auth0-samples / auth0-rubyonrails-sample Goto Github PK

View Code? Open in Web Editor NEW

51.0 28.0 79.0 492 KB

Auth0 Integration Samples for Ruby on Rails Web Applications

Home Page: https://auth0.com/docs/quickstart/webapp/rails

License: MIT License

quickstart auth0 authentication webapp dx-sdk-quickstart

auth0-rubyonrails-sample's Introduction

Auth0 + Ruby on Rails WebApp Seed + Samples

This project goal is to help integrating Auth0 capabilities in your Ruby on Rails application.

You can learn more about the seed project and sample in the Auth0 Rails quickstart.

What is Auth0?

Auth0 helps you to:

Add authentication with multiple authentication sources, either social like Google, Facebook, Microsoft Account, LinkedIn, GitHub, Twitter, Box, Salesforce, amont others, or enterprise identity systems like Windows Azure AD, Google Apps, Active Directory, ADFS or any SAML Identity Provider.
Add authentication through more traditional username/password databases.
Add support for linking different user accounts with the same user.
Support for generating signed Json Web Tokens to call your APIs and flow the user identity securely.
Analytics of how, when and where users are logging in.
Pull data from other sources and add it to the user profile, through JavaScript rules.

Create a free Auth0 account

Go to Auth0 and click Sign Up.
Use Google, GitHub or Microsoft Account to login.

Issue Reporting

If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

Author

Auth0

License

This project is licensed under the MIT license. See the LICENSE file for more info.

auth0-rubyonrails-sample's People

Contributors

Stargazers

Watchers

auth0-rubyonrails-sample's Issues

In the readme file, it doesn't mention that you have to add the allowed callback URL in the dashboard

As an improvement, the readme file should mention that the Allowed Callback URL should be added in the client settings in the Auth0's Dashboard,

if is not added, it shows a "opss something went wrong"

callback_url into multi tenant app

i want to do this:

provider( :auth0, ENV['AUTH0_FRONTEND_CLIENT_ID'], ENV['AUTH0_FRONTEND_SECRET'], ENV['AUTH0_DOMAIN'], callback_path: "/:tenant/auth/auth0/callback", )

is possible?

Gem fails with bundle install

pg 0.18.4 with native extensions fails:

Gem::Ext::BuildError: ERROR: Failed to build gem native extension.

    current directory: /private/var/folders/7k/fr4d2p4j1gx4gq4dfn86c_180000gn/T/bundler20160729-21579-1vr8vzepg-0.18.4/gems/pg-0.18.4/ext
/usr/local/opt/ruby/bin/ruby -r ./siteconf20160729-21579-93c7ua.rb extconf.rb
checking for pg_config... no
No pg_config... trying anyway. If building fails, please try again with
 --with-pg-config=/path/to/pg_config
checking for libpq-fe.h... no
Can't find the 'libpq-fe.h header
*** extconf.rb failed ***
Could not create Makefile due to some reason, probably lack of necessary
libraries and/or headers.  Check the mkmf.log file for more details.  You may
need configuration options.

Provided configuration options:
        --with-opt-dir
        --with-opt-include
        --without-opt-include=${opt-dir}/include
        --with-opt-lib
        --without-opt-lib=${opt-dir}/lib
        --with-make-prog
        --without-make-prog
        --srcdir=.
        --curdir
        --ruby=/usr/local/Cellar/ruby/2.3.0/bin/$(RUBY_BASE_NAME)
        --with-pg
        --without-pg
        --enable-windows-cross
        --disable-windows-cross
        --with-pg-config
        --without-pg-config
        --with-pg_config
        --without-pg_config
        --with-pg-dir
        --without-pg-dir
        --with-pg-include
        --without-pg-include=${pg-dir}/include
        --with-pg-lib
        --without-pg-lib=${pg-dir}/lib

To see why this extension failed to compile, please check the mkmf.log which can be found here:

