The bundle install run throws an error regarding the Ruby version required for the gem Nokogiri.

Even when the ruby version installed is 2.4.4, still request for version 2.4.*-

Apparently, there is a version issue with that gem (sparklemotion/nokogiri#1618).

According to this, the issue was solved with Nokogiri version 1.8.0

I am using this repo as boilerplate to set up authentication with a new app. Everything is working up to but not including the "Test Your API with cURL" step on the second page of the instructions.

I have tried testing both with cURL and with Postman, and both times I receive the following error:

Errno::ECONNREFUSED in PrivateController#private. Failed to open TCP connection to :443 (Connection refused - connect(2) for nil port 443)

The highlighted line of the error is the following: jwks_raw = Net::HTTP.get URI("https://#{Rails.application.secrets.auth0_domain}/.well-known/jwks.json").

I receive the same error when I clone the sample repo directly and attempt testing with my Access Token, so it seems that it is possibly an oversight or outdated code in the example rather than some error with my incorporation of it into my own app.

I contacted auth0 support, and they told me to post the issue here. They said the engineering team had been alerted to the problem.

How do I resolve this?

Hello,

New auth0.js v8 sends jwt signed with RS256 and I can't make it work with Knock. I've added

config.token_signature_algorithm = 'RS256'

and

config.token_public_key = key.public_key

into initializer but still no luck. Key seems to be correct, at least it works in jwt.io

I would be grateful for any help.

Best, Iurii

I'm getting an error uninitialized constant Secured::JsonWebToken in my code because lib/json_web_token.rb is not in my loading path.

When I look up the fixes, I see (depending on Rails version) solutions that involve editing config.autoload_paths or config.eager_load_paths, but I don't see anything like that in this repo.

So how is this repo actually getting lib/ into the load paths?

Seems like the .env setting is not required for this to function.

In Auth0Client on line 48 an Error instance formed incorrectly.

the current code

 error = Error.new(message: 'Unable to verify credentials', status: :internal_server_error)

this will produce

2.7.3 :002 >  error = Error.new(message: 'Unable to verify credentials', status: :internal_server_error)
 => #<struct Error message={:message=>"Unable to verify credentials", :status=>:internal_server_error}, status=nil>

the correct version would be as following (similar line 58)

error = Error.new('Unable to verify credentials', :internal_server_error)

which will produce

2.7.3 :003 >  error = Error.new('Unable to verify credentials', :internal_server_error)
 => #<struct Error message="Unable to verify credentials", status=:internal_server_error> 

I used the quick start “Ruby On Rails API: Authentication” successfully. Created an API and everything works just fine. Then I tried to recreate the code but including all this on an existing Rails app and got an error.

The demo (working for me before) include this call to the JWT gem:

JWT.decode(token, nil, 
    true, # Verify the signature of this token
    algorithm: "RS256",
    iss: "https://" + ENV["AUTH0_DOMAIN"],
    verify_iss: true,
    aud: ENV["AUTH0_AUDIENCE"],
    verify_aud: true)

The second parameter with nil assigned, in the demo works, but in my project leads me to a JWT Error, understanding that the parameter used for public_key shouldn’t be null. But it’s null in the demo and works. (UPDATE: The nil message seems to come from another object reference). I’m kind of a newbie with JWT matters.

Error message:

undefined method `verify' for nil:NilClass
  /usr/local/bundle/gems/jwt-2.2.1/lib/jwt/security_utils.rb:20:in `verify_rsa'

-------------------------------
Backtrace:
-------------------------------

  /usr/local/bundle/gems/jwt-2.2.1/lib/jwt/security_utils.rb:20:in `verify_rsa'
  /usr/local/bundle/gems/jwt-2.2.1/lib/jwt/algos/rsa.rb:15:in `verify'
  /usr/local/bundle/gems/jwt-2.2.1/lib/jwt/signature.rb:44:in `verify'
  /usr/local/bundle/gems/jwt-2.2.1/lib/jwt/decode.rb:42:in `verify_signature'
  /usr/local/bundle/gems/jwt-2.2.1/lib/jwt/decode.rb:26:in `decode_segments'
  /usr/local/bundle/gems/jwt-2.2.1/lib/jwt.rb:28:in `decode'
  /api/lib/json_web_token.rb:10:in `verify'
  /api/app/controllers/concerns/secured.rb:71:in `auth_token'
  /api/app/controllers/concerns/secured.rb:50:in `authenticate_request!'

json_web_token.rb and secured.rb are identical to the sample. jwt-2.2.1 it's the same gem version used in both environments.

The only difference I found between the environments of the demo and my legacy project was the Rails version, 5 in the demo, and 4.x on mine. I can’t upgrade right now, so if you think in another thing I can be doing wrong it would be helpful.

Cross-posted (sorry if it's too much):

• https://community.auth0.com/t/error-using-ruby-on-rails-api-authentication/47398 (I received there the gentle recommendation of create the issue here.)
• https://stackoverflow.com/questions/63238236/error-reproducing-auth0-instructions-on-ruby-on-rails-api-authentication

When runing bundle install, an error is shown for nokogiri dependency.

It says that you need Ruby version 2.4 but I have Ruby version 2.4.2 instal

Gem knock out of date in seed project.

Using version 1.4.2
Last release 2.1

The projects:
01-authorization-rs256 doesn't include the .env file
02-authorization-hs256 doesn't include the .env file

As I was testing token verification, I found something wired.

First of all, .env.example has a key AUTH0_AUDIENCE for audience, but where it's actually been used has AUTH0_API_AUDIENCE as the key.

• AUTH0_AUDIENCE
• AUTH0_API_AUDIENCE

I tried to read and understand jwt/ruby-jwt, but it doesn't have much explanation about the options part where you put all sorts of things like iss, verify_iss, aud, verify_aud ...

And if I use correct key AUTH0_API_AUDIENCE to use my API identifier, it then fails.

JWT::InvalidAudError: Invalid audience. Expected <MY_IDENTIFIER>, received ["https://dev-n65huqtz.auth0.com/api/v2/", "https://dev-n65huqtz.auth0.com/userinfo"]
from /usr/local/bundle/gems/jwt-2.2.1/lib/jwt/verify.rb:36:in `verify_aud'

I am not exactly sure if my setups are wrong. Hoping someone can explain why

`{aud: nil, verify_aud: true ...}`

options doesn't raise errors, and when I do

`{aud: <MY_IDENTIFIER>, verify_aud: true ...}`

it raises an error.

The API should be listening on port 3010 but instead is running on port 3000, to solve this, the execution instruction should be modified to include the proper port and not the default one

Hey all! Im wondering if you could add some rspec to validate that the token is actually being verified for https://github.com/auth0-samples/auth0-rubyonrails-api-samples/tree/master/01-Authentication-RS256

Thanks!

The "tzinfo-data" gem is required when executing the sample, it's missing from the required packages in the gemfile

I'm starting a new project and I'd rather start with rails 5 than having to migrate later.

Requests to my API are taking close to 1 second/request. Is it ok to save the public key somewhere so I don't hit the Auth0 service every time? Is there an example of caching the public key?

Also, if the public key is saved, how often/when should it be updated?

Thanks