/ruby-auth0

Ruby toolkit for Auth0 API

Primary LanguageRubyMIT LicenseMIT

ruby-auth0

Ruby API client for the Auth0 platform.

CircleCI Gem Version codecov Yard Docs MIT licensed

📚 Documentation - 🚀 Getting started - 💻 API reference - 💬 Feedback

Documentation

  • API documentation - documentation auto-generated from the code comments that explains all the available features
  • Examples - examples that demonstrate the different ways in which this SDK can be used
  • Docs Site - explore our Docs site and learn more about Auth0

Getting Started

Installation

This gem can be installed directly:

$ gem install auth0

or with Bundler:

bundle add auth0

Usage

Create an instance of Auth0Client to access properties and methods of the authentication and management APIs:

require 'auth0'

client = Auth0Client.new(
  client_id: ENV['AUTH0_RUBY_CLIENT_ID'],
  client_secret: ENV['AUTH0_RUBY_CLIENT_SECRET'],
  domain: ENV['AUTH0_RUBY_DOMAIN'],
  # If you pass in a client_secret value, the SDK will automatically try to get a
  # Management API token for this application. Make sure your Application can make a
  # Client Credentials grant (Application settings in Auth0 > Advanced > Grant Types
  # tab) and that the Application is authorized for the Management API:
  # https://auth0.com/docs/api-auth/config/using-the-auth0-dashboard
  #
  # Otherwise, you can pass in a Management API token directly for testing or temporary
  # access using the key below.
  # token: ENV['AUTH0_RUBY_API_TOKEN'],
  #
  # When passing a token, you can also specify when the token expires in seconds from epoch. Otherwise, expiry is set
  # by default to an hour from now.
  # token_expires_at: Time.now.to_i + 86400
)

If token is omitted, the SDK will attempt to fetch a new token using the client_credentials grant, provided that client_id and client_secret are provided in the configuration. Once the token is about to expire (or has already expired), a new token will be fetched and cached for future calls.

For this to work, ensure your application can make a Client Credentials grant (Application settings in Auth0 > Advanced > Grant Types tab) and that the application is authorized for the Management API: https://auth0.com/docs/api-auth/config/using-the-auth0-dashboard

Authentication API Client

This SDK provides access to Authentication API endpoints with the Auth0::API::AuthenticationEndpoints module.

For basic login capability, we suggest using our OmniAuth stategy detailed here. Other authentication tasks currently supported are:

  • Register a new user with a database connection using the signup method.
  • Redirect a user to the universal login page for authentication using the authorization_url method.
  • Log a user into a highly trusted app with the Resource Owner Password grant using the login method.
  • Exchange an authorization code for an access token on callback using the obtain_user_tokens method (see the note on state validation below).
  • Send a change password email to a database connection user using the change_password method.
  • Log a user out of Auth0 with the logout_url method.

Important note on state validation: If you choose to implement a login flow callback yourself, it is important to generate and store a state value, pass that value to Auth0 in the authorization_url method, and validate it in your callback URL before calling obtain_user_tokens. For more information on state validation, please see our documentation.

Please note that this module implements endpoints that might be deprecated for newer tenants. If you have any questions about how and when the endpoints should be used, consult the documentation or ask in our Community forums.

Management API Client

This SDK provides access to the Management API via modules that help create clear and accurate calls. Most of the interaction is done through the Auth0Client class, instantiated with the required credentials.

For an example of using the management API client to read of users, see the examples document.

Further reading

Feedback

Contributing

We appreciate feedback and contribution to this repo! Before you get started, please see the following:

Raise an issue

To provide feedback or report a bug, please raise an issue on our issue tracker.

Vulnerability Reporting

Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.


Auth0 Logo

Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout Why Auth0?

This project is licensed under the MIT license. See the LICENSE file for more info.