Investigate Devise+Omniauth support

[rolodato]

Devise support might be integrated in this gem or in a separate one. Find out which is best.

[Maxim-Filimonov]

Any updates on this one? We are trying to figure out how to make this gem play with devise. No luck so far :\

[erithmetic]

I have a basic devise-auth0 integration here https://github.com/faradayio/devise-auth0

[aouji]

In case anyone is interested, the following worked for me:
in config/initializers/devise.rb:

    config.omniauth :auth0, SETTINGS[:auth0][:client_id], 
                  SETTINGS[:auth0][:client_secret], SETTINGS[:auth0][:domain],
                  callback_path: '/users/auth/auth0/callback'

Then I just added an auth0 action in an AuthenticationController where I get or create user by request.env['omniauth.auth'].uid.
For SSO:

AUTH0_AUTHENTICAITON_URL = "https://#{SETTINGS[:auth0][:domain]}/authorize?client_id=#{SETTINGS[:auth0][:client_id]}&response_type=code&redirect_uri=#{SETTINGS[:protocol]}://#{SETTINGS[:host]}/users/auth/auth0/callback"
AUTH0_LOGOUT_URL = "https://#{SETTINGS[:auth0][:domain]}/v2/logout?returnTo=#{SETTINGS[:protocol]}://#{SETTINGS[:host]}"

On devise side, login action:

  def login_page
    if user_signed_in?
      redirect_to root_path, notice: 'You are already signed in.'
    else
      redirect_to AUTH0_AUTHENTICAITON_URL
    end
  end

To make sure SSO session is terminated, in application controller:

  def after_sign_out_path_for(_)
    "#{AUTH0_LOGOUT_URL}#{super}"
  end

[mdesanti]

@aouji can you give more details on how did you get SSO working? I am getting the following error when auth0 redirects to my page.
Authentication failure! invalid_credentials: OAuth2::Error, unauthorized_client: Unauthorized federated client due to malformed URL: myClientId where myClientId is actually my Auth0 Client Id.

Also, where did you place this code?

  def login_page
    if user_signed_in?
      redirect_to root_path, notice: 'You are already signed in.'
    else
      redirect_to AUTH0_AUTHENTICAITON_URL
    end
  end

Thank you!

[aouji]

@mdesanti Not sure. Are you sure the AUTH0_AUTHENTICAITON_URL is set properly? If you open it in a browser do you get to your company's login page in auth0? If so does the redirect_uri look valid?

[mdesanti]

@aouji I found the reason why the URL was invalid. I'm still uncertain about where to place the code to redirect to AUTH0_AUTHENTICAITON_URL. I'm currently handling that with a custom failure

[aouji]

Sorry I missed your second question. I have set up devise routes as follows:

devise_scope :user do
      get 'login' => 'authentication#login_page', as: :new_user_session
      ...
end

And the login_page action is as in the comment before and is placed in a controller I have called AuthenticationController.
BTW, one thing I didn't mention is that if you want to use Devise session timeout and make sure the auth0 session is destroyed on devise session timeout, you can do it in a custom failure app. Mine looks like this:

class CustomFailureApp < Devise::FailureApp
  def redirect_url
      warden_message == :timeout ? "#{AUTH0_LOGOUT_URL}#{super}" : super
  end
end

[joshcanhelp]

Have not tested this out but there is a wiki page on getting Devise to work with OmniAuth. If there is something we're doing to prevent that from working, we're happy to take a look. Going to close this one for now.