1

This Ruby on Rails developer guide will help you learn how to secure a Ruby on Rails web. application using token-based authentication. You’ll learn how to use Rails along with the Ruby on Rails Auth0 SDK to implement user authentication, route protection, and access protected data from external APIs.

2

Hi,

Currently our Project is using Devise for authentication
Now the application is turning into platform we have decided to replace devise with auth0

I followed the rails quick start guid for login Rails Authentication By Example

issue
After following all these steps when I click on Login or sign up button it throws error saying No route matches [POST] "/auth/auth0"

here are my configurations, see I I am missing anything

config/auth0.yml

development:
  auth0_domain: <%= Rails.application.credentials.auth0[:AUTH0_DOMAIN] %>
  auth0_client_id: <%= Rails.application.credentials.auth0[:AUTH0_CLIENT_ID] %>
  auth0_client_secret: <%= Rails.application.credentials.auth0[:AUTH0_CLIENT_SECRET] %>
  auth0_callback_path: <%= Rails.application.credentials.auth0[:AUTH0_CALLBACK_PATH] %>

config/initializers/auth0.rb

# frozen_string_literal: true

AUTH0_CONFIG = Rails.application.config_for(:auth0)

Rails.application.config.middleware.use OmniAuth::Builder do
  provider(
    :auth0,
    AUTH0_CONFIG['auth0_client_id'],
    AUTH0_CONFIG['auth0_client_secret'],
    AUTH0_CONFIG['auth0_domain'],
    callback_path: AUTH0_CONFIG['auth0_callback_path'],
    authorize_params: {
      scope: 'openid profile email'
    }
  )
end

OmniAuth.config.on_failure = Proc.new { |env|
    OmniAuth.config.allowed_request_methods = [:post, :get]
  OmniAuth::FailureEndpoint.new(env).redirect_to_failure
}

routes.rb


  scope :auth do
    get 'failure' => 'auth0#failure'
    
    # Auth0 routes    
    scope :auth0 do
      get 'callback' => 'auth0#callback'
      get 'logout' => 'auth0#logout'
    end
  end

html

  <% unless session['credentials'] %>
    <%= button_to 'Sign Up', '/auth/auth0?prompt=login&screen_hint=signup', method: :post, data: {turbo: "false"}, class: 'button__sign-up' %>  
    <%= button_to 'Log In', '/auth/auth0', method: :post %>  
  <% else %>     
    <%= button_to 'Log Out', logout_path, method: :get, data: {turbo: "false"}, class: 'button__logout' %>
  <% end %>

controller

class Auth0Controller < ApplicationController

  def callback
    auth_info = request.env['omniauth.auth']
    session[:credentials] = {}
    session[:credentials][:id_token] = auth_info['credentials']['id_token']

    redirect_to profile_path
  end

  def failure
    @error_msg = request.params['message']
  end

  def logout
    reset_session
    redirect_to logout_url, allow_other_host: true
  end

  private

  def logout_url
    request_params = {
      returnTo: root_url,
      client_id: AUTH0_CONFIG['auth0_client_id']
    }

    URI::HTTPS.build(host: AUTH0_CONFIG['auth0_domain'], path: '/v2/logout', query: request_params.to_query).to_s
  end
end

config/session_store.rb

Rails.application.config.session_store :cache_store
3

Moving this post here so as to address that directly with the content author. Thank you!

4

Hey Guys,

I figured out the issue, it was something with the routing issue I was facing.
My Project uses packages of Google-OAuth and facebook-oauth and the Omniauth configuration is kinda different, which is like associated with Devise OmniAuth and the route is configured like /users/auth/auth0.

Solution:
So when I changed my URL from /auth/auth0/users/auth/auth0 it started working.

code.

<% unless session['credentials'] %>
    <%= button_to 'Sign Up', '/users/auth/auth0?prompt=login&screen_hint=signup', method: :post, data: {turbo: "false"}, class: 'button__sign-up' %>  
    <%= button_to 'Log In', '/users/auth/auth0', method: :post %>  
<% else %>     
    <%= button_to 'Log Out', logout_path, method: :get, data: {turbo: "false"}, class: 'button__logout' %>
<% end %>

And FYI
I could not change those Devise::OmniAuth configurations for some reason
I even tried removing those packages, still It did not seem to work.

Thanks.