Comments (11)
chrisnicola
commented on July 28, 2024
7
Is there a logical reason why the code for getting the token is not part of this library. It seems rather silly to have to express a Net::HTTP post request directly for this.
from ruby-auth0.
herenow
commented on July 28, 2024
3
I'm currently wrapping this client w/ an object that fetches the token for me. This might also be useful for you:
require 'uri'
require 'net/http'
require 'auth0'
class Auth0Api
def initialize(options = {})
@client_id = options[:client_id] || ENV['AUTH0_CLIENT_ID']
@client_secret = options[:client_secret] || ENV['AUTH0_CLIENT_SECRET']
@domain = options[:domain] || ENV['AUTH0_DOMAIN']
end
def client
@client ||= new_client
end
def token
@token ||= get_token
end
private
def new_client
Auth0Client.new(
client_id: @client_id,
domain: @domain,
token: token,
api_version: 2,
)
end
def get_token
# TODO: Maybe we should cache this api call?
get_token_data['access_token']
end
def get_token_data
url = URI("https://#{@domain}/oauth/token")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request['content-type'] = 'application/json'
request.body = JSON.dump({
grant_type: 'client_credentials',
client_id: @client_id,
client_secret: @client_secret,
audience: "https://#{@domain}/api/v2/",
})
response = http.request(request)
check_http_response!(response)
data = JSON.parse(response.read_body)
data
end
def check_http_response!(response)
unless response.kind_of? Net::HTTPSuccess
puts response.read_body
response.error!
end
end
endYou also need to register an API, set the audience, and authorize you client, or you will receive an error like so:
{"error":"access_denied","error_description":"Client is not authorized to access \"https://mydomain.auth0.com/api/v2/\". You might probably want to create a \"client-grant\" associated to this API. See: https://auth0.com/docs/api/v2#!/ Client_Grants/post_client_grants"}
I just had to register an API and auhtorize my client.
from ruby-auth0.
chrisnicola
commented on July 28, 2024
@herenow your code has the client_secret in the Auth0Client.new method, but I believe you need to pass the token instead.
from ruby-auth0.
herenow
commented on July 28, 2024
@chrisnicola In my case, I needed access to the "management api" to migrate user metadata, so I didn't have a user's access token available, in this case, I believe I had to obtain an "administrative" access token w/ my client's secret.
from ruby-auth0.
chrisnicola
commented on July 28, 2024
I'm confused isn't it enough to just use the token? This is the example from the README:
auth0 = Auth0Client.new(
:client_id => "YOUR CLIENT ID",
:token => "YOUR JWT HERE",
:domain => "<YOUR ACCOUNT>.auth0.com",
:api_version => 2
)
from ruby-auth0.
herenow
commented on July 28, 2024
@chrisnicola Yep, but we first need to get this access token, this tokens are not "api keys", so we need to authenticate via the /oauth/token endpoint and get a fresh token.
Although my code wouldn't make much sense if you already have the access token, maybe from the user's session.
What is your use case? Do you already have the access token?
from ruby-auth0.
chrisnicola
commented on July 28, 2024
No I mean that you need the client_secret to get the token, but not to new up the Auth0Client which does not fetch tokens.
from ruby-auth0.
herenow
commented on July 28, 2024
@chrisnicola You're right! I though you were talking about Auth0Api, confusing names :) But, you're correct, we don't need to pass the client_secret to Auth0Client, I'm removing it now, thanks.
from ruby-auth0.
joshcanhelp
commented on July 28, 2024
Apologies for the late reply here ... we're going to add a native method for this as part of the library implemented here in the next release.
@herenow @chrisnicola - Really appreciate you guys putting together an example for folks to use. The HTTP call to get a token looks good (more generic steps here). One thing to note ... you don't need to create an API if you're trying to access the Management API. The APIs section of the dashboard will have a record for Auth0 Management API, which is the one you'll want to use. As you said, you will need to authorize your Application for that API and make sure that "Client Credentials" is turned on under Application settings > Advanced > Grant Types.
from ruby-auth0.
qortex
commented on July 28, 2024
Jumping a bit late here, but just putting a dummy token here allows to get the token using the gem code:
Auth0Client.new(
client_id: Rails.application.secrets.auth0_client_id,
client_secret: Rails.application.secrets.auth0_api_mtom_client_secret,
domain: Rails.application.secrets.auth0_domain,
token: 'dummy-but-must-be-non-null-because-of-the-gem'
).api_tokenfrom ruby-auth0.
joshcanhelp
commented on July 28, 2024
If you want to use just the Authentication API methods, there is now an example here.
from ruby-auth0.
Related Issues (20)
- Unable to fetch connections with multiple strategy with current implementation HOT 2
- delete_organizations_member_roles should use delete_with_body instead of delete
- IOError: closed stream - Retryable incompatible with users-import endpoint HOT 5
- client_id parameter of Retrieve device credentials API is optional, but client_id argument of device_credentials method is required HOT 4
- I want to generate clients without having to set up credentials in the source code. HOT 1
- RS256 JWKS cache thrashes when using multiple Auth0 clients/tenants in same application. HOT 1
- Auth0Client returns nil value HOT 5
- GET requests are mutating the shared headers causing parameters to leak into subsequent requests HOT 1
- Connections Endpoint is missing `include_totals` parameter HOT 2
- Duplicate Passwordless email HOT 2
- exponential backoff is not applied HOT 1
- validate_id_token fails to validate non-OIDC compliant access tokens due to azp HOT 3
- Update to latest jwt gem version 2.4.* HOT 2
- I want to pass a list of hash as a fields parameter in user exports HOT 1
- Support for exchanging OTP for Access Token HOT 2
- Issues with "Updates all authentication methods by replacing them with the given ones." HOT 1
- Auth0::Api::V2::Actions#actions has prohibited parameters HOT 2
- Move from `rest-client` to `faraday`? HOT 2
- Be able to retry on errors other than Auth0::RateLimitEncountered? HOT 1
- MFA API Bearer token issue HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ruby-auth0.