An OmniAuth strategy for authenticating with Auth0. This strategy is based on the OmniAuth OAuth2 strategy.
⚠️ Important security note: This solution uses a 3rd party library with an unresolved security issue(s). Please review the details of the vulnerability, including Auth0 and other recommended mitigations, before implementing the solution.
- Documentation
- Installation
- Getting Started
- Contribution
- Support + Feedback
- Vulnerability Reporting
- What is Auth0
- License
Add the following line to your Gemfile
:
gem 'omniauth-auth0'
If you're using this strategy with Rails, also add the following for CSRF protection:
gem 'omniauth-rails_csrf_protection'
Then install:
$ bundle install
See our contributing guide for information on local installation for development.
To start processing authentication requests, the following steps must be performed:
- Initialize the strategy
- Configure the callback controller
- Add the required routes
- Trigger an authentication request
All of these tasks and more are covered in our Ruby on Rails Quickstart.
To send additional parameters during login, you can specify them when you register the provider:
provider
:auth0,
ENV['AUTH0_CLIENT_ID'],
ENV['AUTH0_CLIENT_SECRET'],
ENV['AUTH0_DOMAIN'],
{
authorize_params: {
scope: 'openid read:users write:order',
audience: 'https://mydomain/api',
max_age: 3600 # time in seconds authentication is valid
}
}
... which will tell the strategy to send those parameters on every authentication request.
The Auth0 strategy will provide the standard OmniAuth hash attributes:
:provider
- the name of the strategy, in this caseauth0
:uid
- the user identifier:info
- the result of the call to/userinfo
using OmniAuth standard attributes:credentials
- tokens requested and data:extra
- Additional info obtained from calling/userinfo
in the:raw_info
property
{
:provider => 'auth0',
:uid => 'auth0|USER_ID',
:info => {
:name => 'John Foo',
:email => '[email protected]',
:nickname => 'john',
:image => 'https://example.org/john.jpg'
},
:credentials => {
:token => 'ACCESS_TOKEN',
:expires_at => 1485373937,
:expires => true,
:refresh_token => 'REFRESH_TOKEN',
:id_token => 'JWT_ID_TOKEN',
:token_type => 'bearer',
},
:extra => {
:raw_info => {
:email => '[email protected]',
:email_verified => 'true',
:name => 'John Foo',
:picture => 'https://example.org/john.jpg',
:user_id => 'auth0|USER_ID',
:nickname => 'john',
:created_at => '2014-07-15T17:19:50.387Z'
}
}
}
In some scenarios, you may need to pass specific query parameters to /authorize
. The following parameters are available to enable this:
connection
connection_scope
prompt
screen_hint
(only relevant to New Universal Login Experience)
Simply pass these query parameters to your OmniAuth redirect endpoint to enable their behavior.
We appreciate feedback and contribution to this repo! Before you get started, please see the following:
- Use Community for usage, questions, specific cases.
- Use Issues here for code-level support and bug reports.
- Paid customers can use Support to submit a trouble ticket for production-affecting issues.
Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
Auth0 helps you to easily:
- implement authentication with multiple identity providers, including social (e.g., Google, Facebook, Microsoft, LinkedIn, GitHub, Twitter, etc), or enterprise (e.g., Windows Azure AD, Google Apps, Active Directory, ADFS, SAML, etc.)
- log in users with username/password databases, passwordless, or multi-factor authentication
- link multiple user accounts together
- generate signed JSON Web Tokens to authorize your API calls and flow the user identity securely
- access demographics and analytics detailing how, when, and where users are logging in
- enrich user profiles from other data sources using customizable JavaScript rules
The OmniAuth Auth0 strategy is licensed under MIT - LICENSE