auth0-samples / auth0-rubyonrails-sample Goto Github PK

View Code? Open in Web Editor NEW

51.0 26.0 79.0 492 KB

Auth0 Integration Samples for Ruby on Rails Web Applications

Home Page: https://auth0.com/docs/quickstart/webapp/rails

License: MIT License

quickstart auth0 authentication webapp dx-sdk-quickstart

auth0-rubyonrails-sample's People

Contributors

Stargazers

Watchers

Forkers

mehreencs87 ignaciojonas ashishdasnurkar donell206 izzycode sachinsingh mostekcm leosoubeste rubadeau ll-morooka kewball rowidont vicsant nemus993 sho7650 dbalexandre sschilbe emory agni21 kindur crunchysoul hraynaud y-fujikawa hisenb3rg panczo takeyuweb olee2002 prathap442 mesutcan zsoltbardos zhiephieforks alexisluque jmangelo rjmbatista codestah marknatera nicobobb y-yagi mozyok vladlerena broutmca ssprasad100 kaymaylove rentalname tknzk mattolde michaelpop nunziofiore jinnic bobstrange sergeykoblov naokimi yonyossef davidpatrick danimal141 bibinvenugopal dzrodrigues nilsandrey allison-strandberg yuevo mrsdo joerodrig druwerd kukareka mmena1 bobwalsh thape-cn taylorkearns cc-kawakami isabella232 andrewmnelson zasal1990 luismendes070 sinn22 aetotvl6789 nikukyugamer localexpert iljandi

auth0-rubyonrails-sample's Issues

Ruby in Rails – Redirect to Login

I have been following the tutorial for using Auth0 with Rails here https://auth0.com/docs/quickstart/webapp/rails/01-login

The issue I have is that most Rails applications (and ours is one of them) , if I hit a URL that needs a login, it will redirect me to the login screen, and then upon successful authentication continue on it’s merry journey.

I haven’t found anything in the documentation about how to do that redirect?

I have had to construct a URL myself … that seems to work … but it’s been a bit of trial and error and I would have thought that there was a better Rails way.

state = SecureRandom.hex
session['omniauth.state'] =  state
callback_url = auth_auth0_callback_url
url = "https://#{ApplicationConfig::Auth0::DOMAIN}/authorize?response_type=code&client_id=#{ApplicationConfig::Auth0::CLIENT_ID}&redirect_uri=#{callback_url}&state=#{state}&scope=openid profile email"

So is there a better way of doing this?

Cheers
Shane

Add Auth0 to rails template services

Auth0 is fantastic. I’ve worked on a few Rails implementations. Life would have been much easier if these services were around.

https://www.rubidium.io/

https://railsbytes.com/

I see Devise listed. Hoping evangelists at Auth0 would find interest in setting up some templates here 👍

Redirect to Login

Hello. We're attempting to redirect users to the auth0 login page without a button press. Is this what the redirect route is meant to accomplish? If so, the action seems to be left out of the sample controller.

A similar question was asked in #43, but it's still not clear how to capture the login URL manually.

Docker run issue

i run: docker run -p 3000:3000 auth0-rubyonrails-01

that gives me:

No such file or directory

Fail to start the application with using docker

Hi I've got an error while I was running exec.sh on each examples.

Here is an error on 01_Login.

./exec.sh
Sending build context to Docker daemon 368.1kB
Step 1/10 : FROM ruby:2.7.1
---> 958d3491c09a
Step 2/10 : RUN apt-get update -qq && apt-get install -y build-essential libpq-dev nodejs
---> Using cache
---> 88220990be20
Step 3/10 : RUN mkdir /myapp
---> Using cache
---> 65ece683c8f3
Step 4/10 : WORKDIR /myapp
---> Using cache
---> bec1c20f524f
Step 5/10 : ADD Gemfile /myapp/Gemfile
---> Using cache
---> 24dfd1b7ce58
Step 6/10 : ENV BUNDLER_VERSION 2.1.4
---> Using cache
---> 15eac53f84b3
Step 7/10 : RUN gem install bundler -v ${BUNDLER_VERSION} && bundle install --jobs 20 --retry 5
---> Using cache
---> fe46475a8f73
Step 8/10 : ADD . /myapp
---> Using cache
---> 80b433646440
Step 9/10 : CMD /myapp/bin/rails s -b 0.0.0.0
---> Using cache
---> c8e49dae18dc
Step 10/10 : EXPOSE 3000
---> Using cache
---> 7b49ac976470
Successfully built 7b49ac976470
Successfully tagged auth0-rubyonrails-01:latest
Could not find concurrent-ruby-1.1.6 in any of the sources
Run bundle install to install missing gems.