  /var/folders/7k/fr4d2p4j1gx4gq4dfn86c_180000gn/T/bundler20160729-21579-1vr8vzepg-0.18.4/extensions/x86_64-darwin-15/2.3.0/pg-0.18.4/mkmf.log

extconf failed, exit code 1

Gem files will remain installed in /var/folders/7k/fr4d2p4j1gx4gq4dfn86c_180000gn/T/bundler20160729-21579-1vr8vzepg-0.18.4/gems/pg-0.18.4 for inspection.
Results logged to /var/folders/7k/fr4d2p4j1gx4gq4dfn86c_180000gn/T/bundler20160729-21579-1vr8vzepg-0.18.4/extensions/x86_64-darwin-15/2.3.0/pg-0.18.4/gem_make.out

outdated dependencies

Sample using outdated version omniauth-auth0 v1.4.1 (up-to-date version is 2.0.0) and auth0-lock v10.0 (up-to-date version is 10.10). (AUTH-3758)

Authentication failure! Signature verification failed: JWT::VerificationError, Signature verification failed

Hello,

after following this tutorial, I am getting a verification error, at the step where callback url is requested. I already opened an issue under omniauth-auth0 gem but in case you may have an idea what's going on?

Simply what I am doing is, I have an initializer file for Auth0 config, and I have a link with href '/auth/auth0'. That's it. When I click the button, it makes a post request which has 302 respond. Then it makes the '/authorize' call and again a response with 302. Finally when it makes '/callback' request I am getting a verification error, where the log trace is:

