/omniauth-auth0

Omniauth strategy for the Auth0 platform.

Primary LanguageRubyMIT LicenseMIT

Build Status

OmniAuth Auth0

This is the official OmniAuth strategy for authenticating to Auth0.

Installing

Add to your Gemfile:

gem 'omniauth-auth0'

Then bundle install.

Usage

Rails

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :auth0, ENV['AUTH0_CLIENT_ID'], ENV['AUTH0_CLIENT_SECRET'], ENV['AUTH0_DOMAIN']
end

Then to redirect to your tenant's hosted login page:

redirect_to '/auth/auth0'

Sinatra

use OmniAuth::Builder do
  provider :auth0, ENV['AUTH0_CLIENT_ID'], ENV['AUTH0_CLIENT_SECRET'], ENV['AUTH0_DOMAIN']
end

Then to redirect to your tenant's hosted login page:

redirect to('/auth/auth0')

You can customize your hosted login page in your Auth0 Dashboard

Auth parameters

To send additional parameters during login you can specify them when you register the provider

provider 
  :auth0,
  ENV['AUTH0_CLIENT_ID'],
  ENV['AUTH0_CLIENT_SECRET'],
  ENV['AUTH0_DOMAIN'],
  {
    authorize_params: {
      scope: 'openid read:users write:order',
      audience: 'https://mydomain/api'
    }
  }

that will tell it to send those parameters on every Auth request.

Or you can do it for a specific Auth request by adding them in the query parameter of the redirect url:

redirect_to '/auth/auth0?connection=google-oauth2'

Auth Hash

Auth0 strategy will have the standard OmniAuth hash attributes:

  • provider: the name of the strategy, in this case auth0
  • uid: the user identifier
  • info: the result of the call to /userinfo using OmniAuth standard attributes
  • credentials: Auth0 tokens, at least will have an access_token but can eventually have refresh_token and/or id_token
  • extra: Additional info obtained from calling /userinfo in the attribute raw_info
	{
	  :provider => 'auth0',
	  :uid => 'google-oauth2|this-is-the-google-id',
	  :info => {
	    :name => 'John Foo',
	    :email => 'johnfoo@example.org',
	    :nickname => 'john',
	    :image => 'https://example.org/john.jpg'
	  },
	  :credentials => {
	    :token => 'XdDadllcas2134rdfdsI',
	    :expires_at => 1485373937,
        :expires => true,
        :refresh_token => 'aKNajdjfj123nBasd',
	    :id_token => 'eyJhbGciOiJIUzI1NiIsImN0eSI6IkpXVCJ9.eyJuYW1lIjoiSm9obiBGb28ifQ.lxAiy1rqve8ZHQEQVehUlP1sommPHVJDhgPgFPnDosg',
	    :token_type => 'bearer',
	  },
	  :extra => {
	    :raw_info => {
	      :email => 'johnfoo@example.org',
	      :email_verified => 'true',
	      :name => 'John Foo',
	      :picture => 'https://example.org/john.jpg',
	      :user_id => 'google-oauth2|this-is-the-google-id',
	      :nickname => 'john',
	      :created_at: '2014-07-15T17:19:50.387Z'
	    }
	  }
	}

ActionDispatch::Cookies::CookieOverflow issue

If you are getting this error it means that you are using Cookie sessions and since you are storing the whole profile it overflows the max-size of 4K.

You can change to use In-Memory store for development as follows:

# /config/initializers/session_store.rb
CrazyApp::Application.config.session_store :cache_store

# /config/environments/development.rb
config.cache_store = :memory_store

Documentation

For more information about auth0 contact our documentation page.

Issue Reporting

If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

Author

Auth0

License

This project is licensed under the MIT license. See the LICENSE file for more info.