1

Configure Auth0

To use Auth0 services, you’ll need to have an application set up in the Auth0 Dashboard. The Auth0 application is where you will configure how you want authentication to work for the project you are developing.

Configure an application

Use the interactive selector to create a new Auth0 application or select an existing application that represents the project you want to integrate with. Every application in Auth0 is assigned an alphanumeric, unique client ID that your application code will use to call Auth0 APIs through the SDK.Any settings you configure using this quickstart will automatically update for your Application in the Dashboard, which is where you can manage your Applications in the future.If you would rather explore a complete configuration, you can view a sample application instead.

Configure Callback URLs

A callback URL is a URL in your application that you would like Auth0 to redirect users to after they have authenticated. If not set, users will not be returned to your application after they log in.
If you are following along with our sample project, set this to http://localhost:3000/auth/auth0/callback.

Configure Logout URLs

A logout URL is a URL in your application that you would like Auth0 to redirect users to after they have logged out. If not set, users will not be able to log out from your application and will receive an error.
If you are following along with our sample project, set this to http://localhost:3000.

Configure Allowed Web Origins

An Allowed Web Origin is a URL that you want to be allowed to access to your authentication flow. This must contain the URL of your project. If not properly set, your project will be unable to silently refresh authentication tokens, so your users will be logged out the next time they visit your application or refresh a page.
If you are following along with our sample project, set this to http://localhost:3000.
2

Add dependencies

Use omniauth-auth0, a custom OmniAuth strategy, to handle the authentication flow.Add the following dependencies to your Gemfile:
gem 'omniauth-auth0', '~> 3.0'
gem 'omniauth-rails_csrf_protection', '~> 1.0' # prevents forged authentication requests
Once your gems are added, install the gems with bundle install.
3

Configure the SDK

Create a configuration file ./config/auth0.yml to specify your Auth0 domain, client ID, and client secret values located in your Auth0 Dashboard under application Settings.
4

Configure the OmniAuth middleware

Create the following initializer file ./config/initializers/auth0.rb and configure the OmniAuth middleware with the configuration file you created in the previous step.Ensure that callback_path matches the value given in the “Allowed Callback URLs” setting in your Auth0 application.
5

Add an Auth0 controller

Create an Auth0 controller to handle the authentication callback, logout action, and methods for constructing the logout URL.Run the command: rails generate controller auth0 callback failure logout --skip-assets --skip-helper --skip-routes --skip-template-engine.Inside the callback method, assign the hash of user information - returned as request.env['omniauth.auth'] - to the active session.To configure logout, clear all the objects stored within the session by calling the reset_session method within the logout action. Then, redirect to the Auth0 logout endpoint. To learn more about reset_session, read Ruby on Rails ActionController documentation.
6

Configure routes

Add these routes to your ./config/routes.rb file.Routes must be in place so Rails knows how to route the various Auth0 callback URLs to the Auth0 controller you created in the previous step.
Checkpoint
Run your application to verify it continues to work as intended and you aren’t receive any errors relating to Auth0.
7

Add login to your application

A user can now log into your application by visiting the /auth/auth0 endpoint.
To prevent forged authentication requests, use the link_to or button_to helper methods with the :post method.
<!-- Place a login button anywhere on your application -->
<%= button_to 'Login', '/auth/auth0', method: :post %>
Checkpoint
Add a button to your application that redirects the user to the /auth/auth0 endpoint when selected. Observe that you redirect to Auth0 to log in, and then back to your app after successful authentication.
8

Add logout to your application

Now that you can log in to your Rails application, you need a way to log out. Log out a user by redirecting to the auth/logout action, which redirects them to the Auth0 logout endpoint.
To test this after the previous step, you may need to clear out your session and then redirect the user to the Auth0 logout endpoint.
<!-- Place a logout button anywhere on your application -->
<%= button_to 'Logout', 'auth/logout', method: :get %>
Checkpoint
Add a button to your application that redirects the user to the /auth/logout endpoint when selected. Verify that you redirect to Auth0 and then quickly back to your application, and that you are no longer logged in.
9

Show user profile information

To display the user’s profile, your application should provide a protected route. You can use a Concern to control access to routes that can be shared across multiple controllers. The concern should automatically redirect to Auth0 when the user is unauthenticated. Otherwise, the concern should return the current user profile.Once you have a Concern, include it in any controller that requires a logged-in user. You can then access the user from the session session[:userinfo] as in the following example:
class DashboardController < ApplicationController
include Secured
def show
@user = session[:userinfo]

end
end
Once the user loads from the session, use it to display information in your frontend:
<div>
<p>Normalized User Profile:<%= JSON.pretty_generate(@user[:info])%></p>
<p>Full User Profile:<%= JSON.pretty_generate(@user[:extra][:raw_info])%></p>
</div>
Checkpoint
Add the Secured concern to your app and then include it in the controller that requires an authenticated user to access it. Verify that an authenticated user has access to actions within that controller and that unauthenticated users are redirected to Auth0 for authentication.

Next Steps

Excellent work! If you made it this far, you should now have login, logout, and user profile information running in your application.This concludes our quickstart tutorial, but there is so much more to explore. To learn more about what you can do with Auth0, check out: