OmniAuth strategy to login with Auth0
MIT License
Add the following line to your Gemfile
:
gem 'omniauth-auth0'
If you're using this strategy with Rails, also add the following for CSRF protection:
gem 'omniauth-rails_csrf_protection'
Then install:
$ bundle install
See our contributing guide for information on local installation for development.
Adding the SDK to your Rails app requires a few steps:
Create the file ./config/auth0.yml
within your application directory with the following content:
development:
auth0_domain: <YOUR_DOMAIN>
auth0_client_id: <YOUR_CLIENT_ID>
auth0_client_secret: <YOUR AUTH0 CLIENT SECRET>
Create a new Ruby file in ./config/initializers/auth0.rb
to configure the OmniAuth middleware:
AUTH0_CONFIG = Rails.application.config_for(:auth0)
Rails.application.config.middleware.use OmniAuth::Builder do
provider(
:auth0,
AUTH0_CONFIG['auth0_client_id'],
AUTH0_CONFIG['auth0_client_secret'],
AUTH0_CONFIG['auth0_domain'],
callback_path: '/auth/auth0/callback',
authorize_params: {
scope: 'openid profile'
}
)
end
Create a new controller ./app/controllers/auth0_controller.rb
to handle the callback from Auth0.
You can also run
rails generate controller auth0 callback failure logout --skip-assets --skip-helper --skip-routes --skip-template-engine
to scaffold this controller for you.
# ./app/controllers/auth0_controller.rb
class Auth0Controller < ApplicationController
def callback
# OmniAuth stores the information returned from Auth0 and the IdP in request.env['omniauth.auth'].
# In this code, you will pull the raw_info supplied from the id_token and assign it to the session.
# Refer to https://github.com/auth0/omniauth-auth0/blob/master/EXAMPLES.md#example-of-the-resulting-authentication-hash for complete information on 'omniauth.auth' contents.
auth_info = request.env['omniauth.auth']
session[:userinfo] = auth_info['extra']['raw_info']
# Redirect to the URL you want after successful auth
redirect_to '/dashboard'
end
def failure
# Handles failed authentication -- Show a failure page (you can also handle with a redirect)
@error_msg = request.params['message']
end
def logout
# you will finish this in a later step
end
end
Finally, add the following routes to your ./config/routes.rb
file:
Rails.application.routes.draw do
# ..
get '/auth/auth0/callback' => 'auth0#callback'
get '/auth/failure' => 'auth0#failure'
get '/auth/logout' => 'auth0#logout'
end
To redirect your users to Auth0 for authentication, redirect your users to the /auth/auth0
endpoint of your app. One way to do this is to use a link or button on a page:
<%= button_to 'Login', '/auth/auth0', method: :post %>
We appreciate feedback and contribution to this repo! Before you get started, please see the following:
To provide feedback or report a bug, please raise an issue on our issue tracker.
Please do not report security vulnerabilities on the public GitHub issue tracker. TheResponsible Disclosure Programdetails the procedure for disclosing security issues.