jwt (2.7.0) lib/jwt/decode.rb:49:in `verify_signature'
jwt (2.7.0) lib/jwt/decode.rb:30:in `decode_segments'
jwt (2.7.0) lib/jwt.rb:29:in `decode'
omniauth-auth0 (3.1.0) lib/omniauth/auth0/jwt_validator.rb:52:in `decode'
omniauth-auth0 (3.1.0) lib/omniauth/strategies/auth0.rb:140:in `raw_info'
omniauth-auth0 (3.1.0) lib/omniauth/strategies/auth0.rb:69:in `block in <class:Auth0>'
omniauth (2.1.1) lib/omniauth/strategy.rb:109:in `instance_eval'
omniauth (2.1.1) lib/omniauth/strategy.rb:109:in `block in compile_stack'
omniauth (2.1.1) lib/omniauth/strategy.rb:108:in `each'
omniauth (2.1.1) lib/omniauth/strategy.rb:108:in `inject'
omniauth (2.1.1) lib/omniauth/strategy.rb:108:in `compile_stack'
omniauth (2.1.1) lib/omniauth/strategy.rb:102:in `extra_stack'
omniauth (2.1.1) lib/omniauth/strategy.rb:387:in `extra'
omniauth (2.1.1) lib/omniauth/strategy.rb:392:in `auth_hash'
omniauth (2.1.1) lib/omniauth/strategy.rb:417:in `callback_phase'
omniauth-oauth2 (1.8.0) lib/omniauth/strategies/oauth2.rb:93:in `callback_phase'
omniauth-auth0 (3.1.0) lib/omniauth/strategies/auth0.rb:125:in `callback_phase'
omniauth (2.1.1) lib/omniauth/strategy.rb:272:in `callback_call'
omniauth (2.1.1) lib/omniauth/strategy.rb:194:in `call!'
omniauth (2.1.1) lib/omniauth/strategy.rb:169:in `call'
omniauth (2.1.1) lib/omniauth/builder.rb:44:in `call'
rack (2.2.6.4) lib/rack/tempfile_reaper.rb:15:in `call'
rack (2.2.6.4) lib/rack/etag.rb:27:in `call'
rack (2.2.6.4) lib/rack/conditional_get.rb:27:in `call'
rack (2.2.6.4) lib/rack/head.rb:12:in `call'
actionpack (6.1.7.3) lib/action_dispatch/http/permissions_policy.rb:22:in `call'
actionpack (6.1.7.3) lib/action_dispatch/http/content_security_policy.rb:19:in `call'
rack (2.2.6.4) lib/rack/session/abstract/id.rb:266:in `context'
rack (2.2.6.4) lib/rack/session/abstract/id.rb:260:in `call'
actionpack (6.1.7.3) lib/action_dispatch/middleware/cookies.rb:697:in `call'
activerecord (6.1.7.3) lib/active_record/migration.rb:601:in `call'
actionpack (6.1.7.3) lib/action_dispatch/middleware/callbacks.rb:27:in `block in call'
activesupport (6.1.7.3) lib/active_support/callbacks.rb:98:in `run_callbacks'
actionpack (6.1.7.3) lib/action_dispatch/middleware/callbacks.rb:26:in `call'
actionpack (6.1.7.3) lib/action_dispatch/middleware/executor.rb:14:in `call'
actionpack (6.1.7.3) lib/action_dispatch/middleware/actionable_exceptions.rb:18:in `call'
actionpack (6.1.7.3) lib/action_dispatch/middleware/debug_exceptions.rb:29:in `call'
web-console (4.2.0) lib/web_console/middleware.rb:132:in `call_app'
web-console (4.2.0) lib/web_console/middleware.rb:28:in `block in call'
web-console (4.2.0) lib/web_console/middleware.rb:17:in `catch'
web-console (4.2.0) lib/web_console/middleware.rb:17:in `call'
actionpack (6.1.7.3) lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
railties (6.1.7.3) lib/rails/rack/logger.rb:37:in `call_app'
railties (6.1.7.3) lib/rails/rack/logger.rb:26:in `block in call'
activesupport (6.1.7.3) lib/active_support/tagged_logging.rb:99:in `block in tagged'
activesupport (6.1.7.3) lib/active_support/tagged_logging.rb:37:in `tagged'
activesupport (6.1.7.3) lib/active_support/tagged_logging.rb:99:in `tagged'
railties (6.1.7.3) lib/rails/rack/logger.rb:26:in `call'
sprockets-rails (3.4.2) lib/sprockets/rails/quiet_assets.rb:13:in `call'
actionpack (6.1.7.3) lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
actionpack (6.1.7.3) lib/action_dispatch/middleware/request_id.rb:26:in `call'
rack (2.2.6.4) lib/rack/method_override.rb:24:in `call'
rack (2.2.6.4) lib/rack/runtime.rb:22:in `call'
activesupport (6.1.7.3) lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
actionpack (6.1.7.3) lib/action_dispatch/middleware/executor.rb:14:in `call'
actionpack (6.1.7.3) lib/action_dispatch/middleware/static.rb:24:in `call'
rack (2.2.6.4) lib/rack/sendfile.rb:110:in `call'
actionpack (6.1.7.3) lib/action_dispatch/middleware/host_authorization.rb:148:in `call'
rack-mini-profiler (2.3.4) lib/mini_profiler/profiler.rb:393:in `call'
webpacker (5.4.4) lib/webpacker/dev_server_proxy.rb:25:in `perform_request'
rack-proxy (0.7.6) lib/rack/proxy.rb:87:in `call'
railties (6.1.7.3) lib/rails/engine.rb:539:in `call'
puma (5.6.5) lib/puma/configuration.rb:252:in `call'
puma (5.6.5) lib/puma/request.rb:77:in `block in handle_request'
puma (5.6.5) lib/puma/thread_pool.rb:340:in `with_force_shutdown'
puma (5.6.5) lib/puma/request.rb:76:in `handle_request'
puma (5.6.5) lib/puma/server.rb:443:in `process_client'
puma (5.6.5) lib/puma/thread_pool.rb:147:in `block in spawn_thread'

Until this point, I haven't sent any user credentials (email/password) to sign in, I wonder which token signature is unverified?

Error during rails s.

After Bundle install, when running ´rails s´, got the following error about missing tzinfo-data.

Deprecation warning during bundle install

After bundle install a deprecation warning is shown.

Outdated Lock version

Projects are using an oudated Lock version (10.0.0)
Latest Lock version is: 10.16.0

There's no step 3 in this sample

Jumps directly to 4

Regular Web App Ruby On Rails Testing: getting multiples errors after bundle install.

Regular Web App Ruby On Rails Testing:

After 'bundle install' execution, the console shows the errors belows:

Rails 6 session not persisting Omniauth hash

Hi there, I'm trying to get this sample working for Rails 6.

I can authenticate via Auth0 and the callback is invoked with a payload, but the Rails session isn't updating:

session[:userinfo] = request.env['omniauth.auth']

is executed, but when the browser gets redirected, there's no session.

I've been looking at the PR from @davidpatrick, but no idea if this behaviour is expected or not.

Any ideas? Thanks.

