Docs

Ruby On Rails: Login

View on Github
Tutorials

Ruby On Rails: Login

Gravatar for andres.aguiar@auth0.com
By Andres Aguiar
Auth0

This tutorial demonstrates how to add user login to a Ruby on Rails application. We recommend you to Log in to follow this quickstart with examples configured for your account.

Or

I want to explore a sample app

2 minutes

Get a sample configured with your account settings or check it out on Github.

View on Github
System requirements: Ruby 2.3.1+ | Rails 5.0.0+ or Rails 4.2.0+

New to Auth? Learn How Auth0 works, how it integrates with Regular Web Applications and which protocol it uses.

Configure Auth0

Get Your Application Keys

When you signed up for Auth0, a new application was created for you, or you could have created a new one.

You will need some details about that application to communicate with Auth0. You can get these details from the Application Settings section in the Auth0 dashboard.

You need the following information:

  • Domain
  • Client ID
  • Client Secret

If you download the sample from the top of this page these details are filled out for you.

If you have more than one application in your account, the sample comes with the values for your Default App.

App Dashboard

Configure Callback URLs

A callback URL is a URL in your application where Auth0 redirects the user after they have authenticated.

The callback URL for your app must be whitelisted in the Allowed Callback URLs field in your Application Settings. If this field is not set, users will be unable to log in to the application and will get an error.

If you are following along with the sample project you downloaded from the top of this page, the callback URL you need to whitelist in the Allowed Callback URLs field is http://localhost:3000/auth/auth0/callback.

Configure Logout URLs

A logout URL is a URL in your application that Auth0 can return to after the user has been logged out of the authorization server. This is specified in the returnTo query parameter.

The logout URL for your app must be whitelisted in the Allowed Logout URLs field in your Application Settings. If this field is not set, users will be unable to log out from the application and will get an error.

If you are following along with the sample project you downloaded from the top of this page, the logout URL you need to whitelist in the Allowed Logout URLs field is http://localhost:3000.

Configure Rails to Use Auth0

Install the Dependencies

To follow along with this guide, add the following dependencies to your Gemfile and run bundle install.

If you are using Windows, uncomment the tzinfo-data gem in the Gemfile.

Initialize Omniauth Auth0

Create a file named auth0.rb under config/initializers and configure the OmniAuth middleware in it.

This tutorial uses omniauth-auth0, a custom OmniAuth strategy.

Add the Auth0 Callback Handler

Use the following command to create the controller that will handle the Auth0 callback:

In the newly created controller, add success and failure callback handlers.

Replace the generated routes with the following:

Trigger Authentication

We need a way for users to trigger authentication. Add a link to /auth/auth0 anywhere in an existing template or use the steps below to generate a homepage in a new app.

Run the following command to generate the homepage controller and views:

Add the following to the generated show.html.erb file:

Finally, point the root path to generated controller:

Run bin/rails server and go to localhost:3000 in your browser. You should see the Auth0 logo and a link to log in.

Check the User's Authentication Status

You can use a controller concern to control access to routes that require the user to be authenticated:

Now generate a controller for the dashboard view that users will see once they are authenticated:

Include the concern in the this new controller to prevent unauthenticated users from accessing its routes:

Add the session data for userinfo to the dashboard view to see what is returned:

Finally, adjust your routes to point /dashboard to this new, secured controller:

With the Rails server still running, go to localhost:3000/dashboard in your browser and you should be redirected to the homepage.

Click the Login link and log in or sign up. Accept the consent modal that appears (for localhost only) and you should end up on at /dashboard with your user info showing.

Display Error Descriptions

Configure the application to display errors by adding the following to the production environment config:

Troubleshooting

This error means that a cookie session is being used and because the whole profile is being stored, it overflows the max-size of 4 kb. If you are unable to access the user profile and you get an error similar to NoMethodError, undefined method '[]' for nil:NilClass, try using In-Memory store for development.

Go to /config/initializers/session_store.rb and add the following:

Go to /config/environments/development.rb and add the following:

It is recommended that a memory store such as MemCached being used for production applications.

SSL Issues

Under some configurations, Ruby may not be able to find certification authority certificates (CA certs).

Download the CA certs bundle to the project directory:

Add this initializer to config/initializers/fix_ssl.rb:

"failure message=invalid_credentials"

This issue doesn't occur when working locally but may happen in a staging or production environment. The error message may be displayed as:

To solve this, add the following to config/environments/staging.rb or production.rb:

Substitute http://www.example.com with the actual URL you'll be using in your application.

Did it work?
Any suggestion or typo? Edit on GitHub
Use Auth0 for FREE