with. Every application in Auth0 is assigned an alphanumeric, unique client ID that your application code will use to call Auth0 APIs through the SDK.
Any settings you configure using this quickstart will automatically update for your Application in the Dashboard, which is where you can manage your Applications in the future.
If you would rather explore a complete configuration, you can view a sample application instead.
A callback URL is a URL in your application that you would like Auth0 to redirect users to after they have authenticated. If not set, users will not be returned to your application after they log in.
A logout URL is a URL in your application that you would like Auth0 to redirect users to after they have logged out. If not set, users will not be able to log out from your application and will receive an error.
An Allowed Web Origin is a URL that you want to be allowed to access to your authentication flow. This must contain the URL of your project. If not properly set, your project will be unable to silently refresh authentication tokens, so your users will be logged out the next time they visit your application or refresh a page.
Use omniauth-auth0
, a custom OmniAuth strategy, to handle the authentication flow.
Add the following dependencies to your Gemfile
:
gem 'omniauth-auth0', '~> 3.0'
gem 'omniauth-rails_csrf_protection', '~> 1.0' # prevents forged authentication requests
Was this helpful?
Once your gems are added, install the gems with bundle install
.
Create a configuration file ./config/auth0.yml
to specify your Auth0 domain, client ID, and client secret values located in your Auth0 Dashboard under application Settings.
Create the following initializer file ./config/initializers/auth0.rb
and configure the OmniAuth middleware with the configuration file you created in the previous step.
Ensure that callback_path
matches the value given in the "Allowed Callback URLs" setting in your Auth0 application.
Create an Auth0 controller to handle the authentication callback, logout
action, and methods for constructing the logout URL.
Run the command: rails generate controller auth0 callback failure logout --skip-assets --skip-helper --skip-routes --skip-template-engine
.
Inside the callback method, assign the hash of user information - returned as request.env['omniauth.auth']
- to the active session.
To configure logout, clear all the objects stored within the session by calling the reset_session
method within the logout
action. Then, redirect to the Auth0 logout endpoint. To learn more about reset_session
, readRuby on Rails ActionController documentation.
Add these routes to your ./config/routes.rb
file.
Routes must be in place so Rails knows how to route the various Auth0 callback URLs to the Auth0 controller you created in the previous step.
Run your application to verify it continues to work as intended and you aren't receive any errors relating to Auth0.
A user can now log into your application by visiting the /auth/auth0
endpoint.
<!-- Place a login button anywhere on your application -->
<%= button_to 'Login', '/auth/auth0', method: :post %>
Was this helpful?
Add a button to your application that redirects the user to the /auth/auth0
endpoint when selected. Observe that you redirect to Auth0 to log in, and then back to your app after successful authentication.
Now that you can log in to your Rails application, you need a way to log out. Log out a user by redirecting to the auth/logout
action, which redirects them to the Auth0 logout endpoint.
<!-- Place a logout button anywhere on your application -->
<%= button_to 'Logout', 'auth/logout', method: :get %>
Was this helpful?
Add a button to your application that redirects the user to the /auth/logout
endpoint when selected. Verify that you redirect to Auth0 and then quickly back to your application, and that you are no longer logged in.
To display the user's profile, your application should provide a protected route. You can use a Concern to control access to routes that can be shared across multiple controllers. The concern should automatically redirect to Auth0 when the user is unauthenticated. Otherwise, the concern should return the current user profile.
Once you have a Concern, include it in any controller that requires a logged in user. You can then access the user from the session session[:userinfo]
as in the following example:
class DashboardController < ApplicationController
include Secured
def show
@user = session[:userinfo]
end
end
Was this helpful?
Once the user loads from the session, use it to display information in your frontend:
<div>
<p>Normalized User Profile:<%= JSON.pretty_generate(@user[:info])%></p>
<p>Full User Profile:<%= JSON.pretty_generate(@user[:extra][:raw_info])%></p>
</div>
Was this helpful?
Add the Secured
concern to your app and then include it in the controller that requires an authenticated user to access it. Verify that an authenticated user has access to actions within that controller and that unauthenticated users are redirected to Auth0 for authentication.
Excellent work! If you made it this far, you should now have login, logout, and user profile information running in your application.
This concludes our quickstart tutorial, but there is so much more to explore. To learn more about what you can do with Auth0, check out:
Sign up for an or to your existing account to integrate directly with your own tenant.