Docker run issue

i run: docker run -p 3000:3000 auth0-rubyonrails-01

that gives me:

No such file or directory

Fail to start the application with using docker

Hi I've got an error while I was running exec.sh on each examples.

Here is an error on 01_Login.

./exec.sh
Sending build context to Docker daemon 368.1kB
Step 1/10 : FROM ruby:2.7.1
---> 958d3491c09a
Step 2/10 : RUN apt-get update -qq && apt-get install -y build-essential libpq-dev nodejs
---> Using cache
---> 88220990be20
Step 3/10 : RUN mkdir /myapp
---> Using cache
---> 65ece683c8f3
Step 4/10 : WORKDIR /myapp
---> Using cache
---> bec1c20f524f
Step 5/10 : ADD Gemfile /myapp/Gemfile
---> Using cache
---> 24dfd1b7ce58
Step 6/10 : ENV BUNDLER_VERSION 2.1.4
---> Using cache
---> 15eac53f84b3
Step 7/10 : RUN gem install bundler -v ${BUNDLER_VERSION} && bundle install --jobs 20 --retry 5
---> Using cache
---> fe46475a8f73
Step 8/10 : ADD . /myapp
---> Using cache
---> 80b433646440
Step 9/10 : CMD /myapp/bin/rails s -b 0.0.0.0
---> Using cache
---> c8e49dae18dc
Step 10/10 : EXPOSE 3000
---> Using cache
---> 7b49ac976470
Successfully built 7b49ac976470
Successfully tagged auth0-rubyonrails-01:latest
Could not find concurrent-ruby-1.1.6 in any of the sources
Run bundle install to install missing gems.

It's because Gemfile.lock has updated after bundle install and it's not in .dockerignore.
https://github.com/auth0-samples/auth0-rubyonrails-sample/blob/master/01-Login/Dockerfile#L8

Dashboard controller test fails

I'm guessing that since you protect the dashboard page with "Secured" module, now if you try to get to the dashboard page it gets the redirected status. I'm wondering how to do the tests for this new behavior?

The one for a log out user, is easy, you know the response will have the redirection
The one for a log in user needs to mock the session hash... how do you do this with auth0??

Outdated gems version (omniauth and omniauth-auth0)

Projects are using a deprecated gems version.
gem omniauth 1.3.1 Latest version: 1.6.1
gem omniauth-auth0 1.4.1' Latest version: 2.0.0

Redirect to Login

Hello. We're attempting to redirect users to the auth0 login page without a button press. Is this what the redirect route is meant to accomplish? If so, the action seems to be left out of the sample controller.

A similar question was asked in #43, but it's still not clear how to capture the login URL manually.

Add Auth0 to rails template services

Auth0 is fantastic. I’ve worked on a few Rails implementations. Life would have been much easier if these services were around.

https://www.rubidium.io/

https://railsbytes.com/

I see Devise listed. Hoping evangelists at Auth0 would find interest in setting up some templates here 👍

Ruby in Rails – Redirect to Login

I have been following the tutorial for using Auth0 with Rails here https://auth0.com/docs/quickstart/webapp/rails/01-login

The issue I have is that most Rails applications (and ours is one of them) , if I hit a URL that needs a login, it will redirect me to the login screen, and then upon successful authentication continue on it’s merry journey.

I haven’t found anything in the documentation about how to do that redirect?

I have had to construct a URL myself … that seems to work … but it’s been a bit of trial and error and I would have thought that there was a better Rails way.

state = SecureRandom.hex
session['omniauth.state'] =  state
callback_url = auth_auth0_callback_url
url = "https://#{ApplicationConfig::Auth0::DOMAIN}/authorize?response_type=code&client_id=#{ApplicationConfig::Auth0::CLIENT_ID}&redirect_uri=#{callback_url}&state=#{state}&scope=openid profile email"

So is there a better way of doing this?

Cheers
Shane

sqlite3 error

Thank you for the great example!
I have one error.
Gem::LoadError: Specified 'sqlite3' for database adapter, but the gem is not loaded

How to fix

add sqlite3 version for Gemfile
gem 'sqlite3', '~> 1.3.13'

I'm glad if you can use it as a reference.

Example not working anymore

gem 'omniauth-rails_csrf_protection', '~> 0.1' needed to be updated to 1.0 in order to work again, else I got token errors.