It's because Gemfile.lock has updated after bundle install and it's not in .dockerignore.
https://github.com/auth0-samples/auth0-rubyonrails-sample/blob/master/01-Login/Dockerfile#L8

outdated dependencies

Sample using outdated version omniauth-auth0 v1.4.1 (up-to-date version is 2.0.0) and auth0-lock v10.0 (up-to-date version is 10.10). (AUTH-3758)

Example not working anymore

gem 'omniauth-rails_csrf_protection', '~> 0.1' needed to be updated to 1.0 in order to work again, else I got token errors.

Dashboard controller test fails

I'm guessing that since you protect the dashboard page with "Secured" module, now if you try to get to the dashboard page it gets the redirected status. I'm wondering how to do the tests for this new behavior?

The one for a log out user, is easy, you know the response will have the redirection
The one for a log in user needs to mock the session hash... how do you do this with auth0??

Deprecation warning during bundle install

After bundle install a deprecation warning is shown.

Regular Web App Ruby On Rails Testing: getting multiples errors after bundle install.

Regular Web App Ruby On Rails Testing:

After 'bundle install' execution, the console shows the errors belows:

Gem fails with bundle install

pg 0.18.4 with native extensions fails:

Gem::Ext::BuildError: ERROR: Failed to build gem native extension.

    current directory: /private/var/folders/7k/fr4d2p4j1gx4gq4dfn86c_180000gn/T/bundler20160729-21579-1vr8vzepg-0.18.4/gems/pg-0.18.4/ext
/usr/local/opt/ruby/bin/ruby -r ./siteconf20160729-21579-93c7ua.rb extconf.rb
checking for pg_config... no
No pg_config... trying anyway. If building fails, please try again with
 --with-pg-config=/path/to/pg_config
checking for libpq-fe.h... no
Can't find the 'libpq-fe.h header
*** extconf.rb failed ***
Could not create Makefile due to some reason, probably lack of necessary
libraries and/or headers.  Check the mkmf.log file for more details.  You may
need configuration options.

Provided configuration options:
        --with-opt-dir
        --with-opt-include
        --without-opt-include=${opt-dir}/include
        --with-opt-lib
        --without-opt-lib=${opt-dir}/lib
        --with-make-prog
        --without-make-prog
        --srcdir=.
        --curdir
        --ruby=/usr/local/Cellar/ruby/2.3.0/bin/$(RUBY_BASE_NAME)
        --with-pg
        --without-pg
        --enable-windows-cross
        --disable-windows-cross
        --with-pg-config
        --without-pg-config
        --with-pg_config
        --without-pg_config
        --with-pg-dir
        --without-pg-dir
        --with-pg-include
        --without-pg-include=${pg-dir}/include
        --with-pg-lib
        --without-pg-lib=${pg-dir}/lib

To see why this extension failed to compile, please check the mkmf.log which can be found here:

  /var/folders/7k/fr4d2p4j1gx4gq4dfn86c_180000gn/T/bundler20160729-21579-1vr8vzepg-0.18.4/extensions/x86_64-darwin-15/2.3.0/pg-0.18.4/mkmf.log

extconf failed, exit code 1

Gem files will remain installed in /var/folders/7k/fr4d2p4j1gx4gq4dfn86c_180000gn/T/bundler20160729-21579-1vr8vzepg-0.18.4/gems/pg-0.18.4 for inspection.
Results logged to /var/folders/7k/fr4d2p4j1gx4gq4dfn86c_180000gn/T/bundler20160729-21579-1vr8vzepg-0.18.4/extensions/x86_64-darwin-15/2.3.0/pg-0.18.4/gem_make.out

sqlite3 error

Thank you for the great example!
I have one error.
Gem::LoadError: Specified 'sqlite3' for database adapter, but the gem is not loaded

How to fix

add sqlite3 version for Gemfile
gem 'sqlite3', '~> 1.3.13'

I'm glad if you can use it as a reference.

