I'm setting up a rails app that has Active Admin using devise and I'm trying to add an OmniAuth authentication using Auth0.
I've installed the gem 'omniauth-auth0', '~> 2.2'
.
I've added the callback controller and routes.
I've added the middleware initializer (note that the AUTH_CLIENT_SECRET
is null)
# config/initializers/auth0.rb
Rails.application.config.middleware.use OmniAuth::Builder do
provider(
:auth0,
ENV.fetch('AUTH0_CLIENT_ID'),
ENV.fetch('AUTH0_CLIENT_SECRET'),
ENV.fetch('AUTH0_DOMAIN'),
callback_path: '/auth/auth0/callback'
)
end
My devise initilizer has nothing related to OAuth.
The view has the code:
<div class="oauth hidden">
<div id="root" style="width: 320px; margin: 40px auto; padding: 10px; border-style: dashed; border-width: 1px; box-sizing: border-box;">
embedded area
</div>
<script src="https://cdn.auth0.com/js/lock/10.2/lock.min.js"></script>
<script>
var lock = new Auth0Lock(
'<%= ENV.fetch('AUTH0_CLIENT_ID') %>',
'<%= ENV.fetch('AUTH0_DOMAIN') %>', {
container: 'root',
auth: {
redirectUrl: '<%=ENV.fetch('AUTH0_CALLBACK_URL') %>',
responseType: 'code',
params: {
scope: 'openid profile email' // Learn about scopes: https://auth0.com/docs/scopes
}
}
});
lock.show();
</script>
</div>
And the controller has:
module Api
class Auth0Controller < ApplicationController
def callback
# This stores all the user information that came from Auth0
# and the IdP
session[:userinfo] = request.env['omniauth.auth']
# Redirect to the URL you want after successful auth
redirect_to admin_dashboard_url
end
def failure
# show a failure page or redirect to an error page
@error_msg = request.params['message']
end
end
end
Now, it seems like the middleware is not working as it should. The callback from the Auth0 server has a url parameter like this: code=XXXXXXXXXXXX
and in the callback action and the value of request.env['omniauth.auth']
is nil.
What am I doing wrong?
I've found the problems:
config/initializers/auth0.rb
should account for that like: /api/auth/auth0/callback
. admin_user
model was omniauthable and it was overriding the routes defined for the callbacks.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.