Error during rails s.

After Bundle install, when running ´rails s´, got the following error about missing tzinfo-data.

Rails 6 session not persisting Omniauth hash

Hi there, I'm trying to get this sample working for Rails 6.

I can authenticate via Auth0 and the callback is invoked with a payload, but the Rails session isn't updating:

session[:userinfo] = request.env['omniauth.auth']

is executed, but when the browser gets redirected, there's no session.

I've been looking at the PR from @davidpatrick, but no idea if this behaviour is expected or not.

Any ideas? Thanks.

callback_url into multi tenant app

i want to do this:

provider( :auth0, ENV['AUTH0_FRONTEND_CLIENT_ID'], ENV['AUTH0_FRONTEND_SECRET'], ENV['AUTH0_DOMAIN'], callback_path: "/:tenant/auth/auth0/callback", )

is possible?

Outdated gems version (omniauth and omniauth-auth0)

Projects are using a deprecated gems version.
gem omniauth 1.3.1 Latest version: 1.6.1
gem omniauth-auth0 1.4.1' Latest version: 2.0.0

Outdated Lock version

Projects are using an oudated Lock version (10.0.0)
Latest Lock version is: 10.16.0

Authentication failure! Signature verification failed: JWT::VerificationError, Signature verification failed

Hello,

after following this tutorial, I am getting a verification error, at the step where callback url is requested. I already opened an issue under omniauth-auth0 gem but in case you may have an idea what's going on?

Simply what I am doing is, I have an initializer file for Auth0 config, and I have a link with href '/auth/auth0'. That's it. When I click the button, it makes a post request which has 302 respond. Then it makes the '/authorize' call and again a response with 302. Finally when it makes '/callback' request I am getting a verification error, where the log trace is:

jwt (2.7.0) lib/jwt/decode.rb:49:in `verify_signature'
jwt (2.7.0) lib/jwt/decode.rb:30:in `decode_segments'
jwt (2.7.0) lib/jwt.rb:29:in `decode'
omniauth-auth0 (3.1.0) lib/omniauth/auth0/jwt_validator.rb:52:in `decode'
omniauth-auth0 (3.1.0) lib/omniauth/strategies/auth0.rb:140:in `raw_info'
omniauth-auth0 (3.1.0) lib/omniauth/strategies/auth0.rb:69:in `block in <class:Auth0>'
omniauth (2.1.1) lib/omniauth/strategy.rb:109:in `instance_eval'
omniauth (2.1.1) lib/omniauth/strategy.rb:109:in `block in compile_stack'
omniauth (2.1.1) lib/omniauth/strategy.rb:108:in `each'
omniauth (2.1.1) lib/omniauth/strategy.rb:108:in `inject'
omniauth (2.1.1) lib/omniauth/strategy.rb:108:in `compile_stack'
omniauth (2.1.1) lib/omniauth/strategy.rb:102:in `extra_stack'
omniauth (2.1.1) lib/omniauth/strategy.rb:387:in `extra'
omniauth (2.1.1) lib/omniauth/strategy.rb:392:in `auth_hash'
omniauth (2.1.1) lib/omniauth/strategy.rb:417:in `callback_phase'
omniauth-oauth2 (1.8.0) lib/omniauth/strategies/oauth2.rb:93:in `callback_phase'
omniauth-auth0 (3.1.0) lib/omniauth/strategies/auth0.rb:125:in `callback_phase'
omniauth (2.1.1) lib/omniauth/strategy.rb:272:in `callback_call'
omniauth (2.1.1) lib/omniauth/strategy.rb:194:in `call!'
omniauth (2.1.1) lib/omniauth/strategy.rb:169:in `call'
omniauth (2.1.1) lib/omniauth/builder.rb:44:in `call'
rack (2.2.6.4) lib/rack/tempfile_reaper.rb:15:in `call'
rack (2.2.6.4) lib/rack/etag.rb:27:in `call'
rack (2.2.6.4) lib/rack/conditional_get.rb:27:in `call'
rack (2.2.6.4) lib/rack/head.rb:12:in `call'
actionpack (6.1.7.3) lib/action_dispatch/http/permissions_policy.rb:22:in `call'
actionpack (6.1.7.3) lib/action_dispatch/http/content_security_policy.rb:19:in `call'
rack (2.2.6.4) lib/rack/session/abstract/id.rb:266:in `context'
rack (2.2.6.4) lib/rack/session/abstract/id.rb:260:in `call'
actionpack (6.1.7.3) lib/action_dispatch/middleware/cookies.rb:697:in `call'
activerecord (6.1.7.3) lib/active_record/migration.rb:601:in `call'
actionpack (6.1.7.3) lib/action_dispatch/middleware/callbacks.rb:27:in `block in call'
activesupport (6.1.7.3) lib/active_support/callbacks.rb:98:in `run_callbacks'
actionpack (6.1.7.3) lib/action_dispatch/middleware/callbacks.rb:26:in `call'
actionpack (6.1.7.3) lib/action_dispatch/middleware/executor.rb:14:in `call'
actionpack (6.1.7.3) lib/action_dispatch/middleware/actionable_exceptions.rb:18:in `call'
actionpack (6.1.7.3) lib/action_dispatch/middleware/debug_exceptions.rb:29:in `call'
web-console (4.2.0) lib/web_console/middleware.rb:132:in `call_app'
web-console (4.2.0) lib/web_console/middleware.rb:28:in `block in call'
web-console (4.2.0) lib/web_console/middleware.rb:17:in `catch'
web-console (4.2.0) lib/web_console/middleware.rb:17:in `call'
actionpack (6.1.7.3) lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
railties (6.1.7.3) lib/rails/rack/logger.rb:37:in `call_app'
railties (6.1.7.3) lib/rails/rack/logger.rb:26:in `block in call'
activesupport (6.1.7.3) lib/active_support/tagged_logging.rb:99:in `block in tagged'
activesupport (6.1.7.3) lib/active_support/tagged_logging.rb:37:in `tagged'
activesupport (6.1.7.3) lib/active_support/tagged_logging.rb:99:in `tagged'
railties (6.1.7.3) lib/rails/rack/logger.rb:26:in `call'
sprockets-rails (3.4.2) lib/sprockets/rails/quiet_assets.rb:13:in `call'
actionpack (6.1.7.3) lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
actionpack (6.1.7.3) lib/action_dispatch/middleware/request_id.rb:26:in `call'
rack (2.2.6.4) lib/rack/method_override.rb:24:in `call'
rack (2.2.6.4) lib/rack/runtime.rb:22:in `call'
activesupport (6.1.7.3) lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
actionpack (6.1.7.3) lib/action_dispatch/middleware/executor.rb:14:in `call'
actionpack (6.1.7.3) lib/action_dispatch/middleware/static.rb:24:in `call'
rack (2.2.6.4) lib/rack/sendfile.rb:110:in `call'
actionpack (6.1.7.3) lib/action_dispatch/middleware/host_authorization.rb:148:in `call'
rack-mini-profiler (2.3.4) lib/mini_profiler/profiler.rb:393:in `call'
webpacker (5.4.4) lib/webpacker/dev_server_proxy.rb:25:in `perform_request'
rack-proxy (0.7.6) lib/rack/proxy.rb:87:in `call'
railties (6.1.7.3) lib/rails/engine.rb:539:in `call'
puma (5.6.5) lib/puma/configuration.rb:252:in `call'
puma (5.6.5) lib/puma/request.rb:77:in `block in handle_request'
puma (5.6.5) lib/puma/thread_pool.rb:340:in `with_force_shutdown'
puma (5.6.5) lib/puma/request.rb:76:in `handle_request'
puma (5.6.5) lib/puma/server.rb:443:in `process_client'
puma (5.6.5) lib/puma/thread_pool.rb:147:in `block in spawn_thread'

Until this point, I haven't sent any user credentials (email/password) to sign in, I wonder which token signature is